{ "Event": { "published": true, "date": "2022-03-22", "threat_level_id": 2, "info": "MalwareBazaar malware samples for 2022-03-22", "timestamp": 1647993781, "analysis": 1, "event_creator_email": "bazaar@abuse.ch", "distribution": 3, "uuid": "7134f6ac-2da6-4dd7-bcd6-ba2d0925efd6", "Orgc": { "name": "abuse.ch", "uuid": "9b086132-8588-49ed-97fd-8578a777822c" }, "Tag": [ { "colour": "#004646", "name": "type:OSINT" }, { "colour": "#fffff", "name": "tlp:white" } ], "Object": [ { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "31d90a65-aa0f-11ec-9275-42010a9c0029", "comment": "Malware payload (FormBook)", "timestamp": 1647974277, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647974277, "uuid": "191387e2-23f3-47d5-966a-9a1485b005e6", "comment": "Malware payload (FormBook)", "value": "9b8777d6ba475375192d894fb7bab76a", "object_relation": "md5", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647974277, "uuid": "c1c94655-c012-4dfe-b90e-57af6a7df0e5", "comment": "Malware payload (FormBook)", "value": "00d73f1d61efc0d907030191c3953dd239de9aded5c6cc4029262127ce1e209e", "object_relation": "sha256", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647974277, "uuid": "3603021a-3f73-4c47-b701-e348565a197f", "comment": "Malware payload (FormBook)", "value": "33adea5bad24fb8cc6a0a49aaef119e944d7ad2f", "object_relation": "sha1", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647974277, "uuid": "3f5424c8-f155-433f-bd15-117a61ce4f22", "comment": "Malware payload (FormBook)", "value": "760e9ebe6df60303ae7eb1f9b48996a20902628a0c54a9fe745e0f90b1c10f18ca7cafac8600b96b12e6bb241fd1cd99", "object_relation": "sha3-384", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647974277, "uuid": "3689e8ff-8779-4dfd-a0ea-ea83e60ab5f0", "value": "T11A35BF92F6925433D6331D348C1BB7689969BF102E38A44B3BF45D4C6F3A780BD252A7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647974277, "uuid": "2c35d8d3-72f9-487c-ae47-98b6f39c79a1", "value": "d8f60ca1875964a961eb776244c39814", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647974277, "uuid": "f99afe20-5275-461c-9dae-8a4ccebf2e77", "value": "24576:3GkQ9ftdUDQVYxNEeFgbTRUFau59fXwQlEeK320dkgbUhAviHW8OLxZdPYk:2D/zLK9tFH47pYk", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647974277, "uuid": "dac42453-3200-4766-92d8-cfa9308defe9", "value": 1098240, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647974277, "uuid": "824ec14f-4945-4bae-853b-8ba97b62b566", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647974277, "uuid": "5b2ad59e-6aa0-4331-b063-b40ed3cfe5c1", "value": "DHL_Express_shipment_Confirmation_BJ4410517000124.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b44a8868-a9df-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647953880, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647953880, "uuid": "9de6f480-d56b-4373-a697-44cccdb8ad7e", "comment": "Malware payload (Heodo)", "value": "27b5ad31b61a776c96663fc0805b1530", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647953880, "uuid": "4337a08a-3a89-484f-9334-ff7f3ed5279f", "comment": "Malware payload (Heodo)", "value": "00dc35a810fba2a331b84b786639289395b2284e7e161dc72b69909d6b29ba77", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647953880, "uuid": "4507cd1d-7023-471f-9ba6-d125a2f1190a", "comment": "Malware payload (Heodo)", "value": "6e003007e05d4c326a6600b36ee955dde1b59ee1", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647953880, "uuid": "bcb50438-a806-4d81-add1-207b51b059e3", "comment": "Malware payload (Heodo)", "value": "2b967d5709d74282c60ec1a191c87d44c9f73f92edea37d8682f882ea954e78ba69f4281726632224f2dfd26a78df099", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647953880, "uuid": "671f293e-cda3-49a1-a2b6-e8314cb57963", "value": "T16D25AE223AC5C07BD2BF16364506AB6E62F5FD304B359AD76BD02BAD6E345C28735302", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647953880, "uuid": "9d19db4d-8a92-4d19-bb36-1a73d38bb6eb", "value": "c43d7d6aae03def404d4e73d7d3f62eb", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647953880, "uuid": "ec441731-e322-48da-a73b-b7bfb624d536", "value": "12288:3EfTTMN0tPXuuddE6R4eehQv1mR4z+Z1nQ2v02gesq3MOeqxyo8:3EfTfvuaR4rhQdmuqU3HcMOeWyB", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647953880, "uuid": "22914ad3-c05f-4a50-bc1f-ac3c08d89399", "value": 1036288, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647953880, "uuid": "369a9c19-abbb-4950-882f-d3eb388cf0d1", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647953880, "uuid": "d39a261d-5fc3-41ce-a94f-6f747eec396f", "value": "00dc35a810fba2a331b84b786639289395b2284e7e161dc72b69909d6b29ba77", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3feb152f-a9ea-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647958410, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958410, "uuid": "9e389e90-3590-48fb-b898-41c6432668c5", "comment": "Malware payload (Heodo)", "value": "c8b1816de684a8c9a6dd42ca006504fc", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958410, "uuid": "753319f0-ef4f-484b-9daf-5643e900e43f", "comment": "Malware payload (Heodo)", "value": "01906d32374af5356699b1c8fc708058b0645335ffa13340410b89d104bb46e3", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958410, "uuid": "5f5a4bcd-becd-46cb-9416-eaae3626deba", "comment": "Malware payload (Heodo)", "value": "34abff93f916d63c9ebe450be2ba7fc1a9e70ba2", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958410, "uuid": "f6b49fa5-76f9-4203-bce4-335b04b8c70b", "comment": "Malware payload (Heodo)", "value": "fd52bf44f2135a5e374c58a32ec574b607dee80897e57e221af7b8db8f2b263da2f8d01792081454a83f52956205b00c", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958410, "uuid": "19ecb82d-a2d2-4bb0-b301-ed448d23702d", "value": "T175059C596B46C0F2C3B53CF0182A42B11D9AFAF2C7B7023B9E84167D9A70DC17768D5A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958410, "uuid": "a11ac479-54c8-4621-addf-674dc6fdf3a3", "value": "cd97bd977cef263c697f451ae2c47380", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958410, "uuid": "d95d194c-c617-46ef-96e1-e46cf997f4e9", "value": "12288:V20BXOMcVzpWfmmnDDiX5P8fMYsvFE6NKGfLjx8QvbxafqNPOd4jy:V9XOMc1KmmDWX6svFEDGloyNPOO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647958410, "uuid": "1cca35f1-579a-4d3b-9ee5-76d9f10309ca", "value": 799232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647958410, "uuid": "f15f13e4-225c-40b8-8f05-021dfa435f36", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958410, "uuid": "23848c12-4f5d-4730-9c9c-a676a7431357", "value": "01906d32374af5356699b1c8fc708058b0645335ffa13340410b89d104bb46e3", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "070fb1f6-a9ea-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647958314, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958314, "uuid": "46488316-d0cb-4ea5-a15a-d2300ab06037", "comment": "Malware payload (Heodo)", "value": "7146b92a150a3ac9cbaa271c255a6252", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958314, "uuid": "19fccca1-7fab-49f9-8fce-a6d124e10aec", "comment": "Malware payload (Heodo)", "value": "0194a4ccb625466dee0dc94ae6519a84566a4ffd72b28a93d6525a844f472979", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958314, "uuid": "85301e88-174f-4ec9-bc1b-5beeab97a1be", "comment": "Malware payload (Heodo)", "value": "e50e273e85ffe2c01b7d203d0a5fe54d8d711d1b", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958314, "uuid": "50966b74-c6ef-4934-aaa1-f518656812eb", "comment": "Malware payload (Heodo)", "value": "bc0445984864e5ee9649cc59da47b3bc18e40e61e171dfb50a33cef8abe7cac3689bbf8e881570bd24841376299d7c5f", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958314, "uuid": "708ce64c-f7bc-43d6-b0a4-0a941b642e21", "value": "T18E059C596B46C0F2C3B53CF0182A42B11D9AFAF2C7B7023B9E84167D9A70DC17768D5A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958314, "uuid": "4830fe28-b60f-45ac-842a-33f87849f1ac", "value": "cd97bd977cef263c697f451ae2c47380", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958314, "uuid": "905653f7-8e18-4ca2-8bcd-3de1941afaa4", "value": "12288:V20BXOMcVzpWfmmnDDTX5P8fMYsvFE6NKGfLjx8QvbxafqNPOd4jy:V9XOMc1KmmDPX6svFEDGloyNPOO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647958314, "uuid": "ee2562dd-6c3e-4fc7-b56a-40372650568e", "value": 799232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647958314, "uuid": "2b55f5b3-0896-46aa-abb1-5324d3d80ef6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958314, "uuid": "2efcdbf7-08be-463a-9da3-9a03f19d1c2a", "value": "0194a4ccb625466dee0dc94ae6519a84566a4ffd72b28a93d6525a844f472979", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "217d7509-a9ed-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647959647, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959647, "uuid": "c1eb10f2-1372-4359-b07b-076f06598d1a", "comment": "Malware payload (Heodo)", "value": "0d475fea88b29240c87558159a2d74cd", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959647, "uuid": "6311e516-50e1-4e76-bd2c-9a6fbab6d614", "comment": "Malware payload (Heodo)", "value": "01979e8bbecd72ddd379443ddb02bf0e93945e9f0f851a8ce07f5d16addce061", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959647, "uuid": "0b9adcb4-3b47-43b5-aadd-53a64784155d", "comment": "Malware payload (Heodo)", "value": "0e6bbde1000c16eed2bc147444d6d791b9e86706", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959647, "uuid": "1d8e9fc0-6713-460a-a8eb-18d2e78199d4", "comment": "Malware payload (Heodo)", "value": "af4d30f3072a3cdf1e7b4d6a483e3e0b72abb4a0b5151472b680015570f8d8b615aa3faddd44b4ebaa1120b8e8f18a05", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959647, "uuid": "da18e58e-68fe-4751-b613-aad11c8f9252", "value": "T1C7E4AE607B81C0BAC31E30B50517A37966E9A9709F3897C7BBD46B7F6E740C19D3821A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959647, "uuid": "7a45a549-5f2f-422e-b967-2fc10b2a8f81", "value": "cca9170027b8a1c09e4e49e3efdfdd6a", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959647, "uuid": "2bfc0b92-0dfe-4f28-a309-c9de4c12686e", "value": "12288:JzpSPnEifD6xu1XRiTFIy30ZKm0XlsD12m1yMu0mPVOXNZ:JzpSPdDBQTFIy3mFWla1/cNVY", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647959647, "uuid": "0fdce56b-a02a-443f-837e-cf375e8118fd", "value": 660992, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647959647, "uuid": "8ac9b145-5b8e-412e-88f1-d5ef99131d7f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959647, "uuid": "be98c5cb-e008-4697-a4f7-91917e973c24", "value": "01979e8bbecd72ddd379443ddb02bf0e93945e9f0f851a8ce07f5d16addce061", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0e47de85-aa0e-11ec-9275-42010a9c0029", "comment": "Malware payload (AgentTesla)", "timestamp": 1647973788, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647973788, "uuid": "781196ec-9607-43fa-9180-803fde09404b", "comment": "Malware payload (AgentTesla)", "value": "f474f622db85918755ec99587b6bd164", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "Halkbank", "colour": "#2FBAE3", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647973788, "uuid": "446775cc-a117-4105-a495-08b32a28c02e", "comment": "Malware payload (AgentTesla)", "value": "01c8bc9ef91640e487c782ee99a16a329a2e4ef2ddafa22e583ac386f6242a17", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "Halkbank", "colour": "#2FBAE3", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647973788, "uuid": "ceb2263e-a411-437a-afbb-6a8aedfa566b", "comment": "Malware payload (AgentTesla)", "value": "a5b51843e56d1db4dc1ff753c3d61e2c15f9dca0", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "Halkbank", "colour": "#2FBAE3", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647973788, "uuid": "ff211588-c5d1-4e83-a213-8bc2f38529b4", "comment": "Malware payload (AgentTesla)", "value": "c9115a1ae78d9aea577e6f540599d3dce0559de9a92e79c18845c94f38dcbfbf7cc34b87d1ab566241635f919853f2bd", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "Halkbank", "colour": "#2FBAE3", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647973788, "uuid": "f4e24d09-0a23-42c7-8f93-19de4b32fb96", "value": "T16554125665C11AB7D250D2321E32FBBCB3F652C916452ACF8B9C3FA95FA01A7070E252", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647973788, "uuid": "dc129f96-d198-4159-9d09-070e93e4f7b8", "value": "7fa974366048f9c551ef45714595665e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647973788, "uuid": "c8a1b6eb-4b58-4bd8-a644-d4333134afba", "value": "6144:rGiNoDArY322r5cp5oOK8BvSwx9efN3YDV3uj7nQX:uArp2qpiOKwx92dYluvnm", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647973788, "uuid": "345565b1-90c1-4ccb-b622-2ab5b838584c", "value": 290818, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647973788, "uuid": "c29b7407-ada2-4f6d-bb0f-236d0aa699ee", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647973788, "uuid": "82cd4647-12d9-4da7-8055-db43615f5df8", "value": "Halkbank_Ekstre_20200520_115007_302191.pdf (3).exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f9834abf-aa0a-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1647972465, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647972465, "uuid": "2060bbcc-1892-4f57-bee1-3c4442286bf2", "comment": "Malware payload", "value": "391040873e8d5c1ec1fcf57d6964476c", "object_relation": "md5", "Tag": [ { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647972465, "uuid": "d5b100bf-c9bf-4671-875c-3503c0806d7e", "comment": "Malware payload", "value": "01db37b01413402f2dcc7999792fb7697932c04ca8e836663f0f3f94e306e615", "object_relation": "sha256", "Tag": [ { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647972465, "uuid": "a65ba142-3bd7-4e4c-bd5c-d27d4efa7eaa", "comment": "Malware payload", "value": "88b0aaa70832bd31e518bf87a2b1147f81ae1c24", "object_relation": "sha1", "Tag": [ { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647972465, "uuid": "88c62886-4120-4fe4-b13c-2e337393565b", "comment": "Malware payload", "value": "1e1e506b58aab82bfe5e0205abe2df652a6e216276f7fde94236f8c0683159b86ece7a96ad31824404bb9517a6ddeb70", "object_relation": "sha3-384", "Tag": [ { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647972465, "uuid": "a0f72c1e-e1dd-46d3-b36c-3a775c5eab97", "value": "T13192271A1A614548E49B0671362B8DC00CF92C48FA85C7492FB539CB91FF16F6FBD6B2", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647972465, "uuid": "bb8c9113-2b9b-47c5-a1ca-75f3a80b4741", "value": "384:UM6jggi/FcXuQWI62shkq7njDmfzvWa4Gc0LG60M/5q3t/OGFb6GjRa/QW/eC:UxiynEkq7fmrvWa4GRa60d9/h6mRfC", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647972465, "uuid": "9995a268-f7e5-4c1d-b401-50b398611b75", "value": 20936, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647972465, "uuid": "acd26004-73ef-4507-961c-e496fc62cf51", "value": "application/encrypted", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647972465, "uuid": "82b6e8df-73a3-4ffb-ad33-5507c1ecce9e", "value": "flange orderShanxi Double-Peace Forging Co.,Ltd.xlsx", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "dd2888a6-aa04-11ec-9275-42010a9c0029", "comment": "Malware payload (RemcosRAT)", "timestamp": 1647969840, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647969840, "uuid": "18b5ba3e-5aad-4fb1-89f9-bc24562428eb", "comment": "Malware payload (RemcosRAT)", "value": "72ac16f0b49f84e7c3bd98dea8ac39f3", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647969840, "uuid": "029bf6ce-cfa6-4a09-9b07-3fb8e5e3379a", "comment": "Malware payload (RemcosRAT)", "value": "0248d9d183a4e488fb4f6cd5d05fd4f6fe1ee33a3df848faacc64977cc4bf2f6", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647969840, "uuid": "5c4aabf0-bd75-467a-b6dd-fc27a9962182", "comment": "Malware payload (RemcosRAT)", "value": "5ba3da93c926bad024aefd0580c0043f4f04c067", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647969840, "uuid": "7310e80d-b621-478b-99ad-34964b06d13e", "comment": "Malware payload (RemcosRAT)", "value": "898d41859728a8db5756d55c190c6bdde044a7e78955f04ed1fa9c3d284670a4f64de60e4c12432c65591df3987e7149", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647969840, "uuid": "a7ce2317-1289-4f94-8642-654cfe6e867b", "value": "T1B1A4230623BAD283DD530D368EBD47AEEE64E8B511D84A0B57196E6D3E23380FE1D714", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647969840, "uuid": "a9e6dfe9-b60e-402a-bc90-4487d7284293", "value": "61259b55b8912888e90f516ca08dc514", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647969840, "uuid": "0cd600c1-402b-4a99-9a8f-3e311ae65a89", "value": "6144:DYa673G/+V8TyqclM6ZF0rq96JnSriL77Ch6VPYSi8fNp1sgCn9akRHdJjtY/o1U:DYJGk8TZUh9YT3WZmp1jz0HnxnDyZgV8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647969840, "uuid": "0f4bb521-1246-4e4d-b4af-017d1f1c52b1", "value": 488720, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647969840, "uuid": "484c6797-c625-42c7-bf13-eb474834be25", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647969840, "uuid": "2825a4b6-9c5d-4844-b700-b59ccd86cdbb", "value": "72ac16f0b49f84e7c3bd98dea8ac39f3.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d1eca558-aa0a-11ec-9275-42010a9c0029", "comment": "Malware payload (Formbook)", "timestamp": 1647972398, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647972398, "uuid": "adc2492b-88ab-48b1-85b9-17f868060e0b", "comment": "Malware payload (Formbook)", "value": "db00433dd263da1f3be188682f0a35ce", "object_relation": "md5", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647972398, "uuid": "cdf6fa3f-afb2-422f-bfab-dd632b3d2169", "comment": "Malware payload (Formbook)", "value": "02880a01c58f06c7bc415248da2a9513b1f1d8359ca97ca5f408a87b26134174", "object_relation": "sha256", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647972398, "uuid": "31fa91ec-c025-4895-ae43-969b1334c44e", "comment": "Malware payload (Formbook)", "value": "5aaf76fa82137017661fa1b387e629f4b1a20c0c", "object_relation": "sha1", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647972398, "uuid": "3fa1de09-8436-4ffd-9ec3-b1a3bc5d5033", "comment": "Malware payload (Formbook)", "value": "4683015ae1be3379189ca205b8f8a275aa5d933a5ee557ccec092adc08c1b2472302f285c8b1e5baf9f9c351e5a53aa3", "object_relation": "sha3-384", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647972398, "uuid": "c499e5a2-5e37-4162-9a2c-b749f9cd76e8", "value": "T1BA1412F17D81AAD3F5E6C93B175A8A120E00EEE9044797003B3D3F7109369B9D53AA67", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647972398, "uuid": "c1da5da0-abab-4c5f-bc8c-1d092a6f742d", "value": "3072:7VDgKC8YTyyVejTdCAUQXOt5Os9FKiSvHmCeXXWkudtkyf6L3NoffdbAk71+9M7n:BDS2yVejdNSESxXRXy63odbHQM7n", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647972398, "uuid": "95aa8bb1-f19d-4e54-8b6e-a957fef9b71c", "value": 191864, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647972398, "uuid": "3dfb5da3-e1f5-45c9-b6ce-b2a26e0c88c9", "value": "application/encrypted", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647972398, "uuid": "4f431a83-4754-4d43-be6d-0c1b44e960f0", "value": "P. Order & Contract (A-4553).xlsx", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "08fe7b9c-aa15-11ec-9275-42010a9c0029", "comment": "Malware payload (RedLineStealer)", "timestamp": 1647976786, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647976786, "uuid": "e30fe4c0-0166-442f-8c20-906c6606c01f", "comment": "Malware payload (RedLineStealer)", "value": "be5a217876c992659c0223470b981b9c", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647976786, "uuid": "ff3df849-38b8-465e-9133-fee7b865abe8", "comment": "Malware payload (RedLineStealer)", "value": "02f2ddecb8e2761b0ecc346ec43dc12c05661f938331f6f4cc0b8703a9388224", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647976786, "uuid": "18671cf6-fc11-4930-bbd5-5726cf8db186", "comment": "Malware payload (RedLineStealer)", "value": "154049870b84a7865181efae2e0e02b9ea63d9be", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647976786, "uuid": "f769abad-a79d-46d0-b9fb-cfa4b86da9b1", "comment": "Malware payload (RedLineStealer)", "value": "12d25ac2e72e97009818184f3f2419ed41ce8010a7bfb5b2f1c906c85edebdfaf042d6ad47a6b6025098c7a40b53e49b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647976786, "uuid": "33ed7d56-7539-4ad9-bfa3-66b386e7c959", "value": "T18F65337AAD0CD785CD026AB7702E5F284247DA770E5F6B086219980CEC4D3F9615AF2E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647976786, "uuid": "8e9b6f29-91cc-41db-a18e-41ea4e34b2e7", "value": "57b4688c454480cc1bf2337299d38c69", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647976786, "uuid": "fec3546f-1f5f-46d4-b80c-484403af240e", "value": "24576:vcoq1jaXVPuMA20y40Ej78AEkgfrOwAo6RQcxdW3NoV5HoBNooH8MpCFRJCv2fFA:vcb1GE20d5ERfybxquHobl8MIRu", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647976786, "uuid": "5f39514b-b201-4c7d-84e0-cf0217f306c6", "value": 1459872, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647976786, "uuid": "85ba1d76-1dc4-40dc-a6ec-3517f739e2cb", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647976786, "uuid": "772d5b23-a0e1-46cc-85ed-beb17d0a9139", "value": "53660416.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6cbd191c-a9e3-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647955478, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955478, "uuid": "c48cda24-4299-4c2a-b1f4-b0802db12f9e", "comment": "Malware payload (Heodo)", "value": "047a107f438f607db66fbe8f99b14d8b", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955478, "uuid": "2731910f-eef7-4156-9d94-85afe63df22a", "comment": "Malware payload (Heodo)", "value": "02f58c774dcd853ca9db13cf42696eb14c56077f63e2101c86225fdd9b39b951", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955478, "uuid": "6f642e1e-cf5e-469e-81f5-27db67328fcf", "comment": "Malware payload (Heodo)", "value": "6e5fbc9533fa808a28049cc3229740d94833de3f", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955478, "uuid": "4992a2ff-64c4-4522-98fc-8fd4e7d2a85a", "comment": "Malware payload (Heodo)", "value": "f6099d3fc0604b22c0127e1388bb3fa4ec55f0953a6b9bb92a3e72a2b8d66463de46d3239af2582d8799ddd6ee3e1b48", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955478, "uuid": "87052706-9087-4409-81cc-3195e7c4d6f3", "value": "T14CD46B03BFD3F0F6C12F0F394505D608989A7EC6A62A45A3539C6B9FEE670138D36652", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955478, "uuid": "5c26f550-dc77-44ad-bcbf-d169b4fa39e7", "value": "987fe31a9a4cd6eac4ce656a05c3724c", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955478, "uuid": "e34c224c-e567-4365-a76d-dd3d57c0bd78", "value": "12288:QXvRLpX4HMAus65r6xMxWXb6Sw5BxfmRgnI:Q/Rt4HMA+r6x2BlmeI", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647955478, "uuid": "23fafdbd-9368-4b96-8f4e-d13f1c17eb0c", "value": 614400, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647955478, "uuid": "d88b88a8-c8ba-4971-8d30-2b8516bac61b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955478, "uuid": "2e6f374a-4fb1-4d66-9387-0aec83500fa1", "value": "02f58c774dcd853ca9db13cf42696eb14c56077f63e2101c86225fdd9b39b951", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "33e23a10-a97d-11ec-9275-42010a9c0029", "comment": "Malware payload (RedLineStealer)", "timestamp": 1647911574, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647911574, "uuid": "95fc0c3b-54bf-4a20-b4aa-8997a1065e64", "comment": "Malware payload (RedLineStealer)", "value": "2db19dffb6980ecddbb081236b309d26", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647911574, "uuid": "478a588d-66b6-4e91-b9a2-cdbb29d63af6", "comment": "Malware payload (RedLineStealer)", "value": "0327b9adc2e0d54ecd3f1a5eb511fa9a28b975ec0a12a4dca4f179bdbf90d4f8", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647911574, "uuid": "c412cdb1-4562-4474-8bc3-4a518349de08", "comment": "Malware payload (RedLineStealer)", "value": "bdf0c8a3d47f12db8665f7710c40fbf83ea8c950", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647911574, "uuid": "7041b44a-e53a-4eee-82e4-b20c2a0b722f", "comment": "Malware payload (RedLineStealer)", "value": "c0b5cfd55ab6327710358bc27dbb458804eb9e8d1c42294e64e86374e6c1cae496eb784930fc5ebbe53423159154fb3b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647911574, "uuid": "95d6dcef-7d68-46af-9ff8-f1bbcb745c36", "value": "T1F82633F9508207BCF4786179AC5CEB43F0345BE469696FD59DC382B23CA9B40DE342A9", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647911574, "uuid": "bc053a4b-2487-4714-b56a-c66bbeadad21", "value": "7dc28ef949f54ad98c715895ecc34cff", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647911574, "uuid": "3a723685-1d2f-44dc-9687-10aaaa6b8b49", "value": "98304:7xjZzUQ/nZOWSXs3H0872SySKMmxd9MhwNKtuye:7xGQ/ZOLsk8SSQxUwNK4ye", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647911574, "uuid": "e25b771a-4377-4a70-b751-b02c3cff83e6", "value": 4536832, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647911574, "uuid": "ffa660e9-495c-4f23-af47-4c23ad3766ec", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647911574, "uuid": "c29d489a-9339-4b25-bc04-804a9866b3c8", "value": "40286764.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7d5afd91-a98d-11ec-9275-42010a9c0029", "comment": "Malware payload (AgentTesla)", "timestamp": 1647918570, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647918570, "uuid": "d7e78e45-f8fe-422a-9e65-39abb83c0701", "comment": "Malware payload (AgentTesla)", "value": "581c2ee5a9b6e917515f21c31b43f89b", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "r15", "colour": "#8E01A9", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647918570, "uuid": "bf4f5884-adc8-4d74-992c-c7f217c7bf31", "comment": "Malware payload (AgentTesla)", "value": "03ad5c633d42a7513f4186e4caa2b45b009e07217d2f1752293446bcf1663f38", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "r15", "colour": "#8E01A9", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647918570, "uuid": "bfb4c57d-ef72-411d-a56f-4c04c44eee18", "comment": "Malware payload (AgentTesla)", "value": "e9b0342d5c74c852ea843375b79c06f1fd61c387", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "r15", "colour": "#8E01A9", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647918570, "uuid": "c429ee8d-7b41-4abb-91a1-7390c5c95f2d", "comment": "Malware payload (AgentTesla)", "value": "1fd7ea90ef074980bf53281fe2c9f837abef8fcea0732f925585eb2c2c7508a161c302e0c41e60cb6f8f23b2928fd8c1", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "r15", "colour": "#8E01A9", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647918570, "uuid": "f75f9e7a-57bb-4e43-86e3-ae48629a62f3", "value": "T1D0D433FB79FB775A17802FE8481C679BD8081613D6E20D1B15FADD0812661E0C3EFA98", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647918570, "uuid": "634f5ff4-0142-499f-8ed3-22b7d21c9843", "value": "12288:vX9Y6y+rzNyL7WeIDviO9kS4C44epNZNCf2bWjaIsTBub:VY6y3L7WZiOV44eDWeWjbsu", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647918570, "uuid": "ab10beb5-9bb2-4e18-a82d-30aee69bc4b1", "value": 614768, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647918570, "uuid": "f533745b-1a3f-4854-b19b-770e1e07eb00", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647918570, "uuid": "37c5a6a4-90c6-4f65-b9ff-991f9526802f", "value": "PO.r15", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0fcf7c39-a97c-11ec-9275-42010a9c0029", "comment": "Malware payload (AgentTesla)", "timestamp": 1647911084, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647911084, "uuid": "4a7bacf8-176b-492b-aaab-df3f5abba9de", "comment": "Malware payload (AgentTesla)", "value": "ee2d5ab28f508d8372aebe0ca1506031", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647911084, "uuid": "f5bbbf1a-cd7c-4126-9924-b2ddd291f7d3", "comment": "Malware payload (AgentTesla)", "value": "03e296209ebbefa5f78b704b9bb8f5eca3cd1f12aff0d377fd8006f315065476", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647911084, "uuid": "4be06f42-343f-451f-a3b0-b7a15fc8f252", "comment": "Malware payload (AgentTesla)", "value": "5ad8ac101f4db0425ade35afce5f8748556c2dc6", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647911084, "uuid": "f5812c54-3d4a-4120-abc9-e18dbf45172d", "comment": "Malware payload (AgentTesla)", "value": "07c66790baeff703176c9ab57392a24cf05aefe8e54371947a595adb6ff9003a8dc5ee0c9f50dd1e56f3ec1579185bfc", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647911084, "uuid": "b1a7463b-1c72-40f8-925c-b032cf96dd9a", "value": "T1512533A0B108C804246FCA5B51E9825E2BFCC874DBB475C8ED7763E37B6457EB2B4845", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647911084, "uuid": "53dea1f4-352a-4885-b7e3-0be8b562fec8", "value": "24576:/hwHa0ka692tIgmG0ObQHT21dCg2/f12mZRBm8Y2VV5PMc:/qHuIIgmcbQSl23EmVm8hVh", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647911084, "uuid": "9e7365dc-f0b3-496a-bffa-1f71f47c0915", "value": 997709, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647911084, "uuid": "c739c6f6-aa63-4194-a6d8-601405b89483", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647911084, "uuid": "21ab6caa-7f0f-4496-b746-469dd719cd0f", "value": "COPY.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "94232224-aa10-11ec-9275-42010a9c0029", "comment": "Malware payload (Loki)", "timestamp": 1647974872, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647974872, "uuid": "f3796e86-b872-4746-8096-afc2ca805863", "comment": "Malware payload (Loki)", "value": "55a8628160d0228f37e17a1846c51cfd", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647974872, "uuid": "cc8c82f6-ad5c-472c-ad12-84da98ea325c", "comment": "Malware payload (Loki)", "value": "0405c940e93ba13527c87b6a80aeac058734fa4ce0c9a594774d696eca07b28e", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647974872, "uuid": "f5789e5a-e7fb-4f0f-b4ab-aeab709e5076", "comment": "Malware payload (Loki)", "value": "95fd726937976630115e620e0a866e657428480f", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647974872, "uuid": "ca02badb-8e3e-4675-977b-6047237d461c", "comment": "Malware payload (Loki)", "value": "cd243cb60339a95c9278a30245cb9aa63b81235b40b15e7f5eb650a2f5a09cc2d96f412e8f947d9df0681064c3f8f8ee", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647974872, "uuid": "2f66fec5-f419-4745-84fd-884c6e1d6608", "value": "T16F342227B1C058BFD3922A706BF38BA5D376D55905F21C3B6B00AFE739551EB8626302", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647974872, "uuid": "1b2f4c95-0603-44bf-bcef-bf4982da37aa", "value": "7fa974366048f9c551ef45714595665e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647974872, "uuid": "5f206be5-5abb-4254-99b7-8d1eb65bcd9d", "value": "3072:rS17XJiDxmJJYoJQo7ADBplO1w1yVavpigNFVPxXM3v/ZQyaLYXEbJqLOrQ4TpZm:rGigiTkwcVupiuZav/KylXGaYQsHLbg", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647974872, "uuid": "acf7d38d-b328-4a71-b015-fab552e370ca", "value": 240506, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647974872, "uuid": "b2bbf921-cf0a-4b72-b955-99a5ed889394", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647974872, "uuid": "98e24af6-cdfe-44ad-b46c-8e21704a069b", "value": "55a8628160d0228f37e17a1846c51cfd.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5e32dd9a-a9c0-11ec-9275-42010a9c0029", "comment": "Malware payload (Formbook)", "timestamp": 1647940422, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647940422, "uuid": "9a00d529-b5e4-4bf8-8664-13cc4c03e356", "comment": "Malware payload (Formbook)", "value": "da769f7382703bf9887144ab8d4cb0bd", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647940422, "uuid": "e201df5d-a02f-454c-a9d1-6a36f94b367e", "comment": "Malware payload (Formbook)", "value": "041760471bc27a43bf84ff6bee7edce055983316c01cd984ade1872239c1a35c", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647940422, "uuid": "8b300eea-0e66-4202-b25d-01ac9b37e60b", "comment": "Malware payload (Formbook)", "value": "62cd420154c2ce51948d69fec1f501774711ee15", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647940422, "uuid": "5720c483-3e97-4150-9645-fa68043447e7", "comment": "Malware payload (Formbook)", "value": "676f34e31b90c63eb6448a3620e1f42614eabafd69731efe659ed626af753f83fc96a05901bc1a9da9289851ca7416fb", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647940422, "uuid": "825795cd-b472-4a83-b043-cdd614be898c", "value": "T16625235836754773CE6CABB2AC50524812B65A3D2853E31CCE93D2A6057F329FB8178F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647940422, "uuid": "5dfe7ab8-5bc7-4292-97f5-0759df8ca60a", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647940422, "uuid": "02178344-f52a-4e5e-aafc-f2d4eef83a0d", "value": "24576:lToh/+nYHZz4xnN7bx4AlTgKA0O/ar6CIZL1fKZjWoqW2UK1f:lTohGyRKD6KkXL+nK1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647940422, "uuid": "44efff93-3191-43f7-bedd-c765a348e6b5", "value": 992256, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647940422, "uuid": "991a6b5a-90eb-4403-8099-e66fa3f9bb20", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647940422, "uuid": "a6879b1b-abc3-4bf1-aedb-c3b365c5d065", "value": "UAE CUSTOMS NEW TARIFFS.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "db1e8524-a9e1-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647954805, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954805, "uuid": "39a9ef54-f76e-473b-ba9e-09c65672fd13", "comment": "Malware payload (Heodo)", "value": "5f4360bb8d04147fab20304051e5bd4a", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954805, "uuid": "ad9d0101-4ca4-4591-a4f7-6a45868dc2c1", "comment": "Malware payload (Heodo)", "value": "04202565a46c0265a6a57fe345025ee92916d05a236efe998a2aa375f1c126e5", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954805, "uuid": "410fa529-92a2-4a86-869d-a85aef6c6748", "comment": "Malware payload (Heodo)", "value": "6c6dbcd268e05537e78c05122b4de88d6c02ae0e", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954805, "uuid": "95b94a23-907a-4235-b7e4-1b1559c951f7", "comment": "Malware payload (Heodo)", "value": "e31ea2f7a7b10e4b490b3d06aa38b05375166a2e9e4fba2948fb6105c1b17499f3f691e6315b16ecb257225d75834286", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954805, "uuid": "e1e8edc6-5d0c-48bb-9cb6-054856bccec1", "value": "T1D9B40706B152B13DC24BD0B96E0167A951AED9FD0BB137A3AFA813CC06A34D5735DBC2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954805, "uuid": "fc64da19-e433-4c0c-bf0c-eb7fc7cde51c", "value": "42fe0d732d1bb90c6a7a1bcfb8ef88aa", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954805, "uuid": "f56b1548-370c-4972-9462-dadf95e1f95c", "value": "12288:AASStHx1vVHO+1Hx54Og0p9n4WNL7XE0UdX:ecHfv4qx/np9l7XE0", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647954805, "uuid": "3dce4718-9171-4f40-a578-53fdc0ab2973", "value": 532480, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647954805, "uuid": "ef2c345c-8f9f-4183-93cc-800bc57c0302", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954805, "uuid": "f08d3c70-f02c-4b77-b0fe-fad806622918", "value": "04202565a46c0265a6a57fe345025ee92916d05a236efe998a2aa375f1c126e5", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c000168f-a9e9-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647958195, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958195, "uuid": "635fcb80-402c-4b98-a9bf-8d895c2b623f", "comment": "Malware payload (Heodo)", "value": "a88d88ad2a524e01431d321a8a8027ed", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958195, "uuid": "1377ac7c-5e4b-4d5b-acc7-23eb2800df5e", "comment": "Malware payload (Heodo)", "value": "042a730ef9c1875b09bd9ca2b38fffa4911472b5cd2360a13839033c03a3abe8", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958195, "uuid": "ebeb82bf-b55b-41a4-abc8-1b738379a82a", "comment": "Malware payload (Heodo)", "value": "ad7972520b9fbfbf045c47b5251a1f50db6e68e9", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958195, "uuid": "c5d66b42-1a41-4d11-b54f-280c1d76ba6b", "comment": "Malware payload (Heodo)", "value": "540b8e9dba9addc763aca72be04b8895816c2cde87eb840517f2894dbe74d4024ce970854370eb7eb4cf9224f18322a0", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958195, "uuid": "db6dd4f6-305b-4f93-8b40-e79282106036", "value": "T1AC059C596B46C0F2C3B53CF0182A42B11D9AFAF2C7B7023B9E84167D9A70DC17768D5A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958195, "uuid": "28868cbc-1766-46af-8b6c-3b0594e6b5b6", "value": "cd97bd977cef263c697f451ae2c47380", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958195, "uuid": "ed95c22f-3332-4927-97c2-573230c0d5f0", "value": "12288:V20BXOMcVzpWfmmnDDqX5P8fMYsvFE6NKGfLjx8QvbxafqNPOd4jy:V9XOMc1KmmDWX6svFEDGloyNPOO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647958195, "uuid": "eb7095c7-4bf2-4098-b3bf-c79b7ffba28f", "value": 799232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647958195, "uuid": "d3e927cb-69e8-40b3-b6cb-efd2fb29250a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958195, "uuid": "587e585d-f0bf-4233-a9d2-35b39cb14a3e", "value": "042a730ef9c1875b09bd9ca2b38fffa4911472b5cd2360a13839033c03a3abe8", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b0c5e36e-a9ed-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647959887, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959887, "uuid": "f8502edb-1763-426d-bdca-22831f81dbc0", "comment": "Malware payload (Heodo)", "value": "99e38be2365d3f7ee53ec7cc81d711c8", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959887, "uuid": "5d008082-8500-42eb-a37b-91594a826e68", "comment": "Malware payload (Heodo)", "value": "0461ddce021a09dc4b0954bea2e916616c299fea41f1ac5a0d10178980268134", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959887, "uuid": "1e2bcfdc-4a8c-4211-9b58-8cd0b8ee7a88", "comment": "Malware payload (Heodo)", "value": "1d48d1e30fce687f721c4ab9259dcbb15f3c2b79", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959887, "uuid": "c877362f-9fa1-4c65-a0ca-079a18a61c3b", "comment": "Malware payload (Heodo)", "value": "9701694c7122fadd2b5282c571893eae6821117261f326ef38c885e7661b1df87c20cc36bf7f9ed548f9f58afa86e201", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959887, "uuid": "04e5cc5f-2faf-4ad7-98cd-d3fbf846956d", "value": "T11DB4194F1E989172F0CF28776C22FB65F1EBB8009319B8116EA81B4CFB25B715961D4E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959887, "uuid": "a993cf6f-5a21-49db-b224-98630460398b", "value": "ea66334e3c2bfce2838f2a75dde8dc63", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959887, "uuid": "6e7f1a5c-6b95-4286-b693-495250a7fedb", "value": "6144:8JZToYE666spbEgoZhZO1t+I+rB7FNXtwN2B5mq8dbSNQ7dqNThMx:8v/goZo6lF/wN2PmBzdqNTWx", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647959887, "uuid": "555d4fde-0d68-4b4d-86c4-c6b0f4726dd7", "value": 516096, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647959887, "uuid": "99a76a85-89e6-42dc-b6e5-ab8c1b9b67b1", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959887, "uuid": "9cd63e57-1b84-419c-bb83-ee3250ecd796", "value": "0461ddce021a09dc4b0954bea2e916616c299fea41f1ac5a0d10178980268134", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "58e2d327-a9a3-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1647927957, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647927957, "uuid": "8a27cbc6-5c99-40f7-b3c9-ddbb46b54fc7", "comment": "Malware payload", "value": "bdeebd6abaefe75e6eaec80b96248ffa", "object_relation": "md5", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647927957, "uuid": "291ed36f-6870-4d47-a992-c969ebee0da6", "comment": "Malware payload", "value": "0495566c8f712dead9cd05b5a8ce962a2386765030ce21d33b19042ff148c354", "object_relation": "sha256", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647927957, "uuid": "2aed2483-d63a-4318-b086-35e1759323db", "comment": "Malware payload", "value": "cb9ca19192bee236beeadec0e3d6b56319baba77", "object_relation": "sha1", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647927957, "uuid": "4abc493a-74e7-4253-9c89-46b4e14ab250", "comment": "Malware payload", "value": "f54cbbf5875ea6b546720d1d9d39c539a34a5cc33e6e0c2c3cdc6308aac2db1460b1fd26758ab2cdad1f1bef2eda8f58", "object_relation": "sha3-384", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647927957, "uuid": "d3843741-0522-4ea5-8fd4-3e983c37d0bb", "value": "T18E35336DE837BB86903184F28EFD80699D255C050384E9C9DF429B06D7FF66E6B122CD", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647927957, "uuid": "59723b51-c5fe-4ef3-9ef6-b51c37590602", "value": "24576:snoYC4XX6TTO9D8o4+T/Gsvg46UAs5VVGrVPA/mJj:sn8oqTFm/JD8V4uJj", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647927957, "uuid": "d5067f32-828b-4e1d-9b3e-16268d3e490e", "value": 1111889, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647927957, "uuid": "ec6a2575-cd9d-4f38-b573-307793c078f0", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647927957, "uuid": "06d53677-b516-450b-9718-632cf33855de", "value": "URGENT REQUIREMENT (3).zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c55f10e9-a9e9-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647958204, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958204, "uuid": "64c4e28f-b433-48ee-aba2-1f5a75c48221", "comment": "Malware payload (Heodo)", "value": "03918a2ba21f0cbabd6fc3a160ad611b", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958204, "uuid": "632a2afe-f3fa-46de-8755-0033ded7b568", "comment": "Malware payload (Heodo)", "value": "049de6c66e88a99c4a80a48e748a8ba50f3d177c768098de81628e4bdee1b3f4", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958204, "uuid": "a9c185ab-774d-41ec-ad04-3283b94d42f9", "comment": "Malware payload (Heodo)", "value": "bef9acd5ab4df909d88d1e044b8517c2f2d0f773", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958204, "uuid": "24901eb7-0ea5-4100-ad2c-2d560162fd56", "comment": "Malware payload (Heodo)", "value": "ed527f1d9ecebceb8ae0c4e156f91b16a380c85d0016f194e52ec0cc30214d4501e58078a29f5aff7af30a80ee3e97c6", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958204, "uuid": "e4c306f1-4bd9-4a8a-8536-058443752fe3", "value": "T1C4059C596B46C0F2C3B53CF0182A42B11D9AFAF2C7B7023B9E84167D9A70DC17768D5A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958204, "uuid": "a11f83cc-ae3d-4f3c-bc26-b1eaaaa54ca2", "value": "cd97bd977cef263c697f451ae2c47380", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958204, "uuid": "130ffe43-ec03-4279-9a3f-28d67230fa08", "value": "12288:V20BXOMcVzpWfmmnDD5X5P8fMYsvFE6NKGfLjx8QvbxafqNPOd4jy:V9XOMc1KmmDNX6svFEDGloyNPOO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647958204, "uuid": "0269b718-1f63-4f58-ba84-f9f5042cabf9", "value": 799232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647958204, "uuid": "dfbad05e-7f60-4787-bd13-3653002a0465", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958204, "uuid": "6e00385c-958b-4630-b659-444470d7d00b", "value": "049de6c66e88a99c4a80a48e748a8ba50f3d177c768098de81628e4bdee1b3f4", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c7efb9e0-a9e9-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647958208, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958208, "uuid": "c7543b7f-f614-4423-a4d4-e9032b2ed91c", "comment": "Malware payload (Heodo)", "value": "83bbcf22ff6f7c65ae28a66dd7990fcc", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958208, "uuid": "f80697f5-b614-47cb-bbd8-e6068b9299fe", "comment": "Malware payload (Heodo)", "value": "049ee37525b516a35ac57d96079d49252672f70568ca6b25bcb229f367151e58", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958208, "uuid": "7172b74f-1ee8-404f-b5d1-a3e7ebe7ce95", "comment": "Malware payload (Heodo)", "value": "5202342c5dd94c936791c7387f35a574a0b542ff", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958208, "uuid": "58f7b9e6-31af-4beb-b2a2-8e41370f2444", "comment": "Malware payload (Heodo)", "value": "e930fbbc9b0a26654ba590bcffee5a09e6b63c7afc4e97dab154face3dfadd5da2e942f1cb2aab0e47b23a68d02de51d", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958208, "uuid": "6d16328b-e282-411a-be9b-07ea96c429d7", "value": "T12D059C596B46C0F2C3B53CF0182A42B11D9AFAF2C7B7023B9E84167D9A70DC17768D5A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958208, "uuid": "4d2820af-8503-40ed-9e86-2e04d7e8fb10", "value": "cd97bd977cef263c697f451ae2c47380", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958208, "uuid": "a4ec1fda-d5ff-47e7-abdb-b92a50be1f7c", "value": "12288:V20BXOMcVzpWfmmnDDcX5P8fMYsvFE6NKGfLjx8QvbxafqNPOd4jy:V9XOMc1KmmDgX6svFEDGloyNPOO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647958208, "uuid": "660f322f-6d00-4798-b502-9008e206ed26", "value": 799232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647958208, "uuid": "c7c918e3-9f0f-4343-b79c-33124cacec11", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958208, "uuid": "f50b86ee-9536-4722-947e-9b2f694ffcee", "value": "049ee37525b516a35ac57d96079d49252672f70568ca6b25bcb229f367151e58", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7f76e043-aa12-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1647975696, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647975696, "uuid": "19ebc5f0-8f22-4788-902c-ad26f9778c0d", "comment": "Malware payload", "value": "be873b658db961bf53b9915d8ee0c2bc", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647975696, "uuid": "2c1433dd-97fd-4cc9-8066-2272aa46dd45", "comment": "Malware payload", "value": "04e3927f1ed659bd9084711faeb1073a660cafd92a2800e0faf69d0ecfe575bf", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647975696, "uuid": "1a9267bb-0f7a-43ee-9022-69337e8f0a02", "comment": "Malware payload", "value": "c25569d648c1aef63447ca2f20fd28461e501205", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647975696, "uuid": "9ab98348-016e-489f-8654-bf5aed43db91", "comment": "Malware payload", "value": "f3559307cdb43bd8b5930a61466f24b3ffbc88d020a994f8f5e694a1630adae22595cd0fe7b3070b386eb41726fe242b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647975696, "uuid": "f8ec9c84-6ec3-4d24-a35a-dff0744e2831", "value": "T110D512BD5248335CC02EC9709533ED48B3FA562E12F4E5AAB1DBB6D077EB810E902B55", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647975696, "uuid": "456df42b-a5ba-469a-965a-6881cc548b4e", "value": "4e4095a0d90406c8428c5d9a9c6b05b7", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647975696, "uuid": "56c01cd9-0a8b-402f-b38b-a43224bd3d84", "value": "49152:/kWABDN1bES9l4fGdDnox/OynBUB+dd39Vy7XqDwtRQGU3nTtiqQS/7TQyLCvZu:/kWAxbb9l4MnoxmyBo+dd39+xwgqQkZ9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647975696, "uuid": "628b0436-c34a-4d94-b919-932e771c7b34", "value": 2953489, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647975696, "uuid": "fa82bace-a01c-496b-bec7-791756fa0bad", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647975696, "uuid": "5df67d33-6b9e-47d4-aadf-4fff33960121", "value": "be873b658db961bf53b9915d8ee0c2bc.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1cefc6b6-a9e4-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647955774, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955774, "uuid": "e4165e39-bfbc-4381-83ae-e4258144dc78", "comment": "Malware payload (Heodo)", "value": "4daeccf5ebf1dc8de446d55d0ae432dc", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955774, "uuid": "f18d7388-c943-4047-98b8-ad550e61e2dc", "comment": "Malware payload (Heodo)", "value": "0556c5e8ebb9cab2005cf6255c2df9bd0193411a30ce25b3b73fd467ecfa50f0", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955774, "uuid": "2b229917-2510-4a69-903f-0ed43a8517dd", "comment": "Malware payload (Heodo)", "value": "448c3f557b397dfbe8da5d0246528382d141618b", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955774, "uuid": "85c4d6b1-9153-41fe-8bf3-af01cfe19ecc", "comment": "Malware payload (Heodo)", "value": "cad1674d3cb10713eea4f8f7979d274103e12b91e71306f6bbcb30efaa4d1c5399563f68486ada2e6281bc8013dddbe7", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955774, "uuid": "433473da-bf31-4801-965e-37eea85b7bd6", "value": "T1D8D41A30BD5BF0F8C48A1BF46A05CA59620B7EA05625B0A372EE774D6F321334D39796", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955774, "uuid": "2718b5b1-ffcd-4928-a528-19901467a8da", "value": "b193e4975b360aaa9ff34a6f93823ae8", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955774, "uuid": "e25d4b93-88f7-47e8-b316-0df5f22d2ef4", "value": "12288:ZxpNJJJ2NHPoczJROtIhxf3foRXIa5EPwvA:Zx2gczJRFf3fnaFvA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647955774, "uuid": "a6668795-fbd7-4c84-87f3-9702054d72b6", "value": 618496, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647955774, "uuid": "53fa7e1f-c354-493b-9c68-40737ecde4b1", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955774, "uuid": "c6b1f546-2b8d-40c5-92d0-66e36016dc7a", "value": "0556c5e8ebb9cab2005cf6255c2df9bd0193411a30ce25b3b73fd467ecfa50f0", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2ca7ff78-a9e9-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647957948, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957948, "uuid": "cff381b9-5c22-4a0a-9735-2bdd6ecb548a", "comment": "Malware payload (Heodo)", "value": "c2aaed47cc4ad6c738e56faa288b0b39", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957948, "uuid": "6930884e-af64-49aa-9fb1-6ec8c0530ba0", "comment": "Malware payload (Heodo)", "value": "05b7be01990c21346888f48fe4917d9a506c4fe61875a0c6256a2629a0733136", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957948, "uuid": "1e832be1-ed03-4bc1-a825-aa45a1eb175a", "comment": "Malware payload (Heodo)", "value": "0117abf34acd6af244246a0668b56e666e049a9d", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957948, "uuid": "aab4b3d0-4539-4e31-a9bb-39f670e0a3c2", "comment": "Malware payload (Heodo)", "value": "d29ea7d1f1c17fc38f1e3273960aa43461ea02fe812951527d1a599f8fb56103d51d19a9606834bddaf529b270ea7176", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957948, "uuid": "bf77d353-b993-49d1-8bda-0559f21f45b6", "value": "T163059C596B46C0F2C3B53CF0182A42B11D9AFAF2C7B7023B9E84167D9A70DC17768D5A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957948, "uuid": "14dc84a4-6ec8-43bb-b786-a645fb99d950", "value": "cd97bd977cef263c697f451ae2c47380", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957948, "uuid": "49942f86-6c85-4c69-b326-1847d01a8433", "value": "12288:V20BXOMcVzpWfmmnDDSX5P8fMYsvFE6NKGfLjx8QvbxafqNPOd4jy:V9XOMc1KmmDeX6svFEDGloyNPOO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647957948, "uuid": "aa61a989-f16f-48fc-a64b-b6f7b2482380", "value": 799232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647957948, "uuid": "4aec6e3f-3536-4634-b07f-e52811df5db8", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957948, "uuid": "818aa0fd-55ca-41a2-a1cf-3ec81edda8c0", "value": "05b7be01990c21346888f48fe4917d9a506c4fe61875a0c6256a2629a0733136", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "38aadf08-aa15-11ec-9275-42010a9c0029", "comment": "Malware payload (RedLineStealer)", "timestamp": 1647976866, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647976866, "uuid": "31bd4292-a16a-47d1-a09e-0622d7064dc8", "comment": "Malware payload (RedLineStealer)", "value": "88f6af57d845a87e48ec913e89e98578", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647976866, "uuid": "0d14eee6-a29f-45c9-8e66-16453b8bf579", "comment": "Malware payload (RedLineStealer)", "value": "06408559fa6910d9cc4b22f6118d78788328ebead54a92f01aeb3b6180ea0988", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647976866, "uuid": "dd11c355-0355-4b4b-9ce8-1d0b2f4ef61c", "comment": "Malware payload (RedLineStealer)", "value": "4b3b6ad38d3ab1e92888ade426e089ae658093d8", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647976866, "uuid": "6f0597aa-9765-4998-877f-1b9662dba976", "comment": "Malware payload (RedLineStealer)", "value": "ad5186cc1fead5aa9953423b00f66b7c353beeb079c0428dbbbd46df0b24460302e8f66049f8b68bf4fd15f3822b975f", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647976866, "uuid": "fc3a1f2a-e15e-4c00-9dcb-66b30984b361", "value": "T1B2C423D905CCCE6DDA898BBABB49C8E90A3C1C60E5D59C43D92FCD41A4B422493F67F4", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647976866, "uuid": "c6f58bc9-b4b0-42bf-824d-5e96373812c4", "value": "445554923421947cbff896012e27345a", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647976866, "uuid": "f114f817-cec8-45d1-8eb3-3c7a52b39479", "value": "12288:Vgb1C6XXM+JFWb3GEaNQS03ULaHNqrxlKIQNoOU3SWfZ0EpusJb3K:VgbI6HrFkrwkEaHNYK3Y3PfnpZu", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647976866, "uuid": "1f9db247-10ce-4458-aab3-550ddf6a6774", "value": 567296, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647976866, "uuid": "3b5b79d0-0dbf-409b-a9c2-ad9b8384698f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647976866, "uuid": "a9e6f03a-a7d4-44b9-ae97-e723d435fae6", "value": "55078248.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cbb37c75-a9e2-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647955208, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955208, "uuid": "03934d1f-9dd8-4050-a303-d2ca321011a1", "comment": "Malware payload (Heodo)", "value": "21adf6bcf606742b12d339f4dc6a537f", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955208, "uuid": "04b5a085-c844-4c5d-b648-a7b5e6a137c4", "comment": "Malware payload (Heodo)", "value": "064f00366feaed024f7e6c6297734e25480f52f1b56993d140aa488eff3f1158", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955208, "uuid": "86c27af2-671a-4242-8258-a512cc2c4001", "comment": "Malware payload (Heodo)", "value": "8e9fe5f9048970f6b041c0eb8ac1210b5aedf71e", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955208, "uuid": "e6345188-58ed-40b8-8f63-c31ad0197ee5", "comment": "Malware payload (Heodo)", "value": "a162ef009a9bffda01e2e0be4993a2b16a318971374aa753acbc2771d7a09ec1e725448e5078689fcf6d9b3027b816f7", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955208, "uuid": "c438849e-5908-4fc6-a435-246c6263a15c", "value": "T1FAD41950735AE1B7D0429CB58D1A82B5A90F6CA14A2471F3BBDE371DEB789B017213CB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955208, "uuid": "11fddbf0-7abf-491c-a32b-d9cb413c7de2", "value": "463401f61c44b0d918f1e23374db995b", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955208, "uuid": "32b8e726-a785-41a5-bdd8-3a384c9bf1aa", "value": "12288:DjN/Z2wkRrA9CRDCkElAjHDsndSyHOrNvEP0Oua:dEHR+CRoyfsMyHOpJL", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647955208, "uuid": "68ab524c-dc67-43f0-8d0e-82d51305dba0", "value": 613888, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647955208, "uuid": "4288cc75-b5e5-4684-a0c4-e6620fdeab61", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955208, "uuid": "6edf72cd-bc4c-4312-af86-62222c642750", "value": "064f00366feaed024f7e6c6297734e25480f52f1b56993d140aa488eff3f1158", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8aa5403a-a9c3-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1647941785, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647941785, "uuid": "05d07df1-a38e-4140-8346-dcb3d85cb5e1", "comment": "Malware payload", "value": "22d650a31a62a779399d05d13c7f9e26", "object_relation": "md5", "Tag": [ { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "mite", "colour": "#5F7C2B", "exportable": true, "hide_tag": false }, { "name": "ps1", "colour": "#BE684A", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647941785, "uuid": "b7322064-cf58-4617-80f3-41145994e259", "comment": "Malware payload", "value": "0650ef83b3fa0ba158db8f846b2702a03b90ce85d691c2cbcade2b95e8d9271f", "object_relation": "sha256", "Tag": [ { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "mite", "colour": "#5F7C2B", "exportable": true, "hide_tag": false }, { "name": "ps1", "colour": "#BE684A", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647941785, "uuid": "2888f3e1-d502-4b8f-879c-c531a8e15593", "comment": "Malware payload", "value": "c878c2decb971fce2b70a56c22f099cc3b75dccb", "object_relation": "sha1", "Tag": [ { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "mite", "colour": "#5F7C2B", "exportable": true, "hide_tag": false }, { "name": "ps1", "colour": "#BE684A", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647941785, "uuid": "a55b1998-838d-4892-b273-9dcf354e4462", "comment": "Malware payload", "value": "c26ee6839f28c2c5934117420b3feae10478aa4b8a9464f98a60c542484e72eec61aa9caf792ab8393e8de2d33311ffb", "object_relation": "sha3-384", "Tag": [ { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "mite", "colour": "#5F7C2B", "exportable": true, "hide_tag": false }, { "name": "ps1", "colour": "#BE684A", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647941785, "uuid": "7b1fa649-59bd-47a2-9aee-441a9f6dfea2", "value": "T188D09524EE30E4CC435DB050C9852A5C34D14164CF3A1B6CD5191415D81CBCCC71E48C", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647941785, "uuid": "b19419c4-7027-4eaf-a5bf-6cd3016fb035", "value": "6:hKX9tSa2jkzozaqEHiO6snaYpXkGVokOMky6n6VxWpCY:hKNtSjJ2qEHiqnaYuGPOw6UbY", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647941785, "uuid": "fb46d6f8-41ce-44d3-a65c-77c07f63ff37", "value": 251, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647941785, "uuid": "0748f027-0b69-4f06-bfac-b14d06a3ec06", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647941785, "uuid": "713f092e-42f9-4af9-8200-6693cc352e96", "value": "ps1.ps1", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "92781f63-a9ea-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647958548, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958548, "uuid": "18696e6a-8912-468b-99bf-1ed90e0778f1", "comment": "Malware payload (Heodo)", "value": "0d83e20c99ce662c0fc583ff84516ac4", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958548, "uuid": "a51a3c37-0b8f-4418-8534-83e22417ff5f", "comment": "Malware payload (Heodo)", "value": "0662725a5ef96cae8b5923c80915ccfceb5a1b8d8b75783b485e45102b66a4e5", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958548, "uuid": "fe541df0-c640-4ba8-b613-12ae14a6dfe8", "comment": "Malware payload (Heodo)", "value": "7737c56d6b016ec59e20cdefd399701b0c86e65b", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958548, "uuid": "748cb2eb-d27e-4637-8dbd-d8bd0f70733a", "comment": "Malware payload (Heodo)", "value": "264051a7182f6cf7493c9b17af7782dd2931de09ca0b01080aaf458c827ba388f44269410aa55f4b942924ae1e881419", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958548, "uuid": "9b101bed-20d1-468a-ab75-10d1074b1c6c", "value": "T1B6059C596B46C0F2C3B53CF0182A42B11D9AFAF2C7B7023B9E84167D9A70DC17768D5A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958548, "uuid": "0e92af1f-4e08-4446-876f-c75c23fe741e", "value": "cd97bd977cef263c697f451ae2c47380", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958548, "uuid": "66d4f6fd-67cb-46ff-95e6-b6c50198e9a0", "value": "12288:V20BXOMcVzpWfmmnDDlX5P8fMYsvFE6NKGfLjx8QvbxafqNPOd4jy:V9XOMc1KmmDJX6svFEDGloyNPOO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647958548, "uuid": "fd848335-fa1f-45cf-a0a8-a5074935980b", "value": 799232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647958548, "uuid": "9c46f2c5-8441-4f44-a60a-eaf8aa4e7d28", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958548, "uuid": "3bf4b659-1a10-4eb5-aa1f-633e4766db95", "value": "0662725a5ef96cae8b5923c80915ccfceb5a1b8d8b75783b485e45102b66a4e5", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "dd377a70-a9e4-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647956097, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647956097, "uuid": "e09ef677-d54c-44bc-9460-4b0e29dd6d67", "comment": "Malware payload (Heodo)", "value": "1f73e52a29a03c5a22e74acb80d96973", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647956097, "uuid": "4dbede36-407f-41c2-a339-c59f7df24b91", "comment": "Malware payload (Heodo)", "value": "06751326b6f06d9a68d4ed1053a0f088884029cd11fe9807a5588eb25c865288", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647956097, "uuid": "060b6146-5ec2-4a2d-96f0-62fa941f4207", "comment": "Malware payload (Heodo)", "value": "da3ea0033d03c45f1931cbb8d52fd45638fff345", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647956097, "uuid": "5b6a60ca-bba9-42ca-8289-1c770a8e4120", "comment": "Malware payload (Heodo)", "value": "981812125a94325f140aecda3dc7769500d7d540671c72d3faf41f79715aac45b9099f5b15c36379c0d609e8e69a2e93", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647956097, "uuid": "24bf0cdc-b174-4d23-85c2-637db422f6b7", "value": "T109E4BE6176C2C0B6C15F017A5946E31D62E5AD609F3896C3ABD4AFBFBFB50C29D34202", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647956097, "uuid": "89039f40-a9a9-4442-9296-44bc03dbaf7c", "value": "5529db874583b5635436baabaebb4b71", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647956097, "uuid": "4d4afa02-e19e-42fb-9106-05edd672edfb", "value": "12288:Z6ZLutvgrwV8RQc5W1yS0ezL9J6XKSe/vyzfANcN/kJhXx5y:qza8RQc5W1P0Q9sXKSLzflBkn", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647956097, "uuid": "6b3a9a2e-0144-47c3-a2f6-7fda3e9963e5", "value": 679936, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647956097, "uuid": "3ceadce1-7e57-4622-89ca-d8dd03b6c498", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647956097, "uuid": "3a799081-dea6-41dc-8004-42df231444d6", "value": "06751326b6f06d9a68d4ed1053a0f088884029cd11fe9807a5588eb25c865288", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c8a4ba73-a9ed-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647959928, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959928, "uuid": "878b6226-3cad-48c4-9641-a2fd9406fd66", "comment": "Malware payload (Heodo)", "value": "a379f228a6fb733c39d46dacd902545b", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959928, "uuid": "621951ba-46d8-43d1-8e45-3b2bbb4e8a0e", "comment": "Malware payload (Heodo)", "value": "06773b4b870e99e7f7f27602b2ef7e4b0d8a102e34821c776a0a3a8c208e25d5", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959928, "uuid": "d69b56c8-99fe-419d-bf77-be157ce551b3", "comment": "Malware payload (Heodo)", "value": "dd21896736e54d81aa4875c862e32f3d87a00f7d", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959928, "uuid": "b545a315-06f1-4d73-b435-8dcad63ab4d0", "comment": "Malware payload (Heodo)", "value": "2c15d669a3ffa072d47632462467c2ed10c91d9705a660314b05f60807fe8875945cdc75eff74a6eaf43e3a81ca18add", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959928, "uuid": "8488d72c-df43-4729-969e-3f4c570f697a", "value": "T174B4194F1E989172F0CF28776C22FB65F1EBB8009319B8116EA81B4CFB25B715961D4E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959928, "uuid": "0ca6834d-ba4e-44e0-92e8-54779a11db59", "value": "ea66334e3c2bfce2838f2a75dde8dc63", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959928, "uuid": "c1c1ea51-9d33-472c-80d1-a1dcee8c1c18", "value": "6144:8JZToYE666spbEgoZhZO1t/I+rB7FNXtwN2B5mq8dbSNQ7dqNThMx:8v/goZozlF/wN2PmBzdqNTWx", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647959928, "uuid": "bda0f214-d0b0-44ae-ad95-4e2f64d45210", "value": 516096, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647959928, "uuid": "72635a4e-e35f-4aee-a36f-21f910919837", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959928, "uuid": "a6e314a4-7bfa-453e-ae1a-642e1c4b7739", "value": "06773b4b870e99e7f7f27602b2ef7e4b0d8a102e34821c776a0a3a8c208e25d5", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5f861d80-a981-11ec-9275-42010a9c0029", "comment": "Malware payload (AgentTesla)", "timestamp": 1647913366, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647913366, "uuid": "7e0c538f-68be-46e0-8c65-510a02651cbd", "comment": "Malware payload (AgentTesla)", "value": "0ac6c68819b8bcc2f5940aa3be99231d", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "lzh", "colour": "#4A0445", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647913366, "uuid": "da9fe661-684d-4d1d-8b11-d2c06a89ca3a", "comment": "Malware payload (AgentTesla)", "value": "067e48a280acda297ae8386d8b46e120980de0c0bbcfc4bc92fed47ac43820da", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "lzh", "colour": "#4A0445", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647913366, "uuid": "35b86306-3118-45ee-a3df-d57f569644ac", "comment": "Malware payload (AgentTesla)", "value": "44e8d4791e2ab690c72c32ad6559b8a8537dece3", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "lzh", "colour": "#4A0445", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647913366, "uuid": "9419de94-cf23-49f9-92f2-e079178d588a", "comment": "Malware payload (AgentTesla)", "value": "e7fc4c93559f401a093fb1115b115677a04b0b63d56f7acb4e4281ed8e972cde6b0d6ccb6b63c34d622a36a185498fcf", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "lzh", "colour": "#4A0445", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647913366, "uuid": "e7c302e6-6edd-42e5-b002-e5dbfb457a92", "value": "T1362533D340F6E1D4E4733D35B7083273F9990B3688875136DA64B80BD2668DB72EE295", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647913366, "uuid": "db118652-f88d-445a-ac4b-c981ec89bd86", "value": "24576:SFNsrMpvYNN9UxKQaCJyiN76OyE9/diY0I+EX4k:0NgMpgNN4zPd75ysdiYPHX4k", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647913366, "uuid": "0623db81-e3c3-46a9-a4be-6d1abee07a96", "value": 1008375, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647913366, "uuid": "322596d8-87ce-421b-9ea6-371c22324999", "value": "application/x-lzh-compressed", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647913366, "uuid": "386fb84a-bb33-4a46-8b77-772879d755dd", "value": "AWB.lzh", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b6d790d4-a9ed-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647959898, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959898, "uuid": "f9265180-b360-4836-a7ec-ed5f0d31a8b6", "comment": "Malware payload (Heodo)", "value": "65364caac54d971290fa4f8d828a1390", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959898, "uuid": "5a9bf60c-8317-4aee-bdcd-ff8ff8327e44", "comment": "Malware payload (Heodo)", "value": "0689ec6b38f33f9f47de120e16b7fd0c419d21b81d41fb9de09410bdfc4469d1", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959898, "uuid": "bfdc667a-6fbc-4d26-a0e3-eb3022ca3314", "comment": "Malware payload (Heodo)", "value": "3e29a0e72408475a0f9b8fddbc2780baa8da9504", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959898, "uuid": "08cc7219-c4d9-4345-86a6-f34d283f8920", "comment": "Malware payload (Heodo)", "value": "5e57460b1a3f7afa58d9bd780065871782deec17f9df2d070896d3751365c8c4c322e151ebfedd34d8a21faaf334a133", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959898, "uuid": "2b7a036a-c124-4a84-9246-7bc758502f12", "value": "T19EB4194F1E989172F0CF28776C22FB65F1EBB8009319B8116EA81B4CFB25B715961D4E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959898, "uuid": "505fa568-58fa-47f5-adf2-d15fe592b6bf", "value": "ea66334e3c2bfce2838f2a75dde8dc63", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959898, "uuid": "402921a2-5cbf-47c3-99c5-a14f14a3ed21", "value": "6144:8JZToYE666spbEgoZhZO1taI+rB7FNXtwN2B5mq8dbSNQ7dqNThMx:8v/goZoilF/wN2PmBzdqNTWx", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647959898, "uuid": "bccfceed-b5ab-49f8-a379-15986794a711", "value": 516096, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647959898, "uuid": "d8fb1374-e1ff-4c66-b315-a158d81b9678", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959898, "uuid": "662fc856-61d7-41dc-8f4a-dbe49e17468c", "value": "0689ec6b38f33f9f47de120e16b7fd0c419d21b81d41fb9de09410bdfc4469d1", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d42fe07e-a9df-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647953934, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647953934, "uuid": "5a78a0c1-c1aa-4097-a29d-eb3fc9f98db0", "comment": "Malware payload (Heodo)", "value": "284d0aad6bc503759572abd4edaaef7a", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647953934, "uuid": "34910eea-ebeb-4b86-8cf8-fc8bfcf3b4a5", "comment": "Malware payload (Heodo)", "value": "0697826f6c0ca2ad11730de77fe6a57f26a43fca9a98e3c869bafb006ebee82b", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647953934, "uuid": "c7f8391d-1e84-47d1-a235-af6a264d9b87", "comment": "Malware payload (Heodo)", "value": "60eb64f0933da25e281621cc198311d4993082ab", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647953934, "uuid": "252dd0e0-63f7-4b1a-8ddd-5b8180ff8b48", "comment": "Malware payload (Heodo)", "value": "c23a35ee61e445700f3b5db991d2e93e007bbedb9437190157b995b6da9fe342bbe330a181eba27bab3349d541637de8", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647953934, "uuid": "b16d4e54-5a4e-47fd-881a-7ca27e477854", "value": "T17025AE223AC5C07BD2BF16364506AB6E62F5FD304B359AD76BD02BAD6E345C28735302", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647953934, "uuid": "ae8b68ae-3d2e-445e-b49e-ee1c6228c271", "value": "c43d7d6aae03def404d4e73d7d3f62eb", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647953934, "uuid": "ec0bef9d-b3ba-4e30-b8e0-071a6a587532", "value": "12288:3EfTTMN0tPXuuddE6R4eehQv1mR4z+ZunQ2v02gesq3MOeqxyo8:3EfTfvuaR4rhQdmuqz3HcMOeWyB", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647953934, "uuid": "4f2bb231-a516-4871-8a90-2a039382a85e", "value": 1036288, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647953934, "uuid": "a0b203a5-b6ca-4b1b-9431-7dd5e7f11f76", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647953934, "uuid": "282cfdf1-9d0f-47eb-8fec-fe7bd58b1d6d", "value": "0697826f6c0ca2ad11730de77fe6a57f26a43fca9a98e3c869bafb006ebee82b", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "40eb45cb-a9e9-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647957982, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957982, "uuid": "188f5285-5c14-4326-9d6c-0756a1127217", "comment": "Malware payload (Heodo)", "value": "8e7d1f1b77406510a0e9a534e810936e", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957982, "uuid": "954e2e30-592c-4be8-a247-2bde3afb7d08", "comment": "Malware payload (Heodo)", "value": "06e92ba8a31aa1f7f17a85e589c35de3383d0ab847d8418210d2e89b6d3946aa", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957982, "uuid": "84af6d6c-917f-47e2-8c30-3b24ed25a3a8", "comment": "Malware payload (Heodo)", "value": "cfdde2caa9bd22d7fc3d10743d80ccd147f56eec", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957982, "uuid": "485c2255-104b-4e4c-b9f3-ca7271286f31", "comment": "Malware payload (Heodo)", "value": "ff1f7f3c46c9191635117bdbddf36511ef556ed0a6b827f3ef5d9b3c114b99cbf60ddb0144590c5a029b0a0e6edf5e5f", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957982, "uuid": "5e7934f3-f176-4aca-af1f-d6a001ef8937", "value": "T134059C596B46C0F2C3B53CF0182A42B11D9AFAF2C7B7023B9E84167D9A70DC17768D5A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957982, "uuid": "e7839916-a5d3-480d-8444-30fa3c2c46f4", "value": "cd97bd977cef263c697f451ae2c47380", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957982, "uuid": "39d4a536-a519-460a-b91f-650853f64cc2", "value": "12288:V20BXOMcVzpWfmmnDDfX5P8fMYsvFE6NKGfLjx8QvbxafqNPOd4jy:V9XOMc1KmmDjX6svFEDGloyNPOO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647957982, "uuid": "ef30ad1e-bfc5-4758-a23f-e0eaeda999ee", "value": 799232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647957982, "uuid": "d4e720d0-df3a-4f9d-bec5-d154e8a3ce5e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957982, "uuid": "d147d7fb-8ea7-4edf-9754-65e47182474e", "value": "06e92ba8a31aa1f7f17a85e589c35de3383d0ab847d8418210d2e89b6d3946aa", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4382938a-a9e9-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647957986, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957986, "uuid": "251fefc7-5358-451a-8824-dd19a91b3226", "comment": "Malware payload (Heodo)", "value": "7786e2c78ce1b4360be6ca8dbf661817", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957986, "uuid": "e6547f9d-49d2-46d3-a7e2-d253794319ac", "comment": "Malware payload (Heodo)", "value": "06f9999f5598d44668f6703f17cab37a73658260185fcfa5b11e16b1f527cefd", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957986, "uuid": "3608a470-2cad-4bf7-a86b-eecfd476c2e6", "comment": "Malware payload (Heodo)", "value": "57e19d10a39a1e4b0d773f91d9fe5cc94aad7282", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957986, "uuid": "4a2ebaab-6526-4dad-a1d0-8a5dd8c0caa1", "comment": "Malware payload (Heodo)", "value": "4378d72a721d38a12201b88ae1d17b22ae9a07fc4f89a7a5212c3b43e9f2787e5ed1896e18ea65c3daae1008e99e72d0", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957986, "uuid": "d9169b0c-a10c-4fca-a096-a37ab0f27af0", "value": "T150059C596B46C0F2C3B53CF0182A42B11D9AFAF2C7B7023B9E84167D9A70DC17768D5A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957986, "uuid": "cb7d330d-b3cb-49cb-8a91-d9283b3e72db", "value": "cd97bd977cef263c697f451ae2c47380", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957986, "uuid": "dee3d866-c42d-48ee-af6b-9826bcc989af", "value": "12288:V20BXOMcVzpWfmmnDDuX5P8fMYsvFE6NKGfLjx8QvbxafqNPOd4jy:V9XOMc1KmmDqX6svFEDGloyNPOO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647957986, "uuid": "210b3c74-bbb6-4e4d-a097-33e5b2f60233", "value": 799232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647957986, "uuid": "fa07727b-394f-4bee-8994-3cf5ad8187a3", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957986, "uuid": "37d67677-ceca-4538-9ea7-465d7a39d695", "value": "06f9999f5598d44668f6703f17cab37a73658260185fcfa5b11e16b1f527cefd", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "956dcd77-a9ea-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647958553, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958553, "uuid": "243d305d-f755-4fcd-bf5b-7cd52e354fdc", "comment": "Malware payload (Heodo)", "value": "fc2ffb4c9afe06b65961a9a3da529df7", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958553, "uuid": "57080fef-67cb-42e0-8658-616673889fbf", "comment": "Malware payload (Heodo)", "value": "0734157cfb930aaace362fc66f8598e0230d083aee7a1d160fd1114687db413e", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958553, "uuid": "23ab85c3-4f70-4552-ac66-e1622aac2ff7", "comment": "Malware payload (Heodo)", "value": "6523e4de42fa64420c5105f1471fb8de2e91c03e", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958553, "uuid": "6b866118-ddcc-42eb-ad24-c56929f6d97f", "comment": "Malware payload (Heodo)", "value": "c875f2487c326d90cd6a55fee1d5c027ff41341fd693544cfe1987dd0be241e4b640b24dc595b0a4a2e52fbdc0db70a9", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958553, "uuid": "144b1b65-a857-4456-bc7a-1827488f2e9d", "value": "T14A059C596B46C0F2C3B53CF0182A42B11D9AFAF2C7B7023B9E84167D9A70DC17768D5A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958553, "uuid": "2f16be6e-9b11-4ce6-b324-f991edcd2cbb", "value": "cd97bd977cef263c697f451ae2c47380", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958553, "uuid": "820718f8-885f-43a6-9958-a586d808b0c3", "value": "12288:V20BXOMcVzpWfmmnDDxX5P8fMYsvFE6NKGfLjx8QvbxafqNPOd4jy:V9XOMc1KmmD1X6svFEDGloyNPOO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647958553, "uuid": "ed423c7e-438b-4738-9db0-ebc047e257f8", "value": 799232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647958553, "uuid": "97fa754d-3b6f-4324-b6a5-e2ce4cc50eed", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958553, "uuid": "b6b4c594-8d5b-4022-a0f3-ebb139082f75", "value": "0734157cfb930aaace362fc66f8598e0230d083aee7a1d160fd1114687db413e", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "712cd0df-aa0b-11ec-9275-42010a9c0029", "comment": "Malware payload (Loki)", "timestamp": 1647972666, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647972666, "uuid": "df129034-5a16-4446-9a2d-305c9b934825", "comment": "Malware payload (Loki)", "value": "39044a657c14a479d0ba6ff1cebe4952", "object_relation": "md5", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647972666, "uuid": "072c8b0b-083b-442d-be15-19ec245bfa9e", "comment": "Malware payload (Loki)", "value": "0754c937d83d4bfb0fbd81e08cbc7621a5646a020b97b36ae414faa56eeff406", "object_relation": "sha256", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647972666, "uuid": "ac1901f5-8867-484a-a6b7-67d7cd9f6f1c", "comment": "Malware payload (Loki)", "value": "a5108b3849bc87fb3709133db938d611fcaaa12c", "object_relation": "sha1", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647972666, "uuid": "91d6b382-eea7-48f4-93e9-c73a517147f0", "comment": "Malware payload (Loki)", "value": "6a532e70c21fd01c2b3155e55fd629b2ae2c34c068210d345c7233fb7e9fb3d8ac8f00db45b2e1c2e0b92b538dc7c204", "object_relation": "sha3-384", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647972666, "uuid": "8f37d971-ca48-4e73-9ed1-f5b96553aaea", "value": "T1E404023335AAD304F5F39ABED5F2C546BC18DC979900A19D048B726D70309531EEAAFA", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647972666, "uuid": "bab6517e-cce6-4f90-948f-d80d48ae2753", "value": "3072:JfYT86/LOR6BYbzaOFdSxuYmaNqRM+AvqyRQ0r1PcGHcKfrVuMGzI826Wj:t+L26CXaOFY3KSvr1kmbf4Dy6C", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647972666, "uuid": "90a2d503-f08c-4056-a6ba-c9e7052cc480", "value": 186760, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647972666, "uuid": "835e1fb3-ac24-4aba-ae6c-1ae2b23188ed", "value": "application/encrypted", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647972666, "uuid": "1674cfb6-e144-40ad-a3a4-64a34c84e799", "value": "RICHIESTA PREVENTIVO UDB938829.xlsx", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6f50203e-a9e2-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647955053, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955053, "uuid": "d8950880-ebc3-44ae-aefc-362f4ddbf693", "comment": "Malware payload (Heodo)", "value": "2d61a7b421029148cfa16c54cdbebda2", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955053, "uuid": "1c9ebf3c-1881-49fc-9b7e-972eb41b161a", "comment": "Malware payload (Heodo)", "value": "0773d5137338a0d6d79b9e2a7c03d12bb868fcb3d7c9fc341e39a00f068258b2", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955053, "uuid": "e9853694-770e-4ec2-9c25-667071dfa93e", "comment": "Malware payload (Heodo)", "value": "b4cc8c5aba4b379889f8ac6f28f9cf79affaee68", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955053, "uuid": "e9190805-a6d0-4582-b4f1-4b0cb86d48d7", "comment": "Malware payload (Heodo)", "value": "25076eadc9b83ddad250bec78f38b7e74e4c0d23f5ae36dde896508eec40d4accece9e24f01762edcbf978b4471e27a8", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955053, "uuid": "544332b0-000d-4ad5-b593-a5b7edaeeb66", "value": "T13BD47C82F7429EF2C00B03347C32B2586BADEAD5D2158D6B9398A5AE1F35573493DE43", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955053, "uuid": "12f76e9c-7017-4a5e-93ea-d6ac7afd5735", "value": "e0b213ccd96f46d30dcd8e225f4e9fc9", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955053, "uuid": "d44c465d-9a1e-40a0-908a-fffd022ef979", "value": "6144:XjPgWGbb0OEmS9Vzf5WI9nI1LSfcaqMyhKmZHNRuIfv7YtaIIo0cm59CH7PQ:X0bEtf5WyI1LSfcnfxhstaICRLmrQ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647955053, "uuid": "974b62db-0e7f-4f27-8b96-d1373551d60c", "value": 602112, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647955053, "uuid": "7987353a-0f39-4a03-9308-de4524be0cb5", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955053, "uuid": "097d5bf8-1c3b-4bf9-936e-dffb4e204344", "value": "0773d5137338a0d6d79b9e2a7c03d12bb868fcb3d7c9fc341e39a00f068258b2", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3607fcba-aa0e-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1647973855, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647973855, "uuid": "180a9a20-a205-4a51-a92c-3fa3fcfe08ab", "comment": "Malware payload", "value": "53ac79f15fda7638a15235373978b878", "object_relation": "md5", "Tag": [ { "name": "xll", "colour": "#EF2985", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647973855, "uuid": "02f0c97f-3740-4390-8e41-4eb0d4188000", "comment": "Malware payload", "value": "077a5cfbfb7afc07c1495c5317d598649e758db80631ac27dc20b783cdf2173d", "object_relation": "sha256", "Tag": [ { "name": "xll", "colour": "#EF2985", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647973855, "uuid": "4dadedb6-abe5-4f7c-ab48-8e5bdc580e40", "comment": "Malware payload", "value": "e70e9c11505397811cbaf3fec695780ba77dd0b4", "object_relation": "sha1", "Tag": [ { "name": "xll", "colour": "#EF2985", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647973855, "uuid": "33db9dc6-bf3b-45d7-9004-493a5601d258", "comment": "Malware payload", "value": "87a6c69fc881d267b158225a9bfec6e74440a95c8b9467169009caf4c44d8f19b71a3456ef9632d4699605939b76424f", "object_relation": "sha3-384", "Tag": [ { "name": "xll", "colour": "#EF2985", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647973855, "uuid": "1c4304f1-9b3e-426c-ae50-c594a4519ff1", "value": "T18DC49E57F7CBF6F0E6BE827A86B1891D52B774520270A78F664072896D23382453DB0F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647973855, "uuid": "86392611-47f9-495d-9ca7-a34b1deeefe1", "value": "a31761b5a590c4c499d5f4a347d75c12", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647973855, "uuid": "feacb739-1ced-43ab-bf10-92d8fa070513", "value": "12288:Dn/zjvGHAykHJRLW/4+8bzbBSreM3CqZGDx:Lz7GHAzH7jX1hFx", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647973855, "uuid": "d528b13c-dbf2-41d0-83ce-51cdd0e1e826", "value": 557568, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647973855, "uuid": "02abe71f-be58-4327-8dca-569e8804deac", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647973855, "uuid": "0a979885-d84b-454e-972b-40877a05eff7", "value": "Payment List 64.xll", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9b510034-a9ea-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647958563, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958563, "uuid": "5c4fc226-98b7-459e-b181-8158c7b114bb", "comment": "Malware payload (Heodo)", "value": "aebbdc82d257c95f23f17f47730d3004", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958563, "uuid": "1f21267d-01c4-4e67-877c-434caebb940d", "comment": "Malware payload (Heodo)", "value": "07868497e06f4c046473519ec1221f1a21cf282b509f30eb536fa868e037f57d", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958563, "uuid": "630b40ea-7ecd-4ee1-a484-6caa9f627190", "comment": "Malware payload (Heodo)", "value": "bc6bfda8880778ab2b48d35858d2a05f00c6fff2", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958563, "uuid": "689b0956-741d-49a2-b8d0-00a2d0448500", "comment": "Malware payload (Heodo)", "value": "c912fcbd6fd6523af21006ebeee1bb9cfa97438b5be84b7223480353864e2f1c2e68ec0bd87525f178fb4d4bbfd0b175", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958563, "uuid": "f6ca9459-ec41-4ed3-8508-0be4bca00cbc", "value": "T17D059C596B46C0F2C3B53CF0182A42B11D9AFAF2C7B7023B9E84167D9A70DC17768D5A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958563, "uuid": "bf54ec71-d6eb-4b6b-9cba-e83d77444cd4", "value": "cd97bd977cef263c697f451ae2c47380", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958563, "uuid": "39e413f5-905e-4750-a703-dd251baf449e", "value": "12288:V20BXOMcVzpWfmmnDDEX5P8fMYsvFE6NKGfLjx8QvbxafqNPOd4jy:V9XOMc1KmmDQX6svFEDGloyNPOO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647958563, "uuid": "98f94829-29e2-4c93-9792-3df717a728d4", "value": 799232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647958563, "uuid": "ff878f3a-3b4d-46a5-ac39-b659ef011411", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958563, "uuid": "7429bf05-6f08-4520-ba33-b79bc029a1df", "value": "07868497e06f4c046473519ec1221f1a21cf282b509f30eb536fa868e037f57d", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4843b12e-a9fc-11ec-9275-42010a9c0029", "comment": "Malware payload (Formbook)", "timestamp": 1647966155, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647966155, "uuid": "d89f855f-d13a-4d78-b404-13092748519f", "comment": "Malware payload (Formbook)", "value": "683c5a497a5f6ff82167ab1edaaa4c14", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "xloader", "colour": "#EA12D8", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647966155, "uuid": "466bd5f0-009f-4834-8c27-7882f0006b8b", "comment": "Malware payload (Formbook)", "value": "083e99f9a493e14a03ae5c6270873363f0da35583615ef348ea83493a8dc0efa", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "xloader", "colour": "#EA12D8", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647966155, "uuid": "daeacebb-43f2-46bc-9947-da4aeb9bc8f4", "comment": "Malware payload (Formbook)", "value": "15e0355f00f3d6ad6d5b0d5873c4900c2cc6cfce", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "xloader", "colour": "#EA12D8", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647966155, "uuid": "033f9795-6251-4803-943e-ac67a38a9b43", "comment": "Malware payload (Formbook)", "value": "3583ada5f17e41fa02c9772163274cb97e46bd38f5261f58fb9cff1b7290a42de1c5117da502ede0f8a1681406535140", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "xloader", "colour": "#EA12D8", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647966155, "uuid": "0d30c430-99df-4575-a071-e91433362721", "value": "T144E4283A2268672BE63BC37991100004F3F1E8DBB715DE09BED317C90D57A85ABD652E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647966155, "uuid": "34e76584-c9d1-4540-b65c-0d449cb34519", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647966155, "uuid": "31788ca0-4ddd-4263-ae31-2882adac04ac", "value": "12288:eUkHIWbv4wX4x+X/fSYVWBW6E6195hcyOsaWA91dSM2QAyj:e7HIWbv55X/qY/6E6D5hcXsaWAdht", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647966155, "uuid": "92a794b0-ec7e-4726-8d46-e52aba6f2642", "value": 690176, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647966155, "uuid": "e34a1944-b5ce-477f-a1c6-d7ac7f83d298", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647966155, "uuid": "31956b1c-c305-4c9f-98d0-8e40a55df39c", "value": "MJ7XO2uMcCQVy74.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "332fce9d-a9ed-11ec-9275-42010a9c0029", "comment": "Malware payload (NanoCore)", "timestamp": 1647959677, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959677, "uuid": "fe63bc2b-4983-4986-adaf-ec65eb16dd8e", "comment": "Malware payload (NanoCore)", "value": "d0fb8342e11b3c57ca95fcbe4f4cfd8e", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959677, "uuid": "b99bf6dd-4c15-4c47-9f1c-dcffcdf6fcd1", "comment": "Malware payload (NanoCore)", "value": "08a62cc0bd0c9cc0375aa718245fc96b54acc5e4d29185d9850ac8b9ddad2b80", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959677, "uuid": "4abfaf4e-023a-4bb5-916b-8517a02ba76a", "comment": "Malware payload (NanoCore)", "value": "a80cf96b5f74f0ff3213f3d4bb74ab366b01507b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959677, "uuid": "c3b4220f-f922-423b-afb4-b09f2014f614", "comment": "Malware payload (NanoCore)", "value": "3bd3f855c230acbeaf87a7dded2fd3d0bc132e6c59bca37e414fe2c93f32f916120590d823ec921f8e282575ae398cc4", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959677, "uuid": "e4170c9e-66e6-4ed4-9d3d-68cc9672b22d", "value": "T17BC4AD3F15696377CA7BD6768651102AF691D1EF7902AC28EEC31B800D231CA7FC562E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959677, "uuid": "da62abfa-0296-49b4-8e6a-6b9dd2270825", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959677, "uuid": "92d8979f-a4a1-4b1f-b261-f457cf32bd64", "value": "12288:8kyqOxA5mGPMtv65Ly7Ih8assK7eZ273JtmH:8YO6/9+08kZ27", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647959677, "uuid": "af329fab-f1a3-4205-ac7a-a2c315af14e0", "value": 590848, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647959677, "uuid": "45b369f4-17a8-4401-a2fe-0f3d9311224d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959677, "uuid": "a35992dd-d871-4041-ae0e-327781413b55", "value": "08a62cc0bd0c9cc0375aa718245fc96b54acc5e4d29185d9850ac8b9ddad2b80", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "73950afd-a9e9-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647958067, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958067, "uuid": "7f014b4e-37f3-4b6d-9646-25a9da4e9fdf", "comment": "Malware payload (Heodo)", "value": "c7a9c631a3981ad3d57c181f5bcf3aef", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958067, "uuid": "803415f2-9f93-46d3-b976-d4c2f66271cb", "comment": "Malware payload (Heodo)", "value": "08a6a3ef3c88a4c46a19a0707960561cbdee954c846c60f16000ca2e2ee687eb", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958067, "uuid": "28db4b95-3fb7-407d-bd51-8265ffa3f9a2", "comment": "Malware payload (Heodo)", "value": "dd0ed0d68ac575f5f77e5693a8711962b3b0fdb9", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958067, "uuid": "73c3b531-bbcf-4058-8927-8298ae2eb66e", "comment": "Malware payload (Heodo)", "value": "7036f2fcaf4c25e78b7a64418a4cf3186aaeab27a961897fb842a12c467f6a8fb86acc516d8a18c310e593d0bda9886a", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958067, "uuid": "0b340eb2-1656-454a-8a2c-f6d321e003f6", "value": "T117059C596B46C0F2C3B53CF0182A42B11D9AFAF2C7B7023B9E84167D9A70DC17768D5A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958067, "uuid": "8ef8f3b4-3395-43ef-9a48-f6e21d884e77", "value": "cd97bd977cef263c697f451ae2c47380", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958067, "uuid": "5e00e15f-baa7-49c4-b2a4-58ca55b38907", "value": "12288:V20BXOMcVzpWfmmnDD+X5P8fMYsvFE6NKGfLjx8QvbxafqNPOd4jy:V9XOMc1KmmDKX6svFEDGloyNPOO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647958067, "uuid": "52aeebf0-8731-4135-99b6-9b9657481b30", "value": 799232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647958067, "uuid": "d11a2ad6-19d1-4234-80de-e76b7f9f2046", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958067, "uuid": "d62661c1-8a6e-43fd-8338-4d67ade5adc8", "value": "08a6a3ef3c88a4c46a19a0707960561cbdee954c846c60f16000ca2e2ee687eb", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6462822e-a9b0-11ec-9275-42010a9c0029", "comment": "Malware payload (RemcosRAT)", "timestamp": 1647933560, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647933560, "uuid": "d06470cd-22f0-49a6-8cb6-0cc8d9dfaa60", "comment": "Malware payload (RemcosRAT)", "value": "bfe37aad588c8d6ac4fadfc1a9a8990c", "object_relation": "md5", "Tag": [ { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647933560, "uuid": "4ac6649c-5173-4f29-93cf-0a904e84ab6a", "comment": "Malware payload (RemcosRAT)", "value": "08a8fa7054b9caba71ab3d69e204a28be55a1e38488dffd3825e3c482e449fcc", "object_relation": "sha256", "Tag": [ { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647933560, "uuid": "76144509-022f-4c72-b9da-ad2ec2b80f4e", "comment": "Malware payload (RemcosRAT)", "value": "9dc8693ef205a8bc0737159b4b77be1e302b03fe", "object_relation": "sha1", "Tag": [ { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647933560, "uuid": "c4478484-139f-456b-9d30-f2ae2989680b", "comment": "Malware payload (RemcosRAT)", "value": "52127fdde07c3e01e012b2530cd0318837610a97337f3c6994d7f1672b914da18eff3ad2d879af16bdc3ee46428ed044", "object_relation": "sha3-384", "Tag": [ { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647933560, "uuid": "a47a67d8-7723-473f-9ab6-a3906f486236", "value": "T1AC1411517471633AE8808975CCBDE70DA662FC8A86C35CEC9D0FBF456C34D826676329", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647933560, "uuid": "bfb357a3-094e-4cc6-8114-7758a02dae51", "value": "3072:NBvv2OcJ04g2dhp4zEce/e+2bh/5nxEOviJW5i3tZVyj0WnrJi8F+jwV6vG6hn:n2OR2dxe+2RB5aJP3tZVorJi8Fgk16hn", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647933560, "uuid": "62aff430-acca-413a-a32c-a28422c823dd", "value": 190360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647933560, "uuid": "10d8800f-449c-4599-92d3-2f97b35620fa", "value": "application/encrypted", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647933560, "uuid": "0ede0a8e-c4e3-4e67-96af-615679f1158c", "value": "RemittanceXDetailsX03222022.xlsx", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0a7e7da9-a9e4-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647955743, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955743, "uuid": "5ec8ddd5-8215-4a46-8be7-492d5acced81", "comment": "Malware payload (Heodo)", "value": "04c78b1cce4cbf8cacf76114d1985804", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955743, "uuid": "c949da9c-f6e6-4969-a7ee-a24afcc6f4ce", "comment": "Malware payload (Heodo)", "value": "08c79f8e6a7e171d1b0afe5713b010853813b27ae88016a1021dfad74f72035c", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955743, "uuid": "b618c4b6-9102-4ade-9906-4dc19b939d09", "comment": "Malware payload (Heodo)", "value": "8c247516e5437dcd74981893f97337c5fd46caef", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955743, "uuid": "91f1b2e2-0c58-41e1-a829-db98fb6be319", "comment": "Malware payload (Heodo)", "value": "35a939c15d37b10071db0a2cee8149e24d88875855281d8d5b4e4b9fc34a92cee26787c7994920b5015c472d86d8c0d6", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955743, "uuid": "dcf4c2e6-3b87-4bb3-81d3-37ab381dac1b", "value": "T174D41A30BD5BF0F8C48A1BF46A05CA59620B7EA05625B0A372EE774D6F321334D39796", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955743, "uuid": "74de761c-072c-4913-acc6-7ca322838fcd", "value": "b193e4975b360aaa9ff34a6f93823ae8", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955743, "uuid": "b4b3fe01-17e1-41a9-829b-14b939b6f6df", "value": "12288:ZxpNJJJ2NHPoczJcOtIhxf3foRXIa5EPwvA:Zx2gczJcFf3fnaFvA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647955743, "uuid": "8324bb84-3820-425d-8353-872408ee664c", "value": 618496, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647955743, "uuid": "770de2d5-bfbd-4ec0-97b4-7e0cf0e66dab", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955743, "uuid": "911471d9-f05b-4a66-8d78-fcec96153969", "value": "08c79f8e6a7e171d1b0afe5713b010853813b27ae88016a1021dfad74f72035c", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "75f9b659-a9e9-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647958071, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958071, "uuid": "410e5459-544e-436e-9d6c-9d69d394b33a", "comment": "Malware payload (Heodo)", "value": "ac1138e4bb8efed8987871f4de597d81", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958071, "uuid": "f47277b1-a3bd-4f88-93c9-17376b820540", "comment": "Malware payload (Heodo)", "value": "08ceccdc2ea694871fb40ecd864473df5d3a1475955c42a99bd11f239ff5fe58", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958071, "uuid": "f432dfc6-1e27-4a0b-9512-8549c459deae", "comment": "Malware payload (Heodo)", "value": "cfdce38a807d90832934261ccf5431eddc27af13", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958071, "uuid": "924af1fc-175f-43ae-b0f9-5849d401a5a0", "comment": "Malware payload (Heodo)", "value": "91bfa2357b123f21897479df93a92bafcbed71ac9276cbe48e256823a9bf5b99f77885c0ce15969352f51e4384a5e11b", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958071, "uuid": "1058e5b1-0156-40a1-8afb-f533ce36e99f", "value": "T14C059C596B46C0F2C3B53CF0182A42B11D9AFAF2C7B7023B9E84167D9A70DC17768D5A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958071, "uuid": "9b06828b-210f-4ecc-b80b-561ff9374bf7", "value": "cd97bd977cef263c697f451ae2c47380", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958071, "uuid": "e214ffae-966e-4865-8c92-d5cae72e0a44", "value": "12288:V20BXOMcVzpWfmmnDDWX5P8fMYsvFE6NKGfLjx8QvbxafqNPOd4jy:V9XOMc1KmmDaX6svFEDGloyNPOO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647958071, "uuid": "985939f3-409a-4d9f-a303-c334d8a4c3fd", "value": 799232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647958071, "uuid": "b16d4019-9e08-4142-bafc-747076641d0b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958071, "uuid": "593e55e6-4582-4b97-a256-707ce46f51db", "value": "08ceccdc2ea694871fb40ecd864473df5d3a1475955c42a99bd11f239ff5fe58", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "adbb2a7b-aa15-11ec-9275-42010a9c0029", "comment": "Malware payload (RedLineStealer)", "timestamp": 1647977062, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647977062, "uuid": "401b974b-5abd-44e6-a380-f2c9508f6bac", "comment": "Malware payload (RedLineStealer)", "value": "74dd17d578e6a3a18468973b415443fc", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647977062, "uuid": "2702db65-dabc-47e0-8832-7a3412450f26", "comment": "Malware payload (RedLineStealer)", "value": "093336f3bb05fea264b652402fc98fd5146b57def3133df4307f7a4472d67df2", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647977062, "uuid": "dc56e0d0-20a1-461d-add9-38f3004bcee3", "comment": "Malware payload (RedLineStealer)", "value": "218017e368dc16a0630945182b2c908e9f5b5496", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647977062, "uuid": "f4d81be4-f02d-430b-81fe-911c7b34b533", "comment": "Malware payload (RedLineStealer)", "value": "41d8fe9d850103bd128bf89a6674d1ae78a13d77521539f0433184ea9351fd92dfc22b7175d97f62699674ce4d92fe05", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647977062, "uuid": "5f2c9de6-c04a-4e35-9f2b-4b1531758898", "value": "T13A94E0017B91C432D1621E358916C7B1853FBDB49B22A6D7EF94BB6E1F313E29632342", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647977062, "uuid": "6faf0686-4a6b-4ab2-a9c1-acc511bf6356", "value": "f2d8535b6642d3499f1cbaf5d6399788", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647977062, "uuid": "20258183-1028-45c2-a7ab-76e6198a0160", "value": "6144:JB0aLZB0MHv6LsLpGhN0Av7rfS/y/q4ipqRjw7MLjmIigabl15ZZ:D0qqMHiLsL60efZ/fjvLKzL", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647977062, "uuid": "c7068158-d6d6-44f9-a0f0-7c1756b65395", "value": 420864, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647977062, "uuid": "95d65581-786c-4d99-8385-4ac69e25b079", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647977062, "uuid": "66496ac0-8c61-432e-93c1-e3a2206ca852", "value": "82776948.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a5f16b6c-a9ea-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647958581, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958581, "uuid": "df2d705b-5e63-47e8-ae2d-0cb315ad66d5", "comment": "Malware payload (Heodo)", "value": "b4cef496fbbe3081052ca2e929d17db1", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958581, "uuid": "a37791a7-069c-4ed6-8d0d-4c99d2980b41", "comment": "Malware payload (Heodo)", "value": "09391196b1c5fab87c0c759b210def8653ebb76601545647ce87f7c70d6b381c", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958581, "uuid": "864fd0af-9305-4317-94ab-34ab616f123e", "comment": "Malware payload (Heodo)", "value": "cca421017b38d68e79e0ff63d476ebb352fc01c0", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958581, "uuid": "f32cdd31-abdd-4f35-b60e-2a81af650717", "comment": "Malware payload (Heodo)", "value": "d2e99552ec153f481f4f0c0bbb57042b10006bda52e1cef9bab4926c475e8a1cdfe96834756775241c00f695fd0ca2a5", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958581, "uuid": "409d1281-547f-483f-81c1-a6421e4d622a", "value": "T155059C596B46C0F2C3B53CF0182A42B11D9AFAF2C7B7023B9E84167D9A70DC17768D5A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958581, "uuid": "9327ae7f-b0c1-4307-800c-22d1f3d333b8", "value": "cd97bd977cef263c697f451ae2c47380", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958581, "uuid": "ff9c163c-61da-4838-9b40-fd97d0f96277", "value": "12288:V20BXOMcVzpWfmmnDDYX5P8fMYsvFE6NKGfLjx8QvbxafqNPOd4jy:V9XOMc1KmmDEX6svFEDGloyNPOO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647958581, "uuid": "df4ba6dc-e6a6-4d1c-8edc-e5ff7dc0f5be", "value": 799232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647958581, "uuid": "f540f193-8b49-40bb-9e0a-5f8538161e75", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958581, "uuid": "e20ee6e6-6f1c-4d70-878a-f5e93f0b73e9", "value": "09391196b1c5fab87c0c759b210def8653ebb76601545647ce87f7c70d6b381c", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "03737a08-a9e8-11ec-9275-42010a9c0029", "comment": "Malware payload (CyberGate)", "timestamp": 1647957449, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957449, "uuid": "c207eaaa-a4e6-40d0-b32d-a97005d0a851", "comment": "Malware payload (CyberGate)", "value": "ebd056167bff65abe6941fcc0a88e03f", "object_relation": "md5", "Tag": [ { "name": "CyberGate", "colour": "#7058BE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957449, "uuid": "06c59456-d20d-43aa-95eb-dd43b38bc21b", "comment": "Malware payload (CyberGate)", "value": "09634fa83a4d22d87988b44205c1b69c1b49d88a2f31a272eba025bfef2712fb", "object_relation": "sha256", "Tag": [ { "name": "CyberGate", "colour": "#7058BE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957449, "uuid": "ef9a2ee1-8c68-4a07-a770-0498aab4e3e9", "comment": "Malware payload (CyberGate)", "value": "6bffa58f50e00855f59ee31b06cd60afbeb6cdc6", "object_relation": "sha1", "Tag": [ { "name": "CyberGate", "colour": "#7058BE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957449, "uuid": "7a7d2a0d-8124-4a38-964a-b9d333bda41e", "comment": "Malware payload (CyberGate)", "value": "e8285727d8b7766794d851810f760c4b37c433175e76650e5966f182c07368cdd873b4388b730d3c82301a3ad3b8f168", "object_relation": "sha3-384", "Tag": [ { "name": "CyberGate", "colour": "#7058BE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957449, "uuid": "d9d90c93-c1fa-4d56-93a5-18b5b3c4eff1", "value": "T1C275F122F5C69076C2E327B04DBEF77A9A3D6D2A1326D19B27C43D314E705813A29763", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957449, "uuid": "ffe55b8b-d35a-4c43-9b31-e1e6835eb524", "value": "369fe35b86c83b3130c02698158a4d4d", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957449, "uuid": "e48da937-79ad-4631-8df1-38d58ecbd527", "value": "24576:1RmJkcoQricOIQxiZY1WNNN0t0zPbFdzCoJqAwWNfYai2/kNHrcsyMp+R/FZVbr:aJZoQrbTFZY1WNNetYjfNAtIUhfp+9Fr", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647957449, "uuid": "fd250603-3199-4a6a-b3fd-92cf641e64f2", "value": 1569191, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647957449, "uuid": "5261254d-0321-486e-9818-dfa896662c4e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957449, "uuid": "3b622e8d-ac55-446f-811e-8ef6909d52d0", "value": "09634fa83a4d22d87988b44205c1b69c1b49d88a2f31a272eba025bfef2712fb", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fedf583a-aa0d-11ec-9275-42010a9c0029", "comment": "Malware payload (RemcosRAT)", "timestamp": 1647973762, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647973762, "uuid": "014e2c38-7a94-459c-b769-e4df3a6f7052", "comment": "Malware payload (RemcosRAT)", "value": "e54c9ad3c0d6e05a0962dca05237aa28", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647973762, "uuid": "5ac1f4ef-a55e-49cf-bc8d-143a638a9f1b", "comment": "Malware payload (RemcosRAT)", "value": "09dfcc7acd8cad3f280a57b3785cd653ebc3fde81e7029f712c5a9d14ef703b6", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647973762, "uuid": "956a31e2-d54c-4073-9d1f-d294da302b49", "comment": "Malware payload (RemcosRAT)", "value": "bab10c5f7ff643a8f4027e9e3f7f9c9e85127a4a", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647973762, "uuid": "5172bea4-d896-4cea-ad56-3daaefd697a7", "comment": "Malware payload (RemcosRAT)", "value": "5400cf8f1f20d7403481c2f38bdbda0d2f307269e29addc4a6c249fa08142dbaca17c7e750f0b814493dc347cda5d60e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647973762, "uuid": "303c3f4c-df90-4382-8d3c-4ceec91fc69d", "value": "T190553341722C9A63D21A4B76BE31830242F8E0653D13F75B38CB614A56DC7D79BA3B87", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647973762, "uuid": "9b1310d7-aa2c-4ade-ade8-7535f8411234", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647973762, "uuid": "8123a7c8-960f-4bbe-ace2-28ec9cbe6022", "value": "24576:qoh51/yx6R/wzaiSSchC8qDjjPn45Alzc7bG4BU8nonTwidxmJ:qohrKMRIzyScg8ejPn4Uz6u8idxmJ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647973762, "uuid": "b91a44df-eb46-4b1b-aa3e-2d0d5816c9ad", "value": 1325568, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647973762, "uuid": "5b3d394c-a099-4797-84d7-470131605973", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647973762, "uuid": "4ba81812-7b86-4144-b31f-17d56f4ff8a9", "value": "F\u0130YAT TEKL\u0130F \u0130STE\u011e\u0130 HK NETES \u00dcR\u00dcN% S-Sipari\u015f .TURK75BS\u0130l_xlsx.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8d1f4f69-a9e9-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647958110, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958110, "uuid": "e0b0bf11-2284-4296-be75-83b19cbc05b0", "comment": "Malware payload (Heodo)", "value": "6b1b4266a204a180dabb40a94f6e0bd9", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958110, "uuid": "ce82288e-5762-49af-b43b-eafcd9f77eb6", "comment": "Malware payload (Heodo)", "value": "09f00e264e40f3e9cc101c93c9b10e8d94424de83d6714722741071e9b357fca", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958110, "uuid": "83f93c2b-2942-4ac1-afe4-d304d5342ffa", "comment": "Malware payload (Heodo)", "value": "e23b7db9ba02b7f0e1116549affce877f115b6cc", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958110, "uuid": "a0aa55f8-d311-4a9b-9fe2-1b8638562a8b", "comment": "Malware payload (Heodo)", "value": "57ad6cc4356e46683647541f48662e500ef9923bf75407e13683ef4ba12afcdff9f7d73f07f493ec47f2d9c2d1e90168", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958110, "uuid": "1cc41460-2313-43f5-acf3-8b4ce0ee4655", "value": "T110059C596B46C0F2C3B53CF0182A42B11D9AFAF2C7B7023B9E84167D9A70DC17768D5A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958110, "uuid": "c73fd5b9-db11-4eab-b3d6-8497f95e685c", "value": "cd97bd977cef263c697f451ae2c47380", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958110, "uuid": "8111c08e-9f13-4658-9de4-3f81adaf933f", "value": "12288:V20BXOMcVzpWfmmnDDKX5P8fMYsvFE6NKGfLjx8QvbxafqNPOd4jy:V9XOMc1KmmDWX6svFEDGloyNPOO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647958110, "uuid": "19730c68-50e6-482a-98e0-9c7142f15ebf", "value": 799232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647958110, "uuid": "c4a6f066-65c5-4033-9b5e-7057100a7fea", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958110, "uuid": "f1edd23a-7ef6-4c4d-a76c-c9861a91d2e4", "value": "09f00e264e40f3e9cc101c93c9b10e8d94424de83d6714722741071e9b357fca", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "16f6db4f-a9e0-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647954046, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954046, "uuid": "7281e63d-fe34-464c-9dfe-0b54c07e6ab1", "comment": "Malware payload (Heodo)", "value": "09ec2ba4fad9bb4bd6ee2d5ee469718a", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954046, "uuid": "99f260a2-9a9a-40dc-bc19-5dbaa84fb97a", "comment": "Malware payload (Heodo)", "value": "0a0b820e9e0fd9a502f96c2cc21819292dd30eb13407d9d598cbba0f6762e1b7", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954046, "uuid": "8ac1e3c5-b723-4c05-89ba-1ed198b4f1f9", "comment": "Malware payload (Heodo)", "value": "1c80a825338e243041bf016d8cdd18de722f0837", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954046, "uuid": "dca06946-ec6c-434e-8bdd-0206a7273688", "comment": "Malware payload (Heodo)", "value": "7591ceb5db7b8c9b7a1f8b1eed70db4c1179400e332742c0e46f548b74efbb87b4735692d84c47b3545cf7ef5533905d", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954046, "uuid": "0a32ae37-8bfe-4a64-a52e-daf0b9b559fd", "value": "T11825AE223AD5C07BE2AF16760506E76E62F5FD304B2586C36FD11BAE6E345C29739302", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954046, "uuid": "65673512-a206-4da4-a3db-c9655711da3a", "value": "c43d7d6aae03def404d4e73d7d3f62eb", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954046, "uuid": "c1dfd39a-792e-4ee5-af5f-3a32301de986", "value": "12288:+LDlVD0Fj+g1dEJgcIzQHBKeWZlQa5tFjNRLU:Ci6fgcIcHB8ZRbLU", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647954046, "uuid": "b8d2f2d2-a3ee-4d8d-9b76-29b157e0b835", "value": 1028096, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647954046, "uuid": "0848ef86-56f8-48e9-9600-07710ef739fc", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954046, "uuid": "9f87b59b-6439-481e-9546-0a429caf5b8e", "value": "0a0b820e9e0fd9a502f96c2cc21819292dd30eb13407d9d598cbba0f6762e1b7", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cb297ffe-a9da-11ec-9275-42010a9c0029", "comment": "Malware payload (Quakbot)", "timestamp": 1647951771, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647951771, "uuid": "c79311a0-7fb1-4de3-a58d-0f3a7d741931", "comment": "Malware payload (Quakbot)", "value": "dd7828e62a338382e9f76ae4afe4b755", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "obama168", "colour": "#ED4CA5", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647951771, "uuid": "54170768-c82e-46fc-b622-b6c386c1f33a", "comment": "Malware payload (Quakbot)", "value": "0a38dfc9dc429b49449a95b7358b3c35f1245728df55adc72c57baa79b708bb3", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "obama168", "colour": "#ED4CA5", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647951771, "uuid": "da20530b-f59b-4382-810c-7cfe38d892e9", "comment": "Malware payload (Quakbot)", "value": "08433ea3bca201ba265b1439af18d14e4c46ffe5", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "obama168", "colour": "#ED4CA5", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647951771, "uuid": "42371782-0ebf-4d26-a802-74e1d8f15a77", "comment": "Malware payload (Quakbot)", "value": "b114856a81dfec04bda88439106f4ffa979e8a26df7c6bca488b995c14a22474477d5d5f256abb32732bcc5baa530cc1", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "obama168", "colour": "#ED4CA5", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647951771, "uuid": "7e6c00b4-ce99-4c0a-bbd0-4373aa0641f1", "value": "T1E7B4C0B53604BDE6E57F463BD9A59CDD137626228AC7D8CD90A077C30A733A1EE12C06", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647951771, "uuid": "55d9e550-009e-4f8c-8379-6d5e13179e60", "value": "9e45408bef939ba7b084556548e54b63", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647951771, "uuid": "b2bbeecc-00fd-4a6d-a762-a4e9181371ce", "value": "12288:l7kLQI89Rji0iEm2aY6XXQtVOlrFaMUm3HNNkpIdYdi:l7QxkjFOXKO5FaMzHNSpIt", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647951771, "uuid": "b0958887-5f1b-46b0-ac40-1d27cd53cb91", "value": 523264, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647951771, "uuid": "a9b13d95-c036-4af9-a1b1-5c9e0badcf7b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647951771, "uuid": "09954b32-55fc-4c28-9cff-5e622999061a", "value": "8746784935757.dat", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "79be6f78-a9e2-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647955071, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955071, "uuid": "443ca386-e937-4156-a731-3b0cd4107903", "comment": "Malware payload (Heodo)", "value": "145544baea4eb58c1b137fce0522cb79", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955071, "uuid": "0d526139-a440-46f9-aa4f-84676a4b09e0", "comment": "Malware payload (Heodo)", "value": "0a4b4775d6145a1bb83dbe8b6f6e880ebca5d64fef268487e604dd2ad3513d97", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955071, "uuid": "74832cb8-be2f-443a-9a72-56165c711390", "comment": "Malware payload (Heodo)", "value": "ff901a24a528d322c29bb29e6eb223230da07cc7", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955071, "uuid": "80a7eb0e-d927-4da8-85e2-2e8bd56cd6f0", "comment": "Malware payload (Heodo)", "value": "94fd256bcad5b1c84eba3b3776634685179a8b31c90d553ee890ec7947fe328ca360469667c144835402aed960019093", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955071, "uuid": "173f81e7-53fb-4a87-b4e3-0441e1cc182e", "value": "T1D2D41950735AE1B7D0429CB58D1A82B5A90F6CA14A2471F3BBDE371DEB789B017213CB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955071, "uuid": "209e35d3-388a-4abc-8ccb-694f2185a814", "value": "463401f61c44b0d918f1e23374db995b", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955071, "uuid": "4d505f5c-6ef2-48c2-94a1-cb70a0de1e0b", "value": "12288:DjN/Z2wkRrA9CRDCrElAjHDsndSyHOrNvEP0Oua:dEHR+CRpyfsMyHOpJL", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647955071, "uuid": "85300562-2e7d-4887-ab33-2724a80aad71", "value": 613888, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647955071, "uuid": "0dc0b9f7-8f83-4a68-b73a-3bac99663e36", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955071, "uuid": "8f944169-7a48-49bf-8f3c-5affa8b8b715", "value": "0a4b4775d6145a1bb83dbe8b6f6e880ebca5d64fef268487e604dd2ad3513d97", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b30b4995-a9e8-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647957744, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957744, "uuid": "428af6b0-1acf-468d-92cc-c6e5c51147e6", "comment": "Malware payload (Heodo)", "value": "2ac5c3278c30d640f480c0fe14c298b4", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957744, "uuid": "fe17fe72-4edb-4ebe-aa18-14cbb23faca6", "comment": "Malware payload (Heodo)", "value": "0ad4fa1b6224f1b107b4f5894c8c774b4c56f357f546d92e3e3ae4e38426f15d", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957744, "uuid": "0f5203de-8282-49ef-874d-a4bc76220480", "comment": "Malware payload (Heodo)", "value": "ed74298effeeb9fb456458dd19af3479f0388631", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957744, "uuid": "9501f6e1-f9fe-4ebc-b400-48238d68e041", "comment": "Malware payload (Heodo)", "value": "386cbda71ed351b9160bbed9c38fbad3fd571629fdb467e7dc832a1f68639ce91d2569d533d8728cae1e41cb632e0243", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957744, "uuid": "e941e132-3787-448b-b5e2-cec67eb13b50", "value": "T1B3059C596B46C0F2C3B53CF0182A42B11D9AFAF2C7B7023B9E84167D9A70DC17768D5A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957744, "uuid": "6402f858-16c7-40dd-b02c-00ae63bd1a3c", "value": "cd97bd977cef263c697f451ae2c47380", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957744, "uuid": "bec512ca-b449-4719-adcd-6d0bc687527d", "value": "12288:V20BXOMcVzpWfmmnDDuX5P8fMYsvFE6NKGfLjx8QvbxafqNPOd4jy:V9XOMc1KmmD6X6svFEDGloyNPOO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647957744, "uuid": "39455036-3dcc-49ba-aa80-6736445f1224", "value": 799232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647957744, "uuid": "02a15f8f-e0d0-4e88-bf57-6f1c858d5425", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957744, "uuid": "63280ad8-1a16-40a6-94e4-c8f05d980841", "value": "0ad4fa1b6224f1b107b4f5894c8c774b4c56f357f546d92e3e3ae4e38426f15d", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b61268cf-a9e8-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647957749, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957749, "uuid": "3a9af83b-6c2a-4afe-b036-6c99127b7eee", "comment": "Malware payload (Heodo)", "value": "a192fb61c37735ce3bb0f8d08f3e2a67", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957749, "uuid": "7286ee59-a702-40fc-a012-438eda2e15c9", "comment": "Malware payload (Heodo)", "value": "0af01614224930df3333a18f14c130db96d4b0579d87080972c1f1aa30167b65", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957749, "uuid": "e137095e-7cb6-400b-a836-b0fca106181b", "comment": "Malware payload (Heodo)", "value": "70d533e11433b97d4167ef7dcac92706aa1986e4", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957749, "uuid": "154d7077-8c28-4f8d-b555-9f529025b8e1", "comment": "Malware payload (Heodo)", "value": "60d30068ece7dd89d9313fc81c4618339ac5a7f646200d3e83dc03379fe004ef2f76022c5833d49b343d3f489124957b", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957749, "uuid": "69a6b5e5-98aa-4aff-9b02-ea8c6f31e5ec", "value": "T149059C596B46C0F2C3B53CF0182A42B11D9AFAF2C7B7023B9E84167D9A70DC17768D5A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957749, "uuid": "b73f6598-87a0-4a8f-bab0-b4277e68fc88", "value": "cd97bd977cef263c697f451ae2c47380", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957749, "uuid": "3127e3f4-ccea-4efa-a1cd-26b302a0b9b9", "value": "12288:V20BXOMcVzpWfmmnDDuX5P8fMYsvFE6NKGfLjx8QvbxafqNPOd4jy:V9XOMc1KmmDqX6svFEDGloyNPOO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647957749, "uuid": "86dd1300-5e36-4307-b78a-fd370dea9e8d", "value": 799232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647957749, "uuid": "3802f99a-183b-4ca9-b239-f1de6c114959", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957749, "uuid": "5fc54ef1-c181-49f0-9c13-40b8812963e0", "value": "0af01614224930df3333a18f14c130db96d4b0579d87080972c1f1aa30167b65", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7fd5b10b-a9d2-11ec-9275-42010a9c0029", "comment": "Malware payload (Formbook)", "timestamp": 1647948209, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647948209, "uuid": "ad03095a-ce4c-4fe5-9f3f-f9d1bc5f8bed", "comment": "Malware payload (Formbook)", "value": "5a68e453e58a0daa4f1b1fd3fba5d5c6", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "xloader", "colour": "#EA12D8", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647948209, "uuid": "05db838f-a187-417a-b11d-72c480670e91", "comment": "Malware payload (Formbook)", "value": "0af925590a772ab6dbb1d537c18bcfc56887afc012c96f867f79ae78956d9980", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "xloader", "colour": "#EA12D8", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647948209, "uuid": "2330ff05-ad7b-4d96-9cef-9c42807ae4d6", "comment": "Malware payload (Formbook)", "value": "5225e85530b4bb2bdde3d310300b381f099202ec", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "xloader", "colour": "#EA12D8", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647948209, "uuid": "6db001d5-52f6-45d7-a993-e4d451804d5b", "comment": "Malware payload (Formbook)", "value": "10fa2e01b887ddc5e1b65b59fe7408504a89e3f3a041b0a04a3bdc70cb3f189f5bf8f5d4ecb7667e3efc9209e4fb26f4", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "xloader", "colour": "#EA12D8", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647948209, "uuid": "59915631-fd43-4155-8418-0cd3c6ab8da6", "value": "T1D704FA362D779004FFFDC239BDD0778002257ABEADD90F86E448B6CA36A72D55270662", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647948209, "uuid": "4bb23778-8d6f-4607-80f2-43a200fd1f96", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647948209, "uuid": "7dff3dc0-e25c-40e1-b4e5-8a2392b5ddb0", "value": "768:XuRW7gUs3MbOK5r6+9vYrAaje566666666V66666666R66666666WDDYPjl9B5pm:XOGSMbp64vHOnfns9S", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647948209, "uuid": "e34d69cd-2c6f-4ac5-9469-e1b0abd6b4ed", "value": 179712, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647948209, "uuid": "bc27d689-4fca-4233-a74c-10b1d34a6073", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647948209, "uuid": "873d3fad-524f-42e4-8e8e-85f120c3c1b8", "value": "5908213.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ba879203-a9e8-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647957756, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957756, "uuid": "d3080157-249a-4ea3-b2d0-f58079cbc7c3", "comment": "Malware payload (Heodo)", "value": "11bb80d8c3337ef23bdd026bb6ffc652", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957756, "uuid": "297af5de-890e-451d-ab7f-2835ccf91891", "comment": "Malware payload (Heodo)", "value": "0b00fc9d5c2ad68e22c933cd682e7c5b8818216c64440639e11f3513c01a673f", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957756, "uuid": "a693f439-44f4-4dc0-9238-0863f16f97fe", "comment": "Malware payload (Heodo)", "value": "2b6941d6f1b5c6d54e40122630be91cd0aaeedff", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957756, "uuid": "61658dee-1c4e-478c-99c9-a713e342a168", "comment": "Malware payload (Heodo)", "value": "8a2a71a62aaf8b1d0cd539342a41f86c8699731d49e4f4870a4b266129da66cdad27cc9731c47b6c295130841f583ca1", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957756, "uuid": "755e266a-a581-4a89-9884-b95b3fdafe8d", "value": "T16B059C596B46C0F2C3B53CF0182A42B11D9AFAF2C7B7023B9E84167D9A70DC17768D5A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957756, "uuid": "c874ad58-d0b5-4b80-9d20-16cdaa5d3ea0", "value": "cd97bd977cef263c697f451ae2c47380", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957756, "uuid": "3c36ab3e-a838-40ac-94ed-ca5526b4065b", "value": "12288:V20BXOMcVzpWfmmnDD5X5P8fMYsvFE6NKGfLjx8QvbxafqNPOd4jy:V9XOMc1KmmD1X6svFEDGloyNPOO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647957756, "uuid": "10f24853-18fa-4b62-b182-e520c90cd7bd", "value": 799232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647957756, "uuid": "2f19bb0c-0440-4866-a3c5-31c02d3729c6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957756, "uuid": "9faadaa4-69c5-4f37-9f56-7da663c42845", "value": "0b00fc9d5c2ad68e22c933cd682e7c5b8818216c64440639e11f3513c01a673f", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bdf38e9a-a9e8-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647957762, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957762, "uuid": "f85d9bb4-eaa2-4df3-854c-d9546cf87a83", "comment": "Malware payload (Heodo)", "value": "974e9d14c99357c3c304474dafbff956", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957762, "uuid": "80060bf3-ea93-4653-a283-80bb7e65a48b", "comment": "Malware payload (Heodo)", "value": "0b0acfd509fcf124feb764d3f2ce193f5ac981d1a1d86f5d6caa735ac7797883", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957762, "uuid": "246779ef-aa36-43ae-8f95-291edda6d1e6", "comment": "Malware payload (Heodo)", "value": "adc96702bd913d86d33165ca539dbe51331dce26", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957762, "uuid": "6a4f9042-5ab6-45e8-a10e-8a9f6aa7184c", "comment": "Malware payload (Heodo)", "value": "7bf3c69e5a48caaf02c58803d34b99d374e3f7035708b7892ce1091e1ae9a75276a0824d489ba51bd8cfe672e013ff9f", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957762, "uuid": "6c062eea-5a93-4321-b878-dacb4ff4298a", "value": "T1BB059C596B46C0F2C3B53CF0182A42B11D9AFAF2C7B7023B9E84167D9A70DC17768D5A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957762, "uuid": "c8dee74c-dce0-4b8f-ab58-2d969e12c851", "value": "cd97bd977cef263c697f451ae2c47380", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957762, "uuid": "a1ec5dae-6239-4230-8551-74bfa311d4f3", "value": "12288:V20BXOMcVzpWfmmnDDVX5P8fMYsvFE6NKGfLjx8QvbxafqNPOd4jy:V9XOMc1KmmDpX6svFEDGloyNPOO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647957762, "uuid": "c138b564-385b-4ade-a1b4-6971ecaad228", "value": 799232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647957762, "uuid": "a7117271-a365-4524-8e86-acfbf95ad8a4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957762, "uuid": "b1f38256-d8e2-4be9-b996-9e102c32f1bb", "value": "0b0acfd509fcf124feb764d3f2ce193f5ac981d1a1d86f5d6caa735ac7797883", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7c975396-a9e2-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647955075, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955075, "uuid": "0b52220f-8fc2-482c-b50e-ecb9046ce2ea", "comment": "Malware payload (Heodo)", "value": "dfab465aa93d6dd48b79cbfd71a4179f", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955075, "uuid": "7757fadf-4a63-45e3-843b-086e19e31b78", "comment": "Malware payload (Heodo)", "value": "0b23bf7f29c77916b3275cdaf9c1ded302f65c2107992f27405b9a5ad0fc97e0", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955075, "uuid": "4c549387-5c08-463e-ab93-f12b0b6134df", "comment": "Malware payload (Heodo)", "value": "e1b75ea5524fc73c96287de5d8872d7e4c25ac12", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955075, "uuid": "4f858af9-0669-4485-8e6e-1856b2610fcb", "comment": "Malware payload (Heodo)", "value": "9fb212771f85a7095c741cba54acbc5aad238f1245e09c5cfa70286e8618b68a468b8dbee85bc725fd7dffc47df097e1", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955075, "uuid": "65438846-a11a-4d22-88c0-d3dc37ba2ca1", "value": "T184D41950735AE1B7D0429CB58D1A82B5A90F6CA14A2471F3BBDE371DEB789B017213CB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955075, "uuid": "9da50917-494c-42af-aa1b-06fdfac309ee", "value": "463401f61c44b0d918f1e23374db995b", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955075, "uuid": "af041cc0-aae5-488f-b8a7-a56d14e9c05b", "value": "12288:DjN/Z2wkRrA9CRDCdElAjHDsndSyHOrNvEP0Oua:dEHR+CRLyfsMyHOpJL", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647955075, "uuid": "6f02710d-7a98-4bd4-ba15-69819703b557", "value": 613888, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647955075, "uuid": "b29f0e3d-6b0e-470f-8090-195af1d2e293", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955075, "uuid": "e04be4d5-00e3-413a-8c74-2989343f4f34", "value": "0b23bf7f29c77916b3275cdaf9c1ded302f65c2107992f27405b9a5ad0fc97e0", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "eaa18233-aa0e-11ec-9275-42010a9c0029", "comment": "Malware payload (AgentTesla)", "timestamp": 1647974158, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647974158, "uuid": "94f9bc2f-0fcc-4991-a035-c34fc604e15a", "comment": "Malware payload (AgentTesla)", "value": "c2bc76f40faf72d39cd4816eeb84707c", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647974158, "uuid": "5fde23d9-d2ca-4431-9abd-da05eed06ceb", "comment": "Malware payload (AgentTesla)", "value": "0b89662d105df7e2979b704df0c605ff0dcfe4588a4851ab6596c75376774202", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647974158, "uuid": "0db61f26-08e8-439e-92c3-605370814d31", "comment": "Malware payload (AgentTesla)", "value": "e3f0a41ddcf93a893f708f822594d8395ac48c36", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647974158, "uuid": "56c0eb47-d3c1-4f92-824c-2b29cdd6e6ab", "comment": "Malware payload (AgentTesla)", "value": "59da1062b3e0c9d2a58586c6dd6ce11d609bfc4933b0dec1808945d5fe40b6b0e48eccaa4136dfcb62a1385d96a829c7", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647974158, "uuid": "2fb44f36-edb2-4547-bb95-4f9d6eb55d8f", "value": "T178112121BD8FE6C5473A73F20042A808D2240783C0D466447A28ED26DEB667886DC55C", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647974158, "uuid": "ccccd3a1-c751-4b59-ab7b-fb1aade3dd53", "value": "24:3yfDQI1nnO6FrN+jjipOFd/MguZcZg0rdNxLRkfB7lpvpiA:3EDQ61N+HKg/M7cZBNJSxXvpiA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647974158, "uuid": "6c3a4309-b768-4a6c-ad8b-230f055fab68", "value": 978, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647974158, "uuid": "40c7f884-419a-4845-b9cc-62a631b1c923", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647974158, "uuid": "9fdc5b35-7a66-4277-aef1-a92285306fb3", "value": "SMLOUVA-pdf.vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2eae768c-aa0f-11ec-9275-42010a9c0029", "comment": "Malware payload (Formbook)", "timestamp": 1647974272, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647974272, "uuid": "81b6be17-e91c-4b83-abc0-527d41010b49", "comment": "Malware payload (Formbook)", "value": "7b9f47f2d133dc0a3eb83beac1a059a5", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647974272, "uuid": "96544f37-6db7-4761-8612-9e441a0aea29", "comment": "Malware payload (Formbook)", "value": "0bbc4ad8c179c0f2e1c2a1b501f1baa3637bdf27d598c63f30f739d3e58a0004", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647974272, "uuid": "3bb1f747-d27e-4136-8444-a0db49da724e", "comment": "Malware payload (Formbook)", "value": "8fd8dc58d722170acbde34e5f08b9bb657305773", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647974272, "uuid": "d9095720-2f48-40bb-932b-ca012f6484f9", "comment": "Malware payload (Formbook)", "value": "5abd8737e49bebd76b837177911de6f292a806968d9edea3274cbbea0853bfe2f5dd33f77055f00293a1546b35de6e7c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647974272, "uuid": "13c1ace0-23c4-42c5-a35c-1a8b9195de7a", "value": "T1D815232469DD0F3FD57063B95472274483F00216B493F3AECE82A1E3DA97716BA25B53", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647974272, "uuid": "c5c54a75-ca2e-4324-be78-b67226a94486", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647974272, "uuid": "355c35ab-3002-4487-8255-2675b9d33eca", "value": "24576:Dyoh65e+O8oBdCNiB1ExvqUaQqXaiUCqUetqah:Dyoh6tOr0Ni3aCUjqqiUCqUTW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647974272, "uuid": "f8b12be8-8c4b-4688-82db-c0b02ff77aee", "value": 959488, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647974272, "uuid": "6b156fa8-5b94-4e56-8a17-b6b32d95f5e1", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647974272, "uuid": "e350a31e-c68b-40da-bf06-e4d9f56a96f3", "value": "PAYMENT COPY.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c0a9a159-a9e8-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647957767, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957767, "uuid": "64efe112-d380-419e-8e0f-45d9a320681c", "comment": "Malware payload (Heodo)", "value": "3f3a9c0aebd80818f703cc58d86f4d7e", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957767, "uuid": "31362633-2969-4076-b6c5-dd592eb21362", "comment": "Malware payload (Heodo)", "value": "0bfd2ad6b31faafd3f026364d4d04d2e295dd1212a24d0901a8ba78325bf93b1", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957767, "uuid": "0cded275-e580-4da1-9f42-4479df9605fe", "comment": "Malware payload (Heodo)", "value": "dc34347f594e3e7d0ab09c87bd4ea824385a949c", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957767, "uuid": "a4bea106-bc0a-4d97-a3a8-cacd47e3c476", "comment": "Malware payload (Heodo)", "value": "1f9e013d9be75e2463ce983f70087c18cfe9a4a238de9649284f2a2b296b99190ad4eae6d49f98040e033baf6800f5b3", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957767, "uuid": "4cf1bdd4-96ef-43b9-aff1-4e22fd975734", "value": "T1CA059C596B46C0F2C3B53CF0182A42B11D9AFAF2C7B7023B9E84167D9A70DC17768D5A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957767, "uuid": "b035d966-b7f3-4577-8e5c-2e5ec72d8b27", "value": "cd97bd977cef263c697f451ae2c47380", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957767, "uuid": "8ef006b4-d9af-44e6-a575-6f66140480c6", "value": "12288:V20BXOMcVzpWfmmnDDdX5P8fMYsvFE6NKGfLjx8QvbxafqNPOd4jy:V9XOMc1KmmDpX6svFEDGloyNPOO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647957767, "uuid": "28fa89a8-2c8f-4022-91e6-ef8a9efb255d", "value": 799232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647957767, "uuid": "a4157d72-102e-4621-886b-2826cff5f30f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957767, "uuid": "7159ab50-3b68-4ebe-9f6c-d8b3bdce415a", "value": "0bfd2ad6b31faafd3f026364d4d04d2e295dd1212a24d0901a8ba78325bf93b1", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5844ee6d-a9e4-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647955874, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955874, "uuid": "082e8a5f-7c34-48ea-8fee-beadeca00c9b", "comment": "Malware payload (Heodo)", "value": "417ee41fa2e273f5c612b20a2d17247c", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955874, "uuid": "b218c3ae-cc26-40b9-b8fc-2f61360a94a4", "comment": "Malware payload (Heodo)", "value": "0c333d4b061633b9a7a18dad218fc2b4fdbaa0944e4556a716bbea999a2e95ef", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955874, "uuid": "7697dbf0-f8f9-49be-b7c9-3f9c70dfe584", "comment": "Malware payload (Heodo)", "value": "04239e2e48b5bf90bca2af3d314a79e0b9886f9a", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955874, "uuid": "ca9d8cd3-7e8f-48ff-9c0b-14beb8001fab", "comment": "Malware payload (Heodo)", "value": "8a64ca456647367da1cdbb03a76809e9b9d473b925c058ecb4cb5c84ea9393204a36d0daee597ea79b5171332bccd23f", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955874, "uuid": "e70afc41-30fa-42d0-ba22-be6b88b2f147", "value": "T117D41B017498F0B3E38918B04A858AFB724B5DB296117073F2ED378CA7725F15CE766A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955874, "uuid": "78364ee5-1f9d-45ce-9e93-a1b7263cc4ed", "value": "b193e4975b360aaa9ff34a6f93823ae8", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955874, "uuid": "18cee003-51fe-4fa0-a440-9bfe53072287", "value": "12288:pao0Se86lloPxHHVVIjqxEqRVoQmiIII999tLLLdAkkJoFLZZWbClgluPcRBATfV:AqxETMJ777u3OmONFqNJtN1v96TOAnh2", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647955874, "uuid": "5171ec08-5f6b-4ca6-9503-09c6fe136bfd", "value": 638976, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647955874, "uuid": "d5623c65-550b-41fe-9381-0d54a15d6ede", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955874, "uuid": "d19db2c1-3988-4696-891c-a0e6897bf3bb", "value": "0c333d4b061633b9a7a18dad218fc2b4fdbaa0944e4556a716bbea999a2e95ef", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6a2dce3c-aa04-11ec-9275-42010a9c0029", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1647969647, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647969647, "uuid": "fe395b02-ef21-48ea-a727-4069275abeab", "comment": "Malware payload (SnakeKeylogger)", "value": "cc78bada85ef0819fa91e6e67c394417", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647969647, "uuid": "b24937da-b67c-44ff-8069-165ca2697dcd", "comment": "Malware payload (SnakeKeylogger)", "value": "0c4e658585bbf580ea8f4ee9e8bbe25e70f022bfe97e16104ca9ba9652c825e0", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647969647, "uuid": "a8f34e9d-ee36-4134-8f8b-a87f866964c0", "comment": "Malware payload (SnakeKeylogger)", "value": "f2cfe20f65a9347bd01c092917eef0558ad11661", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647969647, "uuid": "89a0cb12-5c18-4305-93ff-93a41fd636da", "comment": "Malware payload (SnakeKeylogger)", "value": "c4c032d05f9b2ff3f5994239afe66aae464d9dc7595e1269563843d1839b6c5ba6c94dca544999f04cc3c90a73d48de1", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647969647, "uuid": "bbeb940a-a1c9-4b4c-8684-63193920c4a4", "value": "T12FF439BA5A659773E83B927585020127F642DCFFB50B9C59A9837B010D3B1C23BC668F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647969647, "uuid": "f3e55a2b-742c-4444-b4b9-a2a82df087e7", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647969647, "uuid": "87cfa4bc-1d55-422d-84f1-89e939afa6b2", "value": "12288:Oky+G7ACs4mLXKTVgIaTZ0fz/53yd2OluON4fA9uwkCp:OwG7AcgP2B3yd2OluON4fA9uC", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647969647, "uuid": "2e63c29c-796e-4bbf-a4c2-8e8a250903af", "value": 770048, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647969647, "uuid": "3c343b0a-f8bf-4dd0-bd2e-13dcb7998bfb", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647969647, "uuid": "8a9aa175-5af8-4d46-8678-f6df71b6e0e2", "value": "cc78bada85ef0819fa91e6e67c394417.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c219387f-a98f-11ec-9275-42010a9c0029", "comment": "Malware payload (NanoCore)", "timestamp": 1647919544, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647919544, "uuid": "1a093678-252a-4584-9102-01a964d68e0e", "comment": "Malware payload (NanoCore)", "value": "c8c4568793b9c2cd6302b3c343f2b122", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647919544, "uuid": "dc0ef90d-fc3e-4c8f-88a3-162e78fdfa8a", "comment": "Malware payload (NanoCore)", "value": "0c5d401cb457030a23fd5afe1ad88ab0ff4f1bdcad1d7307fefd614107daf0f9", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647919544, "uuid": "521bb446-ba3a-468a-85c3-c53f0787e4b8", "comment": "Malware payload (NanoCore)", "value": "572959d58796945d30ccdd64db995788c553fb64", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647919544, "uuid": "7a789686-5ac1-44c0-ad41-12713b16db2b", "comment": "Malware payload (NanoCore)", "value": "f384f566df3cf4a1f26da74e524f4c0e7f976a7c2b708caf6f8db52ed393a8c9031e152abbc84f323b7df6d8efc362f3", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647919544, "uuid": "34fa3d54-9059-432c-ae82-82d661b93775", "value": "T1D12523C0625C4FF7EAE6277968202B0943F85B631423EF6E4FA36993179B34527DA503", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647919544, "uuid": "13dea92c-5f4c-4471-ad1e-9e1768ba0f20", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647919544, "uuid": "cd3b4877-7b9c-44c9-b66e-e0e7b6253fbc", "value": "24576:DHohW5FMfpLMdyJA8X05i4uHMC6vqp+14K+Lthzz:DHoh8FoBMdyJA8EFusep+4lL", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647919544, "uuid": "dffb634d-4918-4abd-900e-add2576a45b1", "value": 1021440, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647919544, "uuid": "d48ee572-10c0-4b0c-9895-600c78bd8aea", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647919544, "uuid": "4a5e271b-392b-475c-a3a7-1ecc0f65b769", "value": "proforma invoice.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "24d55332-aa05-11ec-9275-42010a9c0029", "comment": "Malware payload (RemcosRAT)", "timestamp": 1647969961, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647969961, "uuid": "6134df0a-d2a3-40db-892b-c0e27f0a5f06", "comment": "Malware payload (RemcosRAT)", "value": "16409837535e98ba979174d428cac117", "object_relation": "md5", "Tag": [ { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647969961, "uuid": "09bd2ce6-94d3-497b-adee-fee3b10fb50c", "comment": "Malware payload (RemcosRAT)", "value": "0c6d9a8770fee14f7194840c71381b4baccaa76da66c5a43a0b7e73352ea4ec1", "object_relation": "sha256", "Tag": [ { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647969961, "uuid": "80b7f39b-1b2a-4b3f-a89b-94781fa8a64c", "comment": "Malware payload (RemcosRAT)", "value": "5b5043cb5ef5fc110bbbadf9972c44cbdac8dce3", "object_relation": "sha1", "Tag": [ { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647969961, "uuid": "eaa13091-85f6-4d39-baa9-154f612650cd", "comment": "Malware payload (RemcosRAT)", "value": "155793c2960e0b011f9676464d0a95ac030117bb8e5b8afb7bd4a3e036c66605a1911f6b5f086f5327f4e83b26082c3f", "object_relation": "sha3-384", "Tag": [ { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647969961, "uuid": "36fb5be7-adde-40df-b635-7ba111573a83", "value": "T1094150EDF08FB4650B2308B1D95B685F9A31A182C538A480F60DDFCD1D3915893666ED", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647969961, "uuid": "f12322d3-9932-4492-868a-90a0767f298a", "value": "48:8O1oaSfoRza+NM4JqrnLFuYwOPYIJ940Uq//e3k:8Oy6Ba+QrnxuYwgJHj", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647969961, "uuid": "1883f499-9e11-4f59-b1b2-6e34975181b6", "value": 2059, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647969961, "uuid": "812f93ef-d0cc-410d-8ba7-0439e9e0f71f", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647969961, "uuid": "d6237f32-aa58-4040-8afd-fbf77949527e", "value": "win.vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "93481cc5-a9e1-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647954684, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954684, "uuid": "9999bda3-8fc2-4771-80bf-419df542b96b", "comment": "Malware payload (Heodo)", "value": "a7500426a2098edd5687b28bc7b3061a", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954684, "uuid": "a284e6c4-bf68-4ea0-a0be-c79adbbd9a9f", "comment": "Malware payload (Heodo)", "value": "0d44f2242ec1794b134db7741bcc13773f78eb0994beae41badf8b787e78ef94", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954684, "uuid": "09c3aa27-3829-4217-85aa-4f511bef33ba", "comment": "Malware payload (Heodo)", "value": "a9e757acd4614d7164d5fd4fc2aa23f101b20c2d", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954684, "uuid": "f572b0c8-ac53-4451-ad91-fa69b566de4e", "comment": "Malware payload (Heodo)", "value": "e35cad3954cd742c41a8f24c0d9c9a509ef50040a0e9e257a500f508e97bff1afa7ad0887ec3d82a0cfdddd336984417", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954684, "uuid": "79453ba7-20f1-4f5b-9755-27ea4e5f8ed5", "value": "T1D0B40706B152B13DC24BD0B96E0167A951AED9FD0BB137A3AFA813CC06A34D5735DBC2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954684, "uuid": "8cf7f0ec-2a66-4008-96ec-dc6a55e68781", "value": "42fe0d732d1bb90c6a7a1bcfb8ef88aa", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954684, "uuid": "79271c20-9a73-458b-bab9-fb439e1e6cc2", "value": "12288:AASStHx1vVHO+1Hx54Og0p9n4WNL7XE0UdX:ecHfv4qxfnp9l7XE0", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647954684, "uuid": "7be67c9b-5ca7-40aa-9553-1e1d4dc71f71", "value": 532480, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647954684, "uuid": "029d8f88-f547-4ada-b122-56877d6118d3", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954684, "uuid": "8c916ee1-8105-43de-98a6-ac6833d7e1f1", "value": "0d44f2242ec1794b134db7741bcc13773f78eb0994beae41badf8b787e78ef94", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5cd7a3bd-a9e4-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647955881, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955881, "uuid": "a39299c6-cced-4f6a-b316-97d08b9b6b64", "comment": "Malware payload (Heodo)", "value": "08c7dac42e87fb868bfb0370b92b7d06", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955881, "uuid": "b7adde4e-6c0d-4470-8ce8-1609d7a2a832", "comment": "Malware payload (Heodo)", "value": "0d65e89151496f82359dfc80545ae51dcdc0e486d2ce730c08d59a7a266a1e0c", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955881, "uuid": "b2b9b7c4-b63c-4da2-b9f1-3a807ebf7daf", "comment": "Malware payload (Heodo)", "value": "b895602d4abe74d670a9c5e80e99e43a6d632b60", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955881, "uuid": "5ffadea3-cfd9-4f9b-8c0a-5bd925452d19", "comment": "Malware payload (Heodo)", "value": "3a29ddd51a520b454ffe203779e15388e4ee82e1c0f07f77a6682d5d153d2521faf092b644e8853ce643348e57d85ae5", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955881, "uuid": "ee14a92d-5518-458f-abe1-84adee3ff806", "value": "T13DD41B017498F0B3E38918B04A858AFB724B5DB296117073F2ED378CA7725F15CE766A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955881, "uuid": "b0831429-a944-4815-833d-1f6a0c5f604e", "value": "b193e4975b360aaa9ff34a6f93823ae8", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955881, "uuid": "5e7199e7-7cd8-4eaf-86d7-e5b3dddc12ac", "value": "12288:pao0Se86lloPxHHVVIjqxEqRVoQmiIII999tLLLdAkkJoFLZZWbClgluPcRBATfc:AqxETMJ777u3OmONFqNJtN1v96TOAnq2", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647955881, "uuid": "e300079e-686a-4a5e-b810-b69404ac34d6", "value": 638976, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647955881, "uuid": "35004bfa-5833-49c8-a9e1-f08c3cf308c7", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955881, "uuid": "152e12b2-6c10-4db4-a302-2d42bab4384f", "value": "0d65e89151496f82359dfc80545ae51dcdc0e486d2ce730c08d59a7a266a1e0c", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "39c3fdf6-a9c2-11ec-9275-42010a9c0029", "comment": "Malware payload (AgentTesla)", "timestamp": 1647941219, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647941219, "uuid": "0fcd8624-f6b4-42d4-bb0f-9ab2bd7a72f0", "comment": "Malware payload (AgentTesla)", "value": "77df29d8ece61bc48ab4f9f46988e178", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647941219, "uuid": "a9a33752-1ce8-403d-9725-6c36c89797c0", "comment": "Malware payload (AgentTesla)", "value": "0d8bc09abccf43b95242bbbc865d24d27b8e692f04633d56656fb72595c72b61", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647941219, "uuid": "e7928596-5689-4cef-b557-987997988115", "comment": "Malware payload (AgentTesla)", "value": "87c2b7b80e742f7b8d6f623d6ba6b6df22fd31a5", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647941219, "uuid": "774846e2-45df-402b-98ac-4297f78d52be", "comment": "Malware payload (AgentTesla)", "value": "5759b74fc931a15efb80320517e42d123c29a4c957fc05354d874dd1e0da3abeee54ee7afa423c390c40ff88e4e957a2", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647941219, "uuid": "46b0c684-accf-4ba2-aec3-a37303e3d50d", "value": "T1472523407FC8A55BC5860F351878335053A4E83A5B13E79FE845730E6A6F3C6AA83B67", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647941219, "uuid": "880de45a-54dc-4c7f-bb0e-87a011f55387", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647941219, "uuid": "a2805166-aece-453c-ab58-c32f2c25a58e", "value": "24576:Nohm/U1rLNhXWP3Rcrpyxg0CU7F+zDzLP0XnHE5AiOV2q:NohCU1N9qa4J1F+zD0XnkxL", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647941219, "uuid": "b4b35a10-dbd2-4184-a5ef-ca4bb3f25d56", "value": 1056768, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647941219, "uuid": "68d281d8-79a5-4b2a-9335-9035dbcd2a08", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647941219, "uuid": "554ff8b4-fcf8-413c-a718-cee8faf5feef", "value": "Purchase Order No. 89006993.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c7336646-a9e4-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647956060, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647956060, "uuid": "0ca9d007-2817-4d37-b959-9cf7899b5ab9", "comment": "Malware payload (Heodo)", "value": "693edef851607af0265a7cb806f4ee3a", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647956060, "uuid": "c84925fd-2784-4d0e-b9c6-ac45f2d883db", "comment": "Malware payload (Heodo)", "value": "0da5f740f1dbd1013246c4d85456b0aefd9552c3ac9a1e9ac6ebe539b5d16496", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647956060, "uuid": "6b730e1c-bf92-49ef-a777-b9792d9c3ca4", "comment": "Malware payload (Heodo)", "value": "36781b00d627f1cfbdb6cb8ced227eca5b48be86", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647956060, "uuid": "095750f1-db2d-4c8f-ab55-60c01a31f194", "comment": "Malware payload (Heodo)", "value": "cb0da74f9a86b82f36cb4432c3cebdd9c360b28e5acefaf26eca1ba83aa0effd1b2eb3a5ace2bbc97047d6a14f8c7cbd", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647956060, "uuid": "959a0292-d132-4169-ba4c-edcfe7b5977f", "value": "T137E4BF4177C2C0B6C15E017A5982D35D22F9ADA1AF3996C3ABD0BABF7EB40C29D35311", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647956060, "uuid": "36d21d91-d377-4a8a-b412-53667e33ca72", "value": "5529db874583b5635436baabaebb4b71", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647956060, "uuid": "49976011-52d0-45c1-a517-356bb76e5b4e", "value": "12288:hr7tPMgvzJAHX/18nLrOo2HYJnfA/QCwirzKA0whR3Hm/zZe+sB9qF6+Z2ncwH2i:ffdA3/18nLrOoaYNfoPhabS10", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647956060, "uuid": "178c2771-dd34-4422-86e5-32653e2b9fe1", "value": 675840, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647956060, "uuid": "2ba450b4-ee46-44b8-b1fd-2eb549fd8844", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647956060, "uuid": "3c2abb3c-d7ea-4b1c-b99d-f643411d9314", "value": "0da5f740f1dbd1013246c4d85456b0aefd9552c3ac9a1e9ac6ebe539b5d16496", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e4c3a5ca-aa13-11ec-9275-42010a9c0029", "comment": "Malware payload (RaccoonStealer)", "timestamp": 1647976296, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647976296, "uuid": "25fd669a-baec-4232-992c-98d0d6388e47", "comment": "Malware payload (RaccoonStealer)", "value": "09bd76a5a38154170634e8ce27ae3a62", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647976296, "uuid": "b4d53905-c4f2-40c2-90a2-ccddd1dbc427", "comment": "Malware payload (RaccoonStealer)", "value": "0dcc54b7413d2c838980c6ccdb5d68c52a0a1b7994d212c537291460a5c49aa0", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647976296, "uuid": "6e5869a4-774a-4562-8fe2-dc4c81ea7b36", "comment": "Malware payload (RaccoonStealer)", "value": "46187f216b6e8d6d894441c6716a09e77b62c9e8", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647976296, "uuid": "703a8aef-fe82-4c43-8f96-276d45b9b1bf", "comment": "Malware payload (RaccoonStealer)", "value": "7de71c9067406dbea101d8d8084fc2974e4f43da3ffef9612745be6226d43808fd01d12237e82d23071ee79b1777bd1e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647976296, "uuid": "875d3c79-0354-4bc1-82e8-4c1db5cc1ead", "value": "T194B41280BA02C035C48565712469C2712A3E9E357261CE1FFB9A773D2F313EA66F5B93", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647976296, "uuid": "83d1b99c-f167-4ff6-a5c0-ee93cbbe6da3", "value": "9b5dd8ae6c49e5fbd407dc1f346434cc", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647976296, "uuid": "c8e4cebe-a37e-4daf-a102-81787423c760", "value": "12288:h2nhiIAPcmwZIuCf+khaAjxUhA0Mnynsq:huhiIgcmn+khjjxUhZEOX", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647976296, "uuid": "138d9a8b-cff8-4d61-b560-7e95382e6293", "value": 524288, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647976296, "uuid": "830f86c2-919a-4cb5-8def-1c65ecc2f59c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647976296, "uuid": "22652de0-0aeb-48e5-90cf-743784e035dd", "value": "09bd76a5a38154170634e8ce27ae3a62.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "dc3544ae-a9d6-11ec-9275-42010a9c0029", "comment": "Malware payload (Loki)", "timestamp": 1647950082, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647950082, "uuid": "a7a01f30-fded-4af3-b767-af34ed00960b", "comment": "Malware payload (Loki)", "value": "56b7402c0dbea38be7d684221be8267c", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647950082, "uuid": "6ec14559-fc2a-4702-8016-c2a436d2343a", "comment": "Malware payload (Loki)", "value": "0de9d600263ebba8c970a3c71faa5ac482d38a2f0daef028e407f0eaa39e6f2e", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647950082, "uuid": "3ae2932a-f28c-4fee-bb0c-12a3c458e8f1", "comment": "Malware payload (Loki)", "value": "de272ebc8600fafe0ff34c15e96bba86bea647e3", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647950082, "uuid": "6018b9e6-e7d8-4a03-b7a1-dc14cd27a074", "comment": "Malware payload (Loki)", "value": "9212e09e6bb13ca3b167b055fbeb2414b7a3a2f98fcd07c988a015c4235fe511234cd8fe9ceb40cf299a7978d2888af0", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647950082, "uuid": "bb0155fd-1b8e-41fa-abc5-35cbea445db4", "value": "T17F341303A0C08657D593AF3006736BB9E3FBD38901176247BBAC8FB96D6905F091D5BA", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647950082, "uuid": "321f74ca-13f7-4381-96fd-4a04e452c497", "value": "7fa974366048f9c551ef45714595665e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647950082, "uuid": "497816ee-f1d3-4c90-ba64-fa157acc7dbd", "value": "3072:rS17XJiDxmJJAK75myEUkAt9VInm41h4oGaTaAob1mF3xB0GGteUkw93XPNTVTMc:rGicJtQCoGapn39i7vV/pUoKpYGcV", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647950082, "uuid": "772ff54b-28f5-41e9-9a26-5d83147c162e", "value": 242054, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647950082, "uuid": "902a0e7a-99aa-466a-8862-b1a9b7222092", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647950082, "uuid": "a56e5809-d359-4433-a76c-fce037700409", "value": "56b7402c0dbea38be7d684221be8267c", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1a1f0ae0-a9e0-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647954051, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954051, "uuid": "80f81cbd-c898-4d03-ae87-f6ac3cb5aed1", "comment": "Malware payload (Heodo)", "value": "87f3f1ea35bb0c946ca03817b1356b2d", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954051, "uuid": "0c197f55-da57-4d4e-a0c6-b8be974c709d", "comment": "Malware payload (Heodo)", "value": "0e30c00799f41a562681cf027d4400ce81c4cbbf9ca191a128a3586c1c36a81c", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954051, "uuid": "7e5387e0-bba0-4cf0-a6e2-4b193c32dc6e", "comment": "Malware payload (Heodo)", "value": "eda735494eadc6007b8f275c218f474aa3225401", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954051, "uuid": "a0b57e92-5204-412a-bbd8-62ae3d035967", "comment": "Malware payload (Heodo)", "value": "d8da6a62d38181b96c77492a6a2167c54a9d5d981699e7c7513ddd9ada1d4a3ddfc7072da95e998a03553f62d3ed4e4b", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954051, "uuid": "2b23dcde-7305-49ed-a10f-a72d5c1b814c", "value": "T1F825AE223AD5C07BE2AF16760506E76E62F5FD304B2586C36FD11BAE6E345C29739302", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954051, "uuid": "9c00c15f-0660-445b-8b67-130a966d2098", "value": "c43d7d6aae03def404d4e73d7d3f62eb", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954051, "uuid": "50e48b49-6763-4ba9-9ac6-d4d738c4e4fd", "value": "12288:+LDlVD0Fj+g1dEJgcIzQHBKeWZlQi5tFjNRLU:Ci6fgcIcHB8ZRbLU", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647954051, "uuid": "dc18ca57-6cde-457a-9071-b5b446e3b0c8", "value": 1028096, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647954051, "uuid": "dd75595a-309c-43e8-804b-f0ad9fb89ed3", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954051, "uuid": "3be8d2ba-4767-485c-b2f3-fed4c2efe8e2", "value": "0e30c00799f41a562681cf027d4400ce81c4cbbf9ca191a128a3586c1c36a81c", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a2794ec9-aa04-11ec-9275-42010a9c0029", "comment": "Malware payload (RedLineStealer)", "timestamp": 1647969742, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647969742, "uuid": "c17492d3-6ef5-4ffd-a389-02a956a90d59", "comment": "Malware payload (RedLineStealer)", "value": "8624728cebd98acc0bc1936bc3c9c952", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647969742, "uuid": "0688c8a2-82b1-4bff-9fc3-41d1117ae57f", "comment": "Malware payload (RedLineStealer)", "value": "0e6d1f6487c569660b677a96c284e8224047ffaefc5959108d1a15acbe78e7a7", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647969742, "uuid": "b6168f92-8393-43fc-b388-1981253037e1", "comment": "Malware payload (RedLineStealer)", "value": "e93bb6ae9cabdaeb92d2d8e0c474248baca1612d", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647969742, "uuid": "7a28327a-bf68-4b2b-88d7-c3f20bef8d39", "comment": "Malware payload (RedLineStealer)", "value": "588552b87114c4429368f8809c88b4502f102fc8b21c3151483b1b1447763ff3bc707dfd5443125ba71e1dde4885de48", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647969742, "uuid": "ab8b7865-7f4e-479d-b29f-26769cd473b1", "value": "T1EC45F1823144DCDAE55329F148AFD97052B87D9E8025C60E3B83BF2BA5E7302259779F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647969742, "uuid": "c79dfb4a-a488-41fd-af26-3aeb93aa0fbd", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647969742, "uuid": "fb6c40c3-bb92-47dd-8bed-bbace44cd01c", "value": "24576:wohvKc6+Kzzh2rfzhHUtuSZcy44CtLxOQ1Qd2+WQDd8:wohyYvfzywycXt1OQ1l+WQDK", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647969742, "uuid": "1ca3b4eb-b2d9-4e10-a0e8-a225aab24547", "value": 1236480, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647969742, "uuid": "30dcbbd3-a572-4f4d-a62d-86ecc20856fb", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647969742, "uuid": "558b1d59-346d-4b36-b7b2-cb05331d4c4b", "value": "AMAZON_ORDER76005544329987701PDF.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "41b05dac-a9ed-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647959701, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959701, "uuid": "dca1b351-9e69-403f-a056-f1fad56f3764", "comment": "Malware payload (Heodo)", "value": "04aa51ffc39d78fdcbcd42db53c45c9e", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959701, "uuid": "9e858aea-5767-4250-9d79-cb535ae495ee", "comment": "Malware payload (Heodo)", "value": "0e8f66f2643ca10269abf9288d1157f5821bf9512fbf6b30613326fa553e8735", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959701, "uuid": "4e6f1b3d-8fa6-4dda-9e1b-9cce853ec175", "comment": "Malware payload (Heodo)", "value": "b6ce57b9837da1ee870a61bfe04d8c72a09da81b", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959701, "uuid": "5f236b4d-05ea-4c4b-a7ca-0bd672c644c1", "comment": "Malware payload (Heodo)", "value": "89474281829f7b3168309ec5e64ffb8af4012e338b67e5fcacd14cd076b5cc5994d7b8b9c3e625886eab0d11fa88dfd5", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959701, "uuid": "c494e052-323b-4002-8d70-70e7e72cea86", "value": "T1E3B4194F1E989172F0CF28776C22FB65F1EBB8009319B8116EA81B4CFB25B715961D4E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959701, "uuid": "4a468194-fb84-4c72-b244-87a46a020eb1", "value": "ea66334e3c2bfce2838f2a75dde8dc63", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959701, "uuid": "f2290741-fa01-484c-b25c-9ba34702c4d3", "value": "6144:8JZToYE666spbEgoZhZO1tvI+rB7FNXtwN2B5mq8dbSNQ7dqNThMx:8v/goZoPlF/wN2PmBzdqNTWx", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647959701, "uuid": "997ac71d-863d-42ca-b7ea-f179de81da40", "value": 516096, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647959701, "uuid": "4c3a8765-9927-4fb8-a12f-5467fd66d523", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959701, "uuid": "2f6629a3-b5cc-4dd0-9b2c-517a270be3d4", "value": "0e8f66f2643ca10269abf9288d1157f5821bf9512fbf6b30613326fa553e8735", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5ca124db-a9e1-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647954592, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954592, "uuid": "4977a24d-f1b6-4017-9f90-548bd0590845", "comment": "Malware payload (Heodo)", "value": "36bc37e7ece7d4bb284dc8fa5839e619", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954592, "uuid": "a5e4dc13-4df4-4c59-8d16-d20ef2bb48fe", "comment": "Malware payload (Heodo)", "value": "0ea144fca685ca80860e94d436bd3eb9e2290f8c37c8d1f759929531b3fc75c5", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954592, "uuid": "d9b1759d-05bd-4dff-ad32-6723b6080fab", "comment": "Malware payload (Heodo)", "value": "a792b9f06a2ab2e80f86c8fd13482bbaeab064a2", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954592, "uuid": "fd8cb939-ce01-48db-bc62-73f7aa551d17", "comment": "Malware payload (Heodo)", "value": "6031f7e2a78cfede633aff99e637a4fd7e2b5063afbcf9ec320921d31ec0f082e6c562adbdb95c882df73929c9b82921", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954592, "uuid": "285c704b-c50c-4f61-ad61-1cf7c54bae04", "value": "T163E4BE6176C2C0B6C15F017A5946E31D62E5AD609F3896C3ABD4AFBFBFB50C29D34202", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954592, "uuid": "e8eb3836-9a6b-4b38-aa82-ebf5d1a712a8", "value": "5529db874583b5635436baabaebb4b71", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954592, "uuid": "84c608a5-d171-43f2-a4b4-ae4121b3820f", "value": "12288:Z6ZLutvgrwV8RQc5W1yS0ezL9J6XKYe/vyzfANcN/kJhXx5y:qza8RQc5W1P0Q9sXKYLzflBkn", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647954592, "uuid": "6a2c63f2-bbf4-4501-a31f-cc802d7daf98", "value": 679936, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647954592, "uuid": "23fc75fd-2809-4eb6-ad01-0bdfd8435149", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954592, "uuid": "52a1ec0a-29fb-4694-a6bb-1661b584a586", "value": "0ea144fca685ca80860e94d436bd3eb9e2290f8c37c8d1f759929531b3fc75c5", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3722ec2d-a9db-11ec-9275-42010a9c0029", "comment": "Malware payload (RedLineStealer)", "timestamp": 1647951952, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647951952, "uuid": "6852719e-f65b-4d1a-9986-d98fda837027", "comment": "Malware payload (RedLineStealer)", "value": "a731e83d8765894b380c52c74bb6e7e8", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647951952, "uuid": "9240039c-e704-4dab-8cf8-865be13510c6", "comment": "Malware payload (RedLineStealer)", "value": "0f07033d4fb0f0e0fe625ac301c7ab0b5b86d29354d2ef7b88823edd7074e711", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647951952, "uuid": "f3a67cae-1a47-42b3-81ce-80155802d51d", "comment": "Malware payload (RedLineStealer)", "value": "a4f4ec33af5e72f67ba6b273cdf76a2dd0bd2390", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647951952, "uuid": "b4e48045-7870-41c2-a08e-e13538417c3c", "comment": "Malware payload (RedLineStealer)", "value": "a7bda551f56659b3edbe6485478136b1586f6fb581d72bf0cca5c4806ea0fc5d9a12b565d9e3b4dbc27b130df18380cf", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647951952, "uuid": "fea93513-f876-4461-a223-4b3e42db4603", "value": "T1757401217B41C032D484A4327536C3B2663EB4320575994B73A96B5F2F313E6EEE6787", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647951952, "uuid": "fff8ef79-fe07-4680-a364-ec342dc8ecbc", "value": "82d4c36ef8d8d93a7382f02fd78b23b0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647951952, "uuid": "b6d4b664-279f-473c-a540-c3ce694a7973", "value": "6144:tDRxdzVH7ACRrsDhOjiCArY/osV8LB6QiTm64/m4:tndzl7PsDcOlrYFcg1S64/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647951952, "uuid": "304d892b-7b5b-4c47-bdd7-79ee1f3a98d4", "value": 368128, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647951952, "uuid": "25f09e1d-32c4-4ab0-942b-7bbbd9c04083", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647951952, "uuid": "2af2d2a9-d120-4c23-973c-6157fe14a3c4", "value": "a731e83d8765894b380c52c74bb6e7e8.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0962ca85-aa07-11ec-9275-42010a9c0029", "comment": "Malware payload (IcedID)", "timestamp": 1647970774, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647970774, "uuid": "779ed9c5-2083-4946-bc19-7f716ab84c3a", "comment": "Malware payload (IcedID)", "value": "1433886577ad04dd268d82d92e031fd2", "object_relation": "md5", "Tag": [ { "name": "IcedID", "colour": "#819B92", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647970774, "uuid": "9daf40ee-f13a-40df-9bf4-cf2cc1826b5f", "comment": "Malware payload (IcedID)", "value": "0f3ea635c48dba38f3602aa302e2581fef545372e81a5e372d68ca709f2db7f9", "object_relation": "sha256", "Tag": [ { "name": "IcedID", "colour": "#819B92", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647970774, "uuid": "500398a1-5ab5-490c-8eb4-8667740f92fa", "comment": "Malware payload (IcedID)", "value": "fd8010620f1628d602804778b5f5281da5144d35", "object_relation": "sha1", "Tag": [ { "name": "IcedID", "colour": "#819B92", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647970774, "uuid": "3cfb7c36-ed38-4f02-9d69-e0d8902e337e", "comment": "Malware payload (IcedID)", "value": "2cf5f9d89998a19ada1110c57dd0c342bac4e8af0b676c9db40496d29a273ef53e63d4897e168d32dda0314a05f75d01", "object_relation": "sha3-384", "Tag": [ { "name": "IcedID", "colour": "#819B92", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647970774, "uuid": "e948ee3a-459f-49c9-bffc-8203977a0002", "value": "T17AB423BA5D20D741C933E3BF91C956E815FAD40B27B0DBA92E64F48184358E7218FD8E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647970774, "uuid": "9ba67cd9-7f09-403c-acf1-525d1806f988", "value": "12288:L4Ok4EANMb3GdfRPNBcSA8ASlGLvvcjnM:TnEKSWRFcSpOvOM", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647970774, "uuid": "2d721af1-39df-4489-b6ba-10710297b983", "value": 531549, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647970774, "uuid": "24ef73ce-7e53-4c59-a0ef-65f74317e961", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647970774, "uuid": "c0cea540-dacf-4f46-b39a-feb81143d337", "value": "request.doc", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "67e860d3-a9e3-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647955470, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955470, "uuid": "9dfe864d-0b07-4c93-9d9b-3f03b81d8577", "comment": "Malware payload (Heodo)", "value": "26ae95e44da48f411ee1c6872cc39e4a", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955470, "uuid": "283d5f43-8896-4dd2-a943-58b695aa7cb1", "comment": "Malware payload (Heodo)", "value": "0f6f72479742c3b1b1c77fa85930011616be4bd6c7d491d179139982c3ed8a39", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955470, "uuid": "79821859-f72d-4208-a5c2-88a4e7d1dff5", "comment": "Malware payload (Heodo)", "value": "970faa3589b7f95cc8740b0093fa8b95d58230fb", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955470, "uuid": "d5460a56-cc7e-4b79-9195-ad10a19f43cb", "comment": "Malware payload (Heodo)", "value": "8198bab5a81b12f096a9e567d71c83197c55205afb5dae2d7d136d1f764a04750062459ce4f730b4b8462961ba404c2b", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955470, "uuid": "f656b568-5901-416e-9fba-e23a4e2d9127", "value": "T1B1D46B03BFD3F0F6C12F0F394505D608989A7AC6A62A45A3539C6B9FEE770138D36652", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955470, "uuid": "3db70c90-74fb-4028-9c8e-849a9807e571", "value": "987fe31a9a4cd6eac4ce656a05c3724c", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955470, "uuid": "8f839244-3c1e-4f97-b913-e6c01faed2b2", "value": "12288:QXvRLpX4HMAus65raxMxWXb6Sw5BxfmRgnI:Q/Rt4HMA+rax2BlmeI", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647955470, "uuid": "caaf84b3-29a3-4ad5-b7c3-77de7a6ebd5d", "value": 614400, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647955470, "uuid": "877624f6-bbea-4d0e-8dec-c48a1eba9dd9", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955470, "uuid": "31293f0c-a4c1-49c5-b6a7-cb780052811a", "value": "0f6f72479742c3b1b1c77fa85930011616be4bd6c7d491d179139982c3ed8a39", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c306d50d-a9e8-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647957771, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957771, "uuid": "ff2a103d-a193-4d52-8a38-390d93b1b13e", "comment": "Malware payload (Heodo)", "value": "f39e1afd02a934cb070b89c5d7ff26dd", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957771, "uuid": "f7e84f69-f1c8-4fe4-99fd-da5848530d12", "comment": "Malware payload (Heodo)", "value": "0f91abd838ea658b1e41f5338731365eb85db5eb4fadd18f307ed4a6e734bc50", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957771, "uuid": "adedb32b-f70b-491c-bd6d-f124fb561b24", "comment": "Malware payload (Heodo)", "value": "6a9a8e571b55611391b828147b0a6ad17bc338c6", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957771, "uuid": "d6c0fd8b-bfd8-4b83-8337-ef5d456cfb72", "comment": "Malware payload (Heodo)", "value": "10ac4f39fc269fc98d00653c14181cd20bb1cdfb79bbff3015b8df3a9d4761b9154d8dfe7e657a19c1dbcf5b4775a5e1", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957771, "uuid": "b3393890-a5b9-4602-84eb-fb74aa1b72b4", "value": "T150059C596B46C0F2C3B53CF0182A42B11D9AFAF2C7B7023B9E84167D9A70DC17768D5A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957771, "uuid": "251b3fff-6868-4ba5-afaa-7db8ec7f4779", "value": "cd97bd977cef263c697f451ae2c47380", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957771, "uuid": "101c174a-8780-478a-a271-8f4cb775bdbc", "value": "12288:V20BXOMcVzpWfmmnDDBX5P8fMYsvFE6NKGfLjx8QvbxafqNPOd4jy:V9XOMc1KmmDtX6svFEDGloyNPOO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647957771, "uuid": "6c0ccda2-98e0-4b32-8eb0-13ee4c6ab994", "value": 799232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647957771, "uuid": "0e1d1f22-ca08-467e-ac39-2de06473c4ce", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957771, "uuid": "d328c2b1-e664-4005-bdd1-46cc2f76874a", "value": "0f91abd838ea658b1e41f5338731365eb85db5eb4fadd18f307ed4a6e734bc50", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "498b8fcf-a97c-11ec-9275-42010a9c0029", "comment": "Malware payload (Loki)", "timestamp": 1647911181, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647911181, "uuid": "66c20ff3-871e-41d8-b54b-e9db8925ac40", "comment": "Malware payload (Loki)", "value": "71333da95279b234519ba5e248ba06bc", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647911181, "uuid": "8199f735-c1bf-484e-af6a-db50b483e6b4", "comment": "Malware payload (Loki)", "value": "0f99be5d4e238bbb90cfba686cd616fc8ba6a8c1ef1847d7433bc7d263c14509", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647911181, "uuid": "2498ce86-c995-4e27-acc5-e80f043fd87e", "comment": "Malware payload (Loki)", "value": "89384b63220b2d3b58deeee5ec4a2cc32056e8a3", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647911181, "uuid": "835be6dd-eb45-4c29-b54a-f9c0c88bbf62", "comment": "Malware payload (Loki)", "value": "cf65137e9abf02f6e3d5d0a78b0690797337082c0427247ed3753f7d6b5b5b689f8284bc0d294fecfad953a50381de09", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647911181, "uuid": "1163d00b-58f2-4e17-919a-5be983794a18", "value": "T10935D0A121FF5EB6C17BA7F1F451BBB60EA07F08D701C2B9897368C592E5729343460A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647911181, "uuid": "b5bb6a87-808b-4627-888a-797e59f828be", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647911181, "uuid": "4ad3c15e-d270-460c-bf77-76e6be35a2d2", "value": "24576:C99qYs8Mwgd2wfiO4ZqEiwxkC1+U43bSmhcMD:+KwgddD4ZqGl+DLSm+y", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647911181, "uuid": "d10bc5cf-ea64-472d-acc3-76d6cc880955", "value": 1083904, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647911181, "uuid": "620c34b0-df58-4d87-9020-4e7f6e67ef8e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647911181, "uuid": "5f0cc8d7-cc0a-48ee-8874-d5530f91e769", "value": "hd9s2Lm5ntKithZ.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c54fa700-a9e8-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647957774, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957774, "uuid": "f81dc08c-6269-4fa0-b0f1-f1d06e5423a7", "comment": "Malware payload (Heodo)", "value": "4a7705e583921bfac1e1b0864fc75100", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957774, "uuid": "c6fdde68-f58b-4127-8faa-bb8528b8edb2", "comment": "Malware payload (Heodo)", "value": "0fb334eb63be9dc1d0e80a82ab7a4489c5f67568d8c1940c196f02449de65194", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957774, "uuid": "d4cde58b-0566-40f7-a648-7239430a2bb1", "comment": "Malware payload (Heodo)", "value": "180a0f3a2a893ec5deae871776c7dd7b633e3652", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957774, "uuid": "54162f88-b672-4eed-ad07-a29edaa0c4a3", "comment": "Malware payload (Heodo)", "value": "73364286cff5106be3cd399f228aa69b70f2ee2c584dd55903c2ad1fb6d4fa3982659e23581ef4546e41f580777bb77b", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957774, "uuid": "0bf02a96-8661-43a5-8fb1-eaa79f13f9bc", "value": "T1A9059C596B46C0F2C3B53CF0182A42B11D9AFAF2C7B7023B9E84167D9A70DC17768D5A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957774, "uuid": "2032c807-7ca9-4f10-900c-286c4ff86b08", "value": "cd97bd977cef263c697f451ae2c47380", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957774, "uuid": "02ddc7d0-805b-469d-aece-34f662fca820", "value": "12288:V20BXOMcVzpWfmmnDDuX5P8fMYsvFE6NKGfLjx8QvbxafqNPOd4jy:V9XOMc1KmmDqX6svFEDGloyNPOO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647957774, "uuid": "43ca12f0-e421-4fd2-b1ac-a472394badfd", "value": 799232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647957774, "uuid": "b8e61893-bdcb-4459-ad9b-5dec86def1ea", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957774, "uuid": "efd5307b-cfb0-48be-92f9-e05dc79ba556", "value": "0fb334eb63be9dc1d0e80a82ab7a4489c5f67568d8c1940c196f02449de65194", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6a532ce5-a9e3-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647955474, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955474, "uuid": "f63f68d4-58bc-413d-96c6-33076d0654ff", "comment": "Malware payload (Heodo)", "value": "2f18ad33eb7934dec451381cfea51e42", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955474, "uuid": "7f697bac-ebfc-4317-a10e-0e34092ff521", "comment": "Malware payload (Heodo)", "value": "0fd4b2f849bd615b62cf1eea7dade0e8cf1048376fadb8cb41f6d9052017cefa", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955474, "uuid": "6563917e-ae8e-44db-8835-1b87a5e7d169", "comment": "Malware payload (Heodo)", "value": "d643dc7507d8802e3f8764afbc56102f730a3e24", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955474, "uuid": "28134df4-b826-42cc-886d-ad4430124e96", "comment": "Malware payload (Heodo)", "value": "6de505bdca2c65e09a4cdebff15c980d16ecc6214ac718863143f993915a23770b9a379c37958030e0d38d54aaa87ee6", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955474, "uuid": "5c45b00f-d4f9-4137-9487-e1512cf902b4", "value": "T165D46B03BFD3F0F6C12F0F394505D608989A7EC6A62A45A3539C6B9FEE670138D36652", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955474, "uuid": "67d8a898-5116-4235-beb0-8a9cd0cfd066", "value": "987fe31a9a4cd6eac4ce656a05c3724c", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955474, "uuid": "0be9f51a-3504-4e75-9fee-53d064f6ae72", "value": "12288:QXvRLpX4HMAus65r7xMxWXb6Sw5BxfmRgnI:Q/Rt4HMA+r7x2BlmeI", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647955474, "uuid": "388c6643-f374-4681-ba85-9a8268d40f42", "value": 614400, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647955474, "uuid": "87c01fb4-c025-4739-be5d-43926d9aaa71", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955474, "uuid": "c715c8b2-0126-4c01-93d5-bfb81e4c70f2", "value": "0fd4b2f849bd615b62cf1eea7dade0e8cf1048376fadb8cb41f6d9052017cefa", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8ea5df3a-a9b0-11ec-9275-42010a9c0029", "comment": "Malware payload (AgentTesla)", "timestamp": 1647933631, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647933631, "uuid": "ca6654b4-9564-46c1-ab96-bcdf4a21ce33", "comment": "Malware payload (AgentTesla)", "value": "bf7f0dcb073529752f06d3abc114da43", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647933631, "uuid": "cdcd1604-e751-44b6-9a13-f722bb360de2", "comment": "Malware payload (AgentTesla)", "value": "0ff937e3e29dea28465b95e82683a8455761a0008ee63462653f8f0bb8ba6daf", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647933631, "uuid": "0a376d8d-9c0f-4b2f-9a69-09e8c71a975c", "comment": "Malware payload (AgentTesla)", "value": "ca3512ffed316f1e877218762ca4a53718a6ae35", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647933631, "uuid": "bdbe1433-c1de-4aa9-b841-a881d700b221", "comment": "Malware payload (AgentTesla)", "value": "bfa7d610fb879519d3ede37997862a1ce4330de404e58fdb2b24fb07781145115b5dbbafa3312c6e4ba2213fdfcfa875", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647933631, "uuid": "0f1b041a-908b-4c69-bb64-51f77d86a09b", "value": "T1E134EA07B94485D8CE7945FEB1078190B7C9DCBFD288B608BBC973A34EE16A11D26B17", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647933631, "uuid": "9b90f284-685a-4756-8518-fb5435c3895d", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647933631, "uuid": "1a646f36-a2de-4867-864c-1c4fd421bae9", "value": "3072:VAbD7uvfL1Qdtk5KGzBivpf0AdlLCv8UEKhwaqKnoVEfk:ub41QdtzV0qGqKoVK", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647933631, "uuid": "28167235-8904-42a7-8e48-beba52c27bd9", "value": 230400, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647933631, "uuid": "31822f7a-305f-4292-b857-83a91eb30039", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647933631, "uuid": "a776deea-23d7-4a6e-8ef6-f0cbb6c5767a", "value": "Quotation 6000063442.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "22017ba1-a99f-11ec-9275-42010a9c0029", "comment": "Malware payload (RedLineStealer)", "timestamp": 1647926147, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647926147, "uuid": "c23079d3-c800-49d6-b7ae-737fdee334be", "comment": "Malware payload (RedLineStealer)", "value": "50539aab3c6ac48a253602973676b03b", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647926147, "uuid": "a4b3735a-4833-4e7a-abb8-122ef80530e2", "comment": "Malware payload (RedLineStealer)", "value": "106729936454d450f51b198d4dc70bab1d9aed45030fa9b04947fcca1f50d85d", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647926147, "uuid": "9a1132e9-95c6-4644-9a04-f5dc9a6ef922", "comment": "Malware payload (RedLineStealer)", "value": "49695b85f5519c38889ab0d2965e44fbe7385d19", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647926147, "uuid": "bbd09850-4a16-4830-b90d-b58510e6c00c", "comment": "Malware payload (RedLineStealer)", "value": "c410f09530b349996fad4cfa8526437d4a6525196feda202cd6d2a4885f37ae767160a3af838096e08034d3cfbc54f7b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647926147, "uuid": "28ca5069-7a37-41d5-8264-66051626a9d8", "value": "T1753633529246ACCEE14F357C297434C539692138E9530D8BFB06CF6E1698D23CB793BA", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647926147, "uuid": "fd3c42f9-7b6a-4e41-8408-8bfb40a172c6", "value": "fddc083fa31a17c938d0a17ec7cd3025", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647926147, "uuid": "556c0edc-e733-4850-b40b-bfd0eda35301", "value": "98304:NunmMUr5OZb5+Eyb79NsDUbggH12xSqbXCyEGACRhkk+30p6N8UeA8wzj7O+jgF4:NuJUr50b5+R9NgUBH1TcXCyEtF0IqUe4", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647926147, "uuid": "f64721d4-521a-4a29-8db2-e427423bf3ba", "value": 4895384, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647926147, "uuid": "79e4cfff-8bb6-4419-a210-f40c61220adb", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647926147, "uuid": "fcc628d0-c066-4ab2-b05e-b78f25aa3d28", "value": "47419588.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "48de6c3f-a9f0-11ec-9275-42010a9c0029", "comment": "Malware payload (NanoCore)", "timestamp": 1647961002, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647961002, "uuid": "1ee53beb-8383-416e-bf63-98d696f33c93", "comment": "Malware payload (NanoCore)", "value": "62d2a5b95c0a1658390c1404debba0d2", "object_relation": "md5", "Tag": [ { "name": "docm", "colour": "#502578", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647961002, "uuid": "0fbd4402-3ba0-4500-b9b9-fa89fcc1ec6b", "comment": "Malware payload (NanoCore)", "value": "107915dca4b1dfe56c9986b4c8a593e60f45b9072b6d8863ff379208a93fa54a", "object_relation": "sha256", "Tag": [ { "name": "docm", "colour": "#502578", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647961002, "uuid": "74d67683-3508-4350-9749-902269d4a43c", "comment": "Malware payload (NanoCore)", "value": "8129cc9bb4c7c4fc80b5f21f6e22745d24ea6721", "object_relation": "sha1", "Tag": [ { "name": "docm", "colour": "#502578", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647961002, "uuid": "912757b8-510c-4505-ad5f-e2cc1be0a437", "comment": "Malware payload (NanoCore)", "value": "edf08877aa48fdbe1482d8da2fe0c954f868fb15fbe1da04b3a72aeef59f6fd86ebbd4ed7249af85eadca774ef09fdc9", "object_relation": "sha3-384", "Tag": [ { "name": "docm", "colour": "#502578", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647961002, "uuid": "e56dbc79-1c46-478f-a5bd-3a352b54ee54", "value": "T1F3424B78F5D00A3CE359377A82D16B1ED768F747F21649045A24AB9C0BF69934BBB204", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647961002, "uuid": "47aa3037-7877-46ce-9d17-3b214b334d03", "value": "192:5TI/tJ9aTi+gjyMtWNyun0mqQTnhr5O411FX5HQkJZbFTB8GoA6aGxdk:5E/t/+i+YyMtiyu5LOU1FykJzdkdk", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647961002, "uuid": "bef87fd3-1cc7-468b-9c71-e1ef896bd470", "value": 12284, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647961002, "uuid": "899a5e5e-d25c-4038-bf27-e380acd29df0", "value": "application/vnd.openxmlformats-officedocument.wordprocessingml.document", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647961002, "uuid": "55a6213a-6e95-4e64-ac86-3fbf6a41e9fe", "value": "shootcm.docm", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "28623635-aa0e-11ec-9275-42010a9c0029", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1647973832, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647973832, "uuid": "230642f6-2e5e-47c8-8ea9-4245454d6e7f", "comment": "Malware payload (SnakeKeylogger)", "value": "5bf413dd7e9494b7094b14537cb75288", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647973832, "uuid": "55324d5f-cbda-4ef9-ac92-e1cfd62e8959", "comment": "Malware payload (SnakeKeylogger)", "value": "108350e28ccd69d1403b9912de8bf882833d9f22b2e4d892d48c76da2241b186", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647973832, "uuid": "2e9b29cb-6338-4418-99dd-13612c4174d4", "comment": "Malware payload (SnakeKeylogger)", "value": "8a74c5db18e3eaa4fd1da875de901eb2bcceed18", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647973832, "uuid": "3f80d815-e59d-411e-aa25-e585983d4d90", "comment": "Malware payload (SnakeKeylogger)", "value": "d45073b2220250861a7a74598158fa59d7229897681b12601e2f3d3a690a9185f7262d74b1652701d9f88abcf1bb6232", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647973832, "uuid": "4428c764-62fb-453f-adfc-b948da5edd35", "value": "T122152384BFB99592C7064FB544360A1872F2D8299023F39BADC4972A06DF7DF42D2B47", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647973832, "uuid": "609e25b9-4aae-49e0-a957-e81334504d51", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647973832, "uuid": "57b0b6b5-5228-4074-8103-88df688afabc", "value": "24576:akohPNoAEG/B/Uze7x075Uq2TwmZYICUFCx/RZ:bohVEO5x0mq2HWn", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647973832, "uuid": "58538fdf-7319-4004-96c6-7c9b9fbc3ac3", "value": 956928, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647973832, "uuid": "ddab59f3-2c4a-481c-a0b3-313650d9597c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647973832, "uuid": "7a694027-f248-432c-8c8a-1d803a9c0c92", "value": "Hesap hareketleriniz.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9090b484-aa10-11ec-9275-42010a9c0029", "comment": "Malware payload (Loki)", "timestamp": 1647974866, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647974866, "uuid": "cb500eb2-975c-48b8-83a8-ac3f66b08cbf", "comment": "Malware payload (Loki)", "value": "72ecd86d4c50270d3df256633f490e9d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647974866, "uuid": "63615910-bfb3-4a38-b0a7-c89689f9f695", "comment": "Malware payload (Loki)", "value": "10a09655d773fb061a1972e273aa5801fa4d4ab586b91e146469c5981b5562b1", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647974866, "uuid": "a27894c2-2238-4fa3-a85b-ecd3edf8ecea", "comment": "Malware payload (Loki)", "value": "1d8c12f05340e4464159987a13871f7fb62e4e70", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647974866, "uuid": "4e9089ce-e4a1-4565-abac-ced15ead3fba", "comment": "Malware payload (Loki)", "value": "f4e4dba4998b4c69cc849c3ab3e63a1e7a178d59d3b7ee73a56c3ff206fe6f82ae67cb13e3a31cb58813fc599eff7e21", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647974866, "uuid": "b6a00f44-4e15-4dc1-883f-b7569d54373b", "value": "T1C5549E40B7A0D03DE0B302F47979D3ACB82E7AA15B2554CB22D62BEE56356D0ECB5347", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647974866, "uuid": "6d1f72ae-c56b-4ad7-aabd-862478eb4982", "value": "30c85236402d607ec86afd7c1aadbde2", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647974866, "uuid": "43ce5f4c-3132-4a21-9f22-7d70273d0010", "value": "6144:te2c5QLQRN/xxjNWZM0QFoQdBurm/hhDl8OPio5:UJQLMNTjsZq+QdBeml80T", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647974866, "uuid": "b0a03d29-1571-4b83-83b4-56612d26b149", "value": 302592, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647974866, "uuid": "8c82ca47-a36c-4142-be79-f96525702091", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647974866, "uuid": "3677005a-26a4-43c1-a86d-1ef0dcf62c66", "value": "72ecd86d4c50270d3df256633f490e9d.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ac9c8af1-aa14-11ec-9275-42010a9c0029", "comment": "Malware payload (RedLineStealer)", "timestamp": 1647976631, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647976631, "uuid": "7e364c21-06b7-4f8f-82a5-9ccacf22f6c0", "comment": "Malware payload (RedLineStealer)", "value": "451d1d11bbe21be4b799c4b6f1b6da0f", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647976631, "uuid": "6b2f563a-3b50-4f38-af45-e3339a93b697", "comment": "Malware payload (RedLineStealer)", "value": "10a690990e97a8478370953edc3e410269602bcf45cda5cb11712614faa278bb", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647976631, "uuid": "0eaf97ea-7a45-4e3f-862a-f92f7cc1bcf4", "comment": "Malware payload (RedLineStealer)", "value": "6f5b72bfec8e9785121bfc8354e672d132df843b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647976631, "uuid": "dedc95b5-565b-422e-b7d1-9657ad9a0d0f", "comment": "Malware payload (RedLineStealer)", "value": "cea69a5a68039e205f32b7ff1e728b08f287aa807aa5035f44aaff170eb91ffcadc6c890b2de5a345b95d081c3ee43eb", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647976631, "uuid": "eb5df8e3-4a59-4421-b4af-59bd1d8aece4", "value": "T11926334A5311A25FC052933074668B6F97C0BFA59EF570BE421593C39A7CFABF0281DA", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647976631, "uuid": "23c23aa7-47c0-4929-a325-abb0db56a419", "value": "7dc28ef949f54ad98c715895ecc34cff", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647976631, "uuid": "e60ae679-1ae2-40fa-8301-e29ee72d011e", "value": "98304:ihUjTdwRid2SWtAlnM6lL1Wn8CuywXfSvBnyGwJ/SO/:iMdYSEAy65yuywuy0Q", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647976631, "uuid": "6cbfedb0-990b-42ca-9525-ab44373113a7", "value": 4429824, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647976631, "uuid": "57fec879-bab3-45b4-ace5-5fe7c5cc1780", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647976631, "uuid": "7e5bc0fc-c80d-4d31-afb6-18a7ad0bcbaf", "value": "51556950.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "05f02988-a9e2-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647954876, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954876, "uuid": "2c06d112-1a42-4887-a576-3b85ad30e589", "comment": "Malware payload (Heodo)", "value": "19f99f4104f24b3e7c61959f6dc139f1", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954876, "uuid": "cab38083-56aa-4657-b7a7-3849a3268859", "comment": "Malware payload (Heodo)", "value": "10f07ae9a7284aa961e5c59c7ec2253109cadfbd39dde966b40de22c676caae0", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954876, "uuid": "f3369a4f-675b-49cd-b400-5ea79b215aa6", "comment": "Malware payload (Heodo)", "value": "cdb4b431d3af9d96e5c9b7bd621e2ba1390d15e0", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954876, "uuid": "8fffa8f1-c33b-4b27-b905-1f301cda2040", "comment": "Malware payload (Heodo)", "value": "9753af8070538593b382f5e76f12554468354c9e5df91ae11f0d11a22d2407fde19f148a164a06996fea61d4e92b6f2c", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954876, "uuid": "bba5abc7-992e-4b24-a204-6a2d8376ed0d", "value": "T1AAC47D1173C390F0C6576578840FE615AC7BB83C6B18857EB14B62AF4BF78909A346FA", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954876, "uuid": "e24cc69a-cc63-4910-9527-7e2b638efc81", "value": "c7be10fff3b5624b64714e5733abbf40", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954876, "uuid": "d34abc8f-5738-4864-97ae-9cfb4ec03c5a", "value": "12288:S54yM33d3q3Z7BogUreNmF+U/9JckIAGfUeb:SKh3831BoGN6+ADckbeb", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647954876, "uuid": "5374e98a-009e-495a-9254-73dc90dd602c", "value": 580608, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647954876, "uuid": "b66746b4-1f8f-4144-8d4d-e9946d0a6cff", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954876, "uuid": "a989252b-69ca-4930-b835-b2779175594c", "value": "10f07ae9a7284aa961e5c59c7ec2253109cadfbd39dde966b40de22c676caae0", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "80fcdd27-a9e1-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647954653, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954653, "uuid": "9faef250-78b3-4385-a18c-059db23aab74", "comment": "Malware payload (Heodo)", "value": "04e796138aed845ce1de161950138e8c", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954653, "uuid": "6901c8bb-53ed-40ac-ab48-0de9ba9bc284", "comment": "Malware payload (Heodo)", "value": "1100c6eea64b4c7d120ce8aaf21a1682d9fd59a5b84537667eaa430f99804d64", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954653, "uuid": "feccf94d-ac52-4d1b-86b4-3fc5f5b9ff80", "comment": "Malware payload (Heodo)", "value": "749b729866db0e02985891710759bc064d97b494", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954653, "uuid": "b54843d7-a350-478a-b1d6-9179645e37d5", "comment": "Malware payload (Heodo)", "value": "eeec426960e444a5c6f12b33e7884644ca9c10c25b74a68f8cb41791586b244f7b2d3dbf83bae42d7191765f7f5b660e", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954653, "uuid": "2223616b-6f9b-4ff6-b5df-bfee3cb0727b", "value": "T1B4B46B992251F077D11B503D0BCC2AAD7EEB88F09A6DF27FD2A3558D0F31190A62D993", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954653, "uuid": "ad0b2d75-5ddb-4bdc-901d-3b6bf2202f15", "value": "42fe0d732d1bb90c6a7a1bcfb8ef88aa", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954653, "uuid": "a9a06863-5a99-4f0a-8f6f-49e48961feae", "value": "6144:cH4C1DzgG1GCQw2HOOnPE10JQNqBtvrC4cHV9jp6YagzSAIVCL4Ry:cYC14G1GUgOOs14QkBtm1xpdIVCLqy", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647954653, "uuid": "e0e98e61-effe-435d-a027-b590cf43aa48", "value": 528384, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647954653, "uuid": "c0cafed5-087f-4e20-8b34-9af5fec88305", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954653, "uuid": "346c67ec-fe3e-439e-afe4-3f17c928c29d", "value": "1100c6eea64b4c7d120ce8aaf21a1682d9fd59a5b84537667eaa430f99804d64", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9917201f-a9e0-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647954264, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954264, "uuid": "84f0c257-c177-4f95-b3c3-59d2d9e4c569", "comment": "Malware payload (Heodo)", "value": "89ec1877cf47e27ac7c8b78c7ea974b3", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954264, "uuid": "7e70ffc1-45c5-446d-9a31-a34c328a1d8a", "comment": "Malware payload (Heodo)", "value": "1178499c1f5be6404926913fa910d14b0e80da04363461bbfddc37e0e21256a2", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954264, "uuid": "3d73a1d5-00bc-4ede-a18a-fa8b708543ee", "comment": "Malware payload (Heodo)", "value": "a548a13bb9cb7d2177afbf69661cdde03ceaab68", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954264, "uuid": "8d8df658-c3df-4153-9c89-03c91d504e60", "comment": "Malware payload (Heodo)", "value": "a2d5674f90ec7baa5ffd7b000feaf605a2f32781269f83c90638fb2da0f919cbe3380c6b224f284b8605bb1a56b46dc9", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954264, "uuid": "019a97ff-1291-45a6-98b5-afcc6a63b48c", "value": "T10325AE223AD5C07BE2AF16760506E76E62F5FD304B2586C36FD11BAE6E345C29739302", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954264, "uuid": "b8f3fca6-d6ce-4ffe-8e1a-9d36ff0682b0", "value": "c43d7d6aae03def404d4e73d7d3f62eb", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954264, "uuid": "aea5624c-45e1-4014-b6fb-d9ce8feccc72", "value": "12288:+LDlVD0Fj+g1dEJgcIzQHBKeWZlQ15tFjNRLU:Ci6fgcIcHB8ZKbLU", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647954264, "uuid": "eca9b8e9-2e99-487b-9513-57d864950da2", "value": 1028096, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647954264, "uuid": "2a1e7b44-3e81-4741-8427-fb4a5fa465b7", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954264, "uuid": "e8ecab25-a60f-483c-b8b4-68e408490b4a", "value": "1178499c1f5be6404926913fa910d14b0e80da04363461bbfddc37e0e21256a2", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "18b1f6df-a9e2-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647954908, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954908, "uuid": "9d7eb773-c2a7-4aaf-98d8-9d7cf1d3e4bf", "comment": "Malware payload (Heodo)", "value": "9ecae29ec49a1919ea08d7ebde3d10e1", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954908, "uuid": "6ebdcfa6-bd66-402a-854d-249e8aed7176", "comment": "Malware payload (Heodo)", "value": "117e5bc372b3aad1269cdc5c13f3c357f04533f25c7738da00a9fd107d8e616b", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954908, "uuid": "f1bf9dc8-ce49-4ec8-a67a-01e67a20fa87", "comment": "Malware payload (Heodo)", "value": "e977ec427ccd0fca01a0a1933becae1327e55bfa", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954908, "uuid": "a01af1ce-0c2c-4b16-972e-289f4833a714", "comment": "Malware payload (Heodo)", "value": "d84edc7ca0d772a491222ee5d2907b022408c196a042b0e0f141da59585839911e2ffab7b91a391ebcdb3c2f48eb79b8", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954908, "uuid": "e4a1a026-04a1-4956-b6b9-d3f3b2c74cea", "value": "T107C47D1173C390F0C6576578840FE615AC7BB83C6B18857EB14B62AF4BF78909A346FA", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954908, "uuid": "44b94f78-98c9-4273-a1dd-c4c626cff439", "value": "c7be10fff3b5624b64714e5733abbf40", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954908, "uuid": "34aeac32-5e9a-4faf-9221-3cb1eed0a076", "value": "12288:S54yM33d3q3Z7Bog3reNmF+U/9JckIAGfUeb:SKh3831Bo1N6+ADckbeb", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647954908, "uuid": "42f135ed-7030-47ee-b5b1-2b7427584677", "value": 580608, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647954908, "uuid": "0507c208-2679-4ad6-b47b-bfd5e4a26cc6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954908, "uuid": "510e06ee-8b11-41c5-af20-fe0439e5d03a", "value": "117e5bc372b3aad1269cdc5c13f3c357f04533f25c7738da00a9fd107d8e616b", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d88385fd-a9e1-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647954800, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954800, "uuid": "7596370b-295a-45b6-8cc6-788f5b3604d5", "comment": "Malware payload (Heodo)", "value": "8548528a543f298f78babeec4003145d", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954800, "uuid": "b09e0530-88d7-463e-abed-03a2f6f943af", "comment": "Malware payload (Heodo)", "value": "1193102c6315d6eeddbecc6020fe6cd114a0aa65f973f32547127a919eb95be4", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954800, "uuid": "d46a7a80-7b34-4c2e-9d58-9f9444573ca0", "comment": "Malware payload (Heodo)", "value": "8673dc99670519067a7ffcc46c38c7556bf229dd", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954800, "uuid": "ca1610a9-78b2-45ab-997c-396d3052f6f0", "comment": "Malware payload (Heodo)", "value": "0267b7c9089f7814cdc5a5e5fcce469834fbaa2f296424612b63564a031269876a1ba90b584e65188c1d2530741f38ad", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954800, "uuid": "63c8bf3b-6899-40dd-b0e3-961c5714603b", "value": "T1CCB40706B152B13DC24BD0B96E0167A951AED9FD0BB137A3AFA813CC06A34D5735DBC2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954800, "uuid": "5446c069-fa4c-4501-824a-27fb9ff3a87c", "value": "42fe0d732d1bb90c6a7a1bcfb8ef88aa", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954800, "uuid": "a8b9cff0-c932-41ed-9753-6b10f6ce71b2", "value": "12288:AASStHx1vVHO+1Hx54dg0p9n4WNL7XE0UdX:ecHfv4qx0np9l7XE0", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647954800, "uuid": "13246c9a-bb52-4c98-b7eb-6d28bf392912", "value": 532480, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647954800, "uuid": "e030ae12-bb0d-47fe-8bf3-0ed6e17fa5b3", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954800, "uuid": "b7da80f1-fbde-41e2-a91c-afaef066212f", "value": "1193102c6315d6eeddbecc6020fe6cd114a0aa65f973f32547127a919eb95be4", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cbf24cf8-aa3a-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1647993004, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647993004, "uuid": "b0817513-7cbd-4329-b330-155c02086676", "comment": "Malware payload (Mirai)", "value": "61de90431052aa2153035e6030749cac", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647993004, "uuid": "a547c4cb-a453-42bd-ae09-b18facbbed83", "comment": "Malware payload (Mirai)", "value": "11bfb55f3f48aff9e2071683e995d6d9896ea2bfecca49c7ba635dab1540fcaf", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647993004, "uuid": "c4c8c97e-44d2-4289-9739-55055a5ae925", "comment": "Malware payload (Mirai)", "value": "061735efbcefce7e4459303ffe44f304b4ff9734", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647993004, "uuid": "66c45d78-9aba-40e0-a81a-170ed9eef810", "comment": "Malware payload (Mirai)", "value": "716f1a9b81a0474153665d273aa16c6fad07fbc557a7b310abe9511a0f3b8ae6a8aedf72d15049352a800fce7970fd77", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647993004, "uuid": "d3c437ff-3be2-4d05-8b36-0691ef7b11c0", "value": "T19C2302432093BA03E03448FA4162CC9DB55EA6BDB1BF7BAB21494D154C75D93ECB18ED", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647993004, "uuid": "e1c5821c-8456-4e81-bf20-b99fa440d3ae", "value": "768:nK7y1XGO1LCNgukEkvwtqPnH7u83nc0iFir9q3UELWt/iw+kvBGg6+fYtrBHo:P12O1LCNguovDPH7TcrcKLWhiw+kvBG2", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647993004, "uuid": "1fd1c3e0-6abc-4d26-a152-6dd4f7188b64", "value": 48696, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647993004, "uuid": "6efd4f5a-f10f-42c0-a1cc-5e194bb7f962", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647993004, "uuid": "339bd0dc-2505-4888-9f5a-e56d5cf6b991", "value": "sora.arm7", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7c525b49-a9ed-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647959799, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959799, "uuid": "c3b12be1-6cf1-4e95-9efe-c50fd36b553b", "comment": "Malware payload (Heodo)", "value": "b5e849d02cc09fd99c033ff6cf47d23e", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959799, "uuid": "74baba76-f437-4340-b359-00f62204b767", "comment": "Malware payload (Heodo)", "value": "11d5577e0a67cd495a2916c1c97d83aec7674ab89dbf5f3b8615b98784936e76", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959799, "uuid": "4a9d0b9c-c6c1-43b7-b161-a13848d4382f", "comment": "Malware payload (Heodo)", "value": "6c304bdec0618b8dd2aeeb183444db37522fb5ad", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959799, "uuid": "9dc3a4f5-50a5-4df6-ba5b-8f5f351d0267", "comment": "Malware payload (Heodo)", "value": "f0c71c756de681d839de9b368d82d5816b76eac1d35117119e21c943a707162b20c8680765f4b863eb0160f5c85e3481", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959799, "uuid": "6e622967-be44-4165-b8bc-7903be539dff", "value": "T18FB4194F1E989172F0CF28776C22FB65F1EBB8009319B8116EA81B4CFB25B715961D4E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959799, "uuid": "1be6aa54-26f7-4db5-ac0d-7aced31106b1", "value": "ea66334e3c2bfce2838f2a75dde8dc63", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959799, "uuid": "5a5d03ae-c103-4d45-887d-6d39c46022cb", "value": "6144:8JZToYE666spbEgoZhZO1tJI+rB7FNXtwN2B5mq8dbSNQ7dqNThMx:8v/goZohlF/wN2PmBzdqNTWx", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647959799, "uuid": "78455c88-eb75-49b5-961c-0ea4ebacb873", "value": 516096, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647959799, "uuid": "19adc63d-0721-493f-ada5-01444255915d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959799, "uuid": "bb6f414a-305d-4711-aca9-810bbdcec052", "value": "11d5577e0a67cd495a2916c1c97d83aec7674ab89dbf5f3b8615b98784936e76", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cb01655d-a9e3-11ec-9275-42010a9c0029", "comment": "Malware payload (Formbook)", "timestamp": 1647955637, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955637, "uuid": "bf09b283-217e-49d3-bbf4-74b07eebe43d", "comment": "Malware payload (Formbook)", "value": "12b7531e6a9d29bd458f35ab11eecb53", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955637, "uuid": "c9bf6046-3f0a-45c2-8639-8ca118228b67", "comment": "Malware payload (Formbook)", "value": "11f9cf3e83d50d6db23ba46d367da519c510c00b993411c10e9e0e43bb333439", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955637, "uuid": "f20794f0-f846-4329-8ff5-36a7b9c7c9f2", "comment": "Malware payload (Formbook)", "value": "810acfec23c4692dcc7a01a82881462b88477f2c", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955637, "uuid": "6e3e212d-6363-4355-949e-cdfaaa9362fa", "comment": "Malware payload (Formbook)", "value": "a5654127c47cdc5cde1a53559b2e875b36854e77867e053437a77132ae99cc9cc62542b942969f52e43578a5734e41ee", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955637, "uuid": "15fa2b21-2ace-4e8c-adbc-f422b71b6b60", "value": "T184E4DF4B6B149F43D3C90B3844D6EBB883781FACBD138B6576B4BDCE79717592602222", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955637, "uuid": "761bc426-5cac-4e45-90c6-e8a69867705f", "value": "7fa974366048f9c551ef45714595665e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955637, "uuid": "d5e7f75a-b3b2-4a67-b40c-255dc0a4f69c", "value": "12288:cl47B/z2gyuyUypfvQBTn6SY+B/4zyAnI+6HU9Jj2eLRe:847BzFyufWvebB/4z9nI+6HsIeI", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647955637, "uuid": "4f4786a5-6def-480e-b884-63b20a19b788", "value": 681404, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647955637, "uuid": "15103772-3f60-4147-aa43-504508a901fa", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955637, "uuid": "6dc44f39-8c1f-48bc-be95-06eefa4eea46", "value": "Order Details_pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e618e388-aa10-11ec-9275-42010a9c0029", "comment": "Malware payload (AgentTesla)", "timestamp": 1647975009, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647975009, "uuid": "fa93df9c-5a78-4dfc-a110-913e1a3b0df4", "comment": "Malware payload (AgentTesla)", "value": "5f21884c9ea19a3b71b0d78077432dc4", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647975009, "uuid": "2b112a48-af77-4aa7-9449-3dd534e72662", "comment": "Malware payload (AgentTesla)", "value": "127e512be158b258d5db5e050b3b79c41bbdf08a66d11fd75a7ef93ccd1cc7a5", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647975009, "uuid": "5e7f0129-a9ba-4e2a-acf8-fd6dba5ecde7", "comment": "Malware payload (AgentTesla)", "value": "7bb611721040fd067b52ee2ba901c4097fc92871", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647975009, "uuid": "d5316e26-e57a-4490-9c07-652d199bfebd", "comment": "Malware payload (AgentTesla)", "value": "6f71a6866a83e4608660e61903082feb4c086d05c7fdc12611650eb62c45baefb35f25d7209e13904279655a98f0c0fa", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647975009, "uuid": "fd956097-0679-44b7-b826-66b22663793f", "value": "T1B984D03AA798AA1AC17C53350420D1B147F0AD461536EB6F7EF49CBB7E90B009F32667", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647975009, "uuid": "94876556-0c6f-412f-92c5-e14790e7445f", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647975009, "uuid": "99342451-f440-4291-b70b-7528e4ddf4e8", "value": "6144:BVJQgZbz3+g5OHBLvWpLxh6iptExweQvdRsnr:vlZ/3+sOHBvOxh6iptaQvAr", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647975009, "uuid": "c285cee6-3353-42cd-9801-d010155f505c", "value": 401408, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647975009, "uuid": "903a69fd-e794-46e5-b4ab-345371f776e0", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647975009, "uuid": "70c5cd4d-3183-453a-96bb-74df319b8ca6", "value": "5f21884c9ea19a3b71b0d78077432dc4.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9ce05c97-a9e9-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647958136, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958136, "uuid": "a54868cc-603c-4876-aac3-2b4b8837875b", "comment": "Malware payload (Heodo)", "value": "c4085efb609a0e25fe283b96a89e6575", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958136, "uuid": "25e82bf4-3e69-4c1c-9cba-44aa68cffd53", "comment": "Malware payload (Heodo)", "value": "12aed3adfa43e0bc9e7d7190b361005be46b31e7e53140759677b34191fe7b8e", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958136, "uuid": "98d1c945-812c-417e-a45e-315289565934", "comment": "Malware payload (Heodo)", "value": "e5534a92e658bee311b9ab27c10a15f515064714", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958136, "uuid": "fec62036-9949-406f-a960-0a14023f19a2", "comment": "Malware payload (Heodo)", "value": "bc1514463b41d4ce0729d8f28ef0a8cd2ad7648adcae8c822079c51be90dde4fecbbc34ad8d2b3547108ccbf51fd92af", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958136, "uuid": "d7b8daa6-566d-4758-9ee4-ae0bf04eaaf2", "value": "T141059C596B46C0F2C3B53CF0182A42B11D9AFAF2C7B7023B9E84167D9A70DC17768D5A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958136, "uuid": "97146c67-e21d-4ed5-838f-1fa687cd7a76", "value": "cd97bd977cef263c697f451ae2c47380", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958136, "uuid": "57afc576-f8a8-4476-8789-af77b830ef11", "value": "12288:V20BXOMcVzpWfmmnDDtX5P8fMYsvFE6NKGfLjx8QvbxafqNPOd4jy:V9XOMc1KmmDBX6svFEDGloyNPOO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647958136, "uuid": "1621b66b-c862-4337-b629-b4942dec8cde", "value": 799232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647958136, "uuid": "21f3c8a4-4009-491d-9f92-c135367700b8", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958136, "uuid": "1eb9077d-4c46-41b1-abdc-abe17ab5dc54", "value": "12aed3adfa43e0bc9e7d7190b361005be46b31e7e53140759677b34191fe7b8e", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "48c259e8-a97e-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1647912039, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647912039, "uuid": "cb1be050-b45f-42c1-aa1a-dc4fc43499ab", "comment": "Malware payload", "value": "916621cc0b8800f501c12db7af4f5a24", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647912039, "uuid": "cfc57e04-cef4-4d50-940b-7edc67d71131", "comment": "Malware payload", "value": "12d1e4d135fb37179387fdd7a6d8fe913a4810ac174fa85b7cacfa9588754515", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647912039, "uuid": "a5e7556f-36a6-4aba-b9c5-fcde2f1f4d57", "comment": "Malware payload", "value": "a1c1a6bab3ad9dc9c58ed269e7bc07bf3dcf743e", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647912039, "uuid": "23de8378-3d93-4ccc-8466-92a0a8535add", "comment": "Malware payload", "value": "bac7b38f03d06fdfd6bf62bc0c4c7d5e7091607c48b0f1532c83f6346eb3f2b7cb53a8aa458cf8b2e982c7b3a88607aa", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647912039, "uuid": "ace627b2-4dbd-4e4a-af91-006c59ca79f9", "value": "T1E1B4234C288AF447D122BBF760D3F80299CC720B6DC188A55ED47DAFA524B743E4B54E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647912039, "uuid": "acbe4137-1318-471c-b39d-2800d723e2ae", "value": "1a19a680a05982bdf258e0caafeb3b72", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647912039, "uuid": "95e52a4f-6c73-4daf-b449-208c20fe6dcb", "value": "12288:Bw2y2WHfvxvp/4Fe9r0CK/lGRgOUqmq9kR6lhKX427GsrENO:Bw2uHXRV4c9YCK/cRgOnmq9g612dsO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647912039, "uuid": "716fceee-e579-4d39-8b61-851d0e370b86", "value": 532848, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647912039, "uuid": "d53a53f9-bde7-45ff-af38-51e686a14849", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647912039, "uuid": "68bfd588-9d64-42c1-bc20-0d20ff6d3d39", "value": "42981393.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9f50d327-a9e9-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647958140, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958140, "uuid": "21865c88-d5ce-48e2-ab76-ad59e9499b85", "comment": "Malware payload (Heodo)", "value": "cc78f967ddbd04aa8332094354d24d9c", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958140, "uuid": "5d271bef-6599-4a85-ac0e-0df019a813b1", "comment": "Malware payload (Heodo)", "value": "12f3acfeb6b4b78f00373e7190fa5bf3a38881339f892385c5742d13ae73d5c3", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958140, "uuid": "78349e02-3770-4cc3-b809-3c653a725d18", "comment": "Malware payload (Heodo)", "value": "6365696d09a9d29643a7e6551612a4c8a81ade2f", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958140, "uuid": "f9db765f-0e32-4dfb-b05b-ef9c9bcd787a", "comment": "Malware payload (Heodo)", "value": "a3ea476b60c38ce2cfb05409a40a8f732faf56abd40f4a91e1f50f98e03daa690c92bbda99ffd11e731bb3ea17c0e2ba", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958140, "uuid": "a06f5202-4603-41fb-9f32-b7f97b9af323", "value": "T116059C596B46C0F2C3B53CF0182A42B11D9AFAF2C7B7023B9E84167D9A70DC17768D5A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958140, "uuid": "cd9fe639-a0c8-46bb-b2d4-b024e9729261", "value": "cd97bd977cef263c697f451ae2c47380", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958140, "uuid": "a34b0638-5cc9-4dd5-9bd1-19b7fff3d578", "value": "12288:V20BXOMcVzpWfmmnDDiX5P8fMYsvFE6NKGfLjx8QvbxafqNPOd4jy:V9XOMc1KmmDGX6svFEDGloyNPOO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647958140, "uuid": "866ecef6-a8ea-46f4-b64b-65be435af358", "value": 799232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647958140, "uuid": "9464b12c-f1bb-42e8-a5ed-705ae94ab9fc", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958140, "uuid": "0c88cb55-98d5-406d-960e-842a4262809c", "value": "12f3acfeb6b4b78f00373e7190fa5bf3a38881339f892385c5742d13ae73d5c3", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e9b0b523-a9ed-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647959983, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959983, "uuid": "582d66e5-c0f4-432c-8906-7c2ffa1faacd", "comment": "Malware payload (Heodo)", "value": "acaa89472db599f2db9899ff322d582f", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959983, "uuid": "2422f8b3-a8d7-4ec4-b896-a87affcb0ce0", "comment": "Malware payload (Heodo)", "value": "13088668bd4639502d11d8fe868ef31bb782e318da125a042491aac4488fbc58", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959983, "uuid": "c6108687-4870-464b-b8a2-3ee74eeb264f", "comment": "Malware payload (Heodo)", "value": "97b368748adb7fd040cdc6c45db5acfdf4a95fb0", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959983, "uuid": "8f83d670-41ac-4069-892f-a144bbcb26c0", "comment": "Malware payload (Heodo)", "value": "4fa428e169f3726abe65ceb9ec919b5df3052ae6ffa0b41185785fda71db4a570a8d60cd47e5b4f342e64e5a36091262", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959983, "uuid": "216269a9-0233-4a24-bccd-12b167ef7609", "value": "T19CB4194F1E989172F0CF28776C22FB65F1EBB8009319B8116EA81B4CFB25B715961D4E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959983, "uuid": "62ddf304-afbf-43fc-9cda-651b36817c91", "value": "ea66334e3c2bfce2838f2a75dde8dc63", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959983, "uuid": "adba41b9-18cf-40e9-b53e-51e5493a4c27", "value": "6144:8JZToYE666spbEgoZhZO1tQI+rB7FNXtwN2B5mq8dbSNQ7dqNThMx:8v/goZowlF/wN2PmBzdqNTWx", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647959983, "uuid": "777dac7a-785f-4ce3-8330-a37b26f8588c", "value": 516096, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647959983, "uuid": "cf5ca7d9-92c7-438e-bf1d-d216884e6257", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959983, "uuid": "93b399e3-c676-4865-a356-40382eafc0fa", "value": "13088668bd4639502d11d8fe868ef31bb782e318da125a042491aac4488fbc58", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cf909b52-aa05-11ec-9275-42010a9c0029", "comment": "Malware payload (AgentTesla)", "timestamp": 1647970247, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647970247, "uuid": "c12aa2f5-4213-46b3-8271-6dce6adcf708", "comment": "Malware payload (AgentTesla)", "value": "3c752b23f4944933dad001acef5e4d75", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647970247, "uuid": "c84435bb-738c-4ce2-9233-ec980799dfe5", "comment": "Malware payload (AgentTesla)", "value": "1342c38b78397874bd7d1c4b6c1b20891baecb0db722d4183ef8d78d598daeaa", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647970247, "uuid": "5568fb1c-9062-4abd-97a3-6b5259158dc6", "comment": "Malware payload (AgentTesla)", "value": "541da14921c345f3274525016abb2ad1bc92f02a", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647970247, "uuid": "796f5675-97b4-4daf-9cf0-abde82c07904", "comment": "Malware payload (AgentTesla)", "value": "0a78d21e356b6c5b0613b9f0859ed55ecf3593b9f38f27e24c29cd0cd7c6e5e05b0d1db78e6c0ffaea71c8f3a1796c8f", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647970247, "uuid": "e4d86fa1-2948-451f-bde1-032b6f42524b", "value": "T1C335230373CDDB73EDA60BB029D52AA157FA10561825E77DCC5300EB98AE7129B62317", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647970247, "uuid": "b4a1302c-6aa2-4a66-87e9-a94e20596ed8", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647970247, "uuid": "8036b53c-d4d8-44e4-bf3c-c33ca2bf41a8", "value": "24576:DohvKc6YInsg7rSxQM9CZ3gMd/5UQ3Np7sgExhHWRC6KVb9VqQA:DohyPh7VMQ6k5UQ3nwgcgRCNx/fA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647970247, "uuid": "f881e6b6-e836-41d3-b7bc-1752d4419ba0", "value": 1163264, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647970247, "uuid": "95571c67-4140-4c9d-ad0e-833c4f5e6ab3", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647970247, "uuid": "3218d350-18c5-4e26-92ce-abd1c2a25aa6", "value": "Q307448.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "26d66d9d-a9d5-11ec-9275-42010a9c0029", "comment": "Malware payload (Formbook)", "timestamp": 1647949348, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647949348, "uuid": "736f30ec-12d4-49ef-b0c9-be4e0cf2f10f", "comment": "Malware payload (Formbook)", "value": "e422931de0dca3bff8ff81c0a10ea72d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647949348, "uuid": "3c2c1259-01e2-4c7f-b6fd-9baf99ff6a75", "comment": "Malware payload (Formbook)", "value": "1359549cb60ef5ca5fca53dcc5a47d9552fd5e24afe09ef563f18051417fc4ac", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647949348, "uuid": "28e9e1ed-ba1b-4bd2-b1c9-0b5a50d6cfb0", "comment": "Malware payload (Formbook)", "value": "5947e3aa62a610bcfe5eee653dab91544a04005a", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647949348, "uuid": "d520b981-2844-4165-bd58-ce67758dbaed", "comment": "Malware payload (Formbook)", "value": "25e4ba236fd1d240a5a263b5172322507865cc820bff3846a7be29f26ddfeb4732e228b10a370c3a7699a095537e9616", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647949348, "uuid": "e3873a9a-50bc-4d7f-8361-e7fff50092e2", "value": "T18835AFA2F7919533D6331E349D1BB3A85869FF112E28A8873BF45C0C2F3668178251E7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647949348, "uuid": "999e942c-01c9-40ba-9fcb-16427bac6ca1", "value": "d8f60ca1875964a961eb776244c39814", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647949348, "uuid": "d49b5519-bf61-4a1b-bfa5-be6be04cd73b", "value": "24576:3GkQ9ftdUDQVYxNEeFgbTRUFau59fXwQlEeK320dkgbUhAviVW8OLxZdPYk:2D/zLK9tvH47pYk", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647949348, "uuid": "0c0d5953-4910-4480-b06d-1e583d69141e", "value": 1098240, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647949348, "uuid": "4d4ecbca-9edd-4acf-810e-5c6fc2013ec7", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647949348, "uuid": "1522a22b-8a7e-4605-9804-8f846c5bf4d2", "value": "FedEx's AWB#3366674038005.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "76b00876-aa12-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1647975681, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647975681, "uuid": "c1d068d8-2d86-4c14-8720-641393183781", "comment": "Malware payload", "value": "4e94dbd700337ebb5c6098d3af4949d7", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647975681, "uuid": "6abb4eb6-6b0a-4839-9ff3-f15a3e945863", "comment": "Malware payload", "value": "135b3bb19d6d2e71ffd8c3438c68b14c0de8680bade912e0e7afc87df85252a2", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647975681, "uuid": "0ed25e5e-0de9-47de-8f97-7f5508da5030", "comment": "Malware payload", "value": "a5162b4b0d1bb7fca6c3a5f7c5239618ba48763a", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647975681, "uuid": "2bc7b0b6-1b8a-405b-98b3-e887ea84695d", "comment": "Malware payload", "value": "39b7affb988fb4141d184f642fd25e9a2ed337db3633277efebd10198940c3453b31353195b1fad13f2859ada9290110", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647975681, "uuid": "f49a2ffe-c152-4bcc-97a4-171977a72e1a", "value": "T1B495E0099147E2BBFCEC08B3445090D4C29C7FAA7B1289CDE97AD58A151F482B7B6D87", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647975681, "uuid": "0b0a9309-eefb-4561-ba29-0206ddbd8edd", "value": "ae9f6a32bb8b03dce37903edbc855ba1", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647975681, "uuid": "41ab8677-c451-40cc-90f0-80bf97d9c143", "value": "24576:4ry2uXzmVLFC5kL985zsoPGSYUngx0OZ9T20zIg8k:4unTkL985zseGSZgjG0zIG", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647975681, "uuid": "4a8d2226-85df-4b96-97dc-ef09ba0e2ed1", "value": 1927506, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647975681, "uuid": "9139e029-b038-4709-894f-b94c9c7235c3", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647975681, "uuid": "6e0038bc-c00d-4c35-b304-0cd9c3a82157", "value": "4e94dbd700337ebb5c6098d3af4949d7.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6360d8e8-a9ea-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647958469, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958469, "uuid": "9b0af723-c200-40fb-ae8f-5918a3f2ee7d", "comment": "Malware payload (Heodo)", "value": "073f459e9c2550515c9d1f6b5e5bcae2", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958469, "uuid": "a458f3f1-199e-4fad-8bc7-0263dfee02bd", "comment": "Malware payload (Heodo)", "value": "13678f9ee7e04b60bb7f1d80cae2b3e63ddbe04b2c8808647374c30594b255cd", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958469, "uuid": "45114757-f133-458a-979d-db9760c9e327", "comment": "Malware payload (Heodo)", "value": "ec6abf3420755a411be4ed0ace38f1821a2e8998", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958469, "uuid": "3df413f7-f9ee-4dce-b0be-76e852d503af", "comment": "Malware payload (Heodo)", "value": "a09c82a96bafc41eb4bb1168bcaec45b9518c45aec7f9d7fa13455226fcd6ac8803e8d0b2c37402f02bed4f39da32add", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958469, "uuid": "4d3954f4-f288-4a22-90cd-aa02d2d7261a", "value": "T1E6059C596B46C0F2C3B53CF0182A42B11D9AFAF2C7B7023B9E84167D9A70DC17768D5A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958469, "uuid": "584f93e8-a9fd-4112-8eef-8557ca0fd599", "value": "cd97bd977cef263c697f451ae2c47380", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958469, "uuid": "0429ce28-f591-47dc-9254-97bf9571cd16", "value": "12288:V20BXOMcVzpWfmmnDDlX5P8fMYsvFE6NKGfLjx8QvbxafqNPOd4jy:V9XOMc1KmmDxX6svFEDGloyNPOO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647958469, "uuid": "e22986b0-a293-48d3-aae5-e9ddc31abcf1", "value": 799232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647958469, "uuid": "bbeac115-dac8-4fbd-b2ed-8c7be3ff8adf", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958469, "uuid": "3e20de0b-0eca-4bca-83ac-407be0dec04f", "value": "13678f9ee7e04b60bb7f1d80cae2b3e63ddbe04b2c8808647374c30594b255cd", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ff7173a1-a9e9-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647958301, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958301, "uuid": "52455d0b-a172-499d-8e5f-40c982bb87ef", "comment": "Malware payload (Heodo)", "value": "4e97cc8c064c4714d693ad0375f0b751", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958301, "uuid": "c2fb5b1a-fcb5-427c-a8f0-1cb35260a1db", "comment": "Malware payload (Heodo)", "value": "137f8b7c3c991f840d5a344cb5180a84d4574c343447fab1524e8bff802b875a", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958301, "uuid": "5c2b3eda-6f70-419b-8727-1da07216c8e3", "comment": "Malware payload (Heodo)", "value": "3147dee5dcad285abc848a1b3d6a416a33319654", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958301, "uuid": "ff7b0068-3b04-4dea-a2fa-372fdc4a0215", "comment": "Malware payload (Heodo)", "value": "d62a6f56821fc76448fb7ce21c7710c2d3841f6d7641ea4456a3fa5275adfdb900b230f5cae3e16ad80643627993a209", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958301, "uuid": "b9d0cea4-a4a8-4ae7-95ab-664c094e4c2d", "value": "T15F059C596B46C0F2C3B53CF0182A42B11D9AFAF2C7B7023B9E84167D9A70DC17768D5A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958301, "uuid": "a6b4c943-a0cc-4f8f-a4a5-f4c28466f859", "value": "cd97bd977cef263c697f451ae2c47380", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958301, "uuid": "84c405d7-f33f-4622-8a6c-46aa6472a059", "value": "12288:V20BXOMcVzpWfmmnDDcX5P8fMYsvFE6NKGfLjx8QvbxafqNPOd4jy:V9XOMc1KmmDAX6svFEDGloyNPOO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647958301, "uuid": "facc367e-0fed-469e-858a-baead43e632d", "value": 799232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647958301, "uuid": "0a023353-e0e0-41cf-bafb-0764eee6165d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958301, "uuid": "061cfb43-315a-4342-b9d7-525668f7496d", "value": "137f8b7c3c991f840d5a344cb5180a84d4574c343447fab1524e8bff802b875a", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d294da45-aa10-11ec-9275-42010a9c0029", "comment": "Malware payload (ArkeiStealer)", "timestamp": 1647974977, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647974977, "uuid": "3a6c0e61-ba06-439f-9da4-5abb027481b9", "comment": "Malware payload (ArkeiStealer)", "value": "3e8307ec4f41763c93622f351eba6774", "object_relation": "md5", "Tag": [ { "name": "ArkeiStealer", "colour": "#21CE25", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647974977, "uuid": "05c633e0-c31e-4b83-b25d-b553e60f2640", "comment": "Malware payload (ArkeiStealer)", "value": "13a68e687d6f5afa19b1cb993f3402f93dfbd3f2d7cc782c1912453ce877d381", "object_relation": "sha256", "Tag": [ { "name": "ArkeiStealer", "colour": "#21CE25", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647974977, "uuid": "d83d3077-984d-4921-afca-01b3afa8936c", "comment": "Malware payload (ArkeiStealer)", "value": "91c624f49334cda914b74f684cb5d7479283c178", "object_relation": "sha1", "Tag": [ { "name": "ArkeiStealer", "colour": "#21CE25", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647974977, "uuid": "c7f2474f-cfdb-4f95-93e6-213cebe419f3", "comment": "Malware payload (ArkeiStealer)", "value": "6af47755b67d39a6b1196d2358d1cfec930f8338ed2d112265fd19c3cbaea2793c442be051697dfdfa629385eeaeb12f", "object_relation": "sha3-384", "Tag": [ { "name": "ArkeiStealer", "colour": "#21CE25", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647974977, "uuid": "39ab871c-5f8d-45aa-b49d-82f1597f1b83", "value": "T1EC44E0123741E632C4D360757829C3A16E3EB8311661CD473BD92B2E5E343D6BAF5B0A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647974977, "uuid": "fb260325-845d-43c8-b5a4-c3448925f0bf", "value": "9b5dd8ae6c49e5fbd407dc1f346434cc", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647974977, "uuid": "dac042a8-d3ed-486a-a50f-0ee1edf9e286", "value": "3072:PZBfnKjgFj6tyoAmBBBLHRLBuisUz3IMgm3A5tjVp2B:BBvKjzhxLBPsC40sy", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647974977, "uuid": "4b42bfe0-1246-4b0e-8e30-92ec8afa83ee", "value": 275456, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647974977, "uuid": "c274fbd8-d146-4ab5-a950-05517d441399", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647974977, "uuid": "c568d987-3304-4f04-aedb-63900a7f08a2", "value": "3e8307ec4f41763c93622f351eba6774.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5575aa6f-aa18-11ec-9275-42010a9c0029", "comment": "Malware payload (Formbook)", "timestamp": 1647978203, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647978203, "uuid": "8a692a71-759f-439c-8838-a3f296857124", "comment": "Malware payload (Formbook)", "value": "f5906d38d394de35afb9bd59854f1aab", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647978203, "uuid": "84046110-a291-4f0d-ac05-3bca6f777484", "comment": "Malware payload (Formbook)", "value": "148c446a57a6fbd00b50a3249d8af23fed3b09f80f765825ecdf09dc7323ffb8", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647978203, "uuid": "ee3a5d01-271c-4a2b-b4b4-ab54ad4d0a4f", "comment": "Malware payload (Formbook)", "value": "4ad8825d3faf0e906ac4ee22a3eef3132fbe1de2", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647978203, "uuid": "e2a87c72-9d5f-418f-acb5-ca75fb686a92", "comment": "Malware payload (Formbook)", "value": "0e492efc529992479ffa9806511451deae0aa191fbdf88e82a057554b8b3d20e1154463d5468c81b63961e7c656c6242", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647978203, "uuid": "16bc964d-5240-4bff-bbf3-39be26550a67", "value": "T17815AE629D9C0991D6FD76F0DDF394540BBDA205AB19BB4F0C70A0FD0C82AE94F8D692", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647978203, "uuid": "0da48932-7e67-400f-8271-ff1467e37974", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647978203, "uuid": "c21d7052-c0dd-41d3-b228-a95524b174de", "value": "24576:p9fbsVmF0SZkR493UdUYFCqAQ8ZHWZTdz:fKmozdA/8x", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647978203, "uuid": "28afb2ce-982b-48be-8f9b-5f9637e9cc29", "value": 911200, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647978203, "uuid": "8cdd4afa-7720-4b1a-ace5-e6293ca34be8", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647978203, "uuid": "82024fca-9ac1-4254-86ea-e88b3c630beb", "value": "11283777364563997_pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "27ac36fd-a9e4-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647955792, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955792, "uuid": "543ec8a5-e785-4e87-9b48-7acee8b0050f", "comment": "Malware payload (Heodo)", "value": "145f76119440ba87838c690b9f1fc6a9", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955792, "uuid": "cddc6c11-af37-4058-9e06-568971ac756e", "comment": "Malware payload (Heodo)", "value": "1500db38df63a1466e73ddd156ec0ba77d7256f8dd1ba1191c4f1520b69c3e28", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955792, "uuid": "a8a40b59-b2b6-4444-b1b6-7ab73fcdbd14", "comment": "Malware payload (Heodo)", "value": "2414d7c05931befec3fd0d7b7f1fc5db12c6467d", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955792, "uuid": "5f1df8fa-66a5-4a2e-82cb-0df552b9122e", "comment": "Malware payload (Heodo)", "value": "3fed9fdae053fb7928982c9ea5b25344398d603e9da332ebe092631fd32e8563e3b3b9c6b037c583609f8f8ca1992908", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955792, "uuid": "965e6dfe-9ced-440a-8c01-18dddc2d7f2b", "value": "T1A6D41A30BD5BF0F8C48A1BF46A05CA59620B7EA05625B0A372EE774D6F321334D39796", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955792, "uuid": "e5b6fa1d-4164-47f6-87b0-d6d971494389", "value": "b193e4975b360aaa9ff34a6f93823ae8", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955792, "uuid": "1b15ded9-c2c7-4426-abac-7a766bc17dc3", "value": "12288:ZxpNJJJ2NHPoczJuOtIhxf3foRXIa5EPwvA:Zx2gczJuFf3fnaFvA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647955792, "uuid": "6584ad5a-cd7e-4401-b503-f34b5f1e3c02", "value": 618496, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647955792, "uuid": "c061f40d-76f2-4acd-807c-69951a3163d4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955792, "uuid": "9075788d-5170-4f35-b31e-d3b7864ccbf2", "value": "1500db38df63a1466e73ddd156ec0ba77d7256f8dd1ba1191c4f1520b69c3e28", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "01f39f98-a9ea-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647958306, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958306, "uuid": "515d0f39-1ef9-4b6e-940b-b1371ef52841", "comment": "Malware payload (Heodo)", "value": "abf7126cbabe06b29fa225f0d1c3ba6e", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958306, "uuid": "4a29d8a8-14f5-406f-9558-c45995d43a30", "comment": "Malware payload (Heodo)", "value": "151ea4b08ac6d49f0ffb163e38f6f40cbcc041c72eafdceec4a8ac94f2941c1e", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958306, "uuid": "3101f016-df44-4632-9c16-d298efd6ed1e", "comment": "Malware payload (Heodo)", "value": "f06d0220015e9841532d0f252c4c90d886741022", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958306, "uuid": "56805fa9-439d-4cc0-9577-0be08fa1b083", "comment": "Malware payload (Heodo)", "value": "f2f33262ede92202e78f013ee395002765eb31a4339d54fd7d14d2e440c477e81b79c888d3ac5c0dae37e8e7ccc1b492", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958306, "uuid": "99e3f3fd-9441-4a43-8202-6eea756d3091", "value": "T14C059C596B46C0F2C3B53CF0182A42B11D9AFAF2C7B7023B9E84167D9A70DC17768D5A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958306, "uuid": "516ca1fe-3bff-450a-a60c-37b3783dfd8e", "value": "cd97bd977cef263c697f451ae2c47380", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958306, "uuid": "20669e06-ccad-4fcf-9363-0174a4241adb", "value": "12288:V20BXOMcVzpWfmmnDD5X5P8fMYsvFE6NKGfLjx8QvbxafqNPOd4jy:V9XOMc1KmmDVX6svFEDGloyNPOO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647958306, "uuid": "83280178-901a-486f-80e9-eb67cbf479e0", "value": 799232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647958306, "uuid": "e393b9aa-18f9-4466-90a3-cf106e77feb0", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958306, "uuid": "e1354e6c-a767-436b-b53f-8706500409fb", "value": "151ea4b08ac6d49f0ffb163e38f6f40cbcc041c72eafdceec4a8ac94f2941c1e", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3506bb2b-a99f-11ec-9275-42010a9c0029", "comment": "Malware payload (RedLineStealer)", "timestamp": 1647926179, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647926179, "uuid": "9e8b2379-8a4f-4c71-a848-faf59abbcdc2", "comment": "Malware payload (RedLineStealer)", "value": "87f554be64c299294e12611e38578d5d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647926179, "uuid": "f13ce249-7b4e-48b8-9c8d-e1c63c62aeb2", "comment": "Malware payload (RedLineStealer)", "value": "15240a122fca28b46141b400e0302a61a74ddb69b3fbe980d6bb83f7d7e541e1", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647926179, "uuid": "8184d848-c969-49e2-bdd3-29c574147262", "comment": "Malware payload (RedLineStealer)", "value": "ecada0e4f4443d6fa995b281b4c68a228feb882e", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647926179, "uuid": "3add0e00-c2ab-4fdd-b828-62567ad6dca9", "comment": "Malware payload (RedLineStealer)", "value": "348fd73473d226c01c588eeeb0554c304d2263aff0e99c6d694a9c68a3820a6345738a696c3282bcbfcc3aa4991d26ed", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647926179, "uuid": "20844d4e-08ca-4097-aac5-b87e17a969f5", "value": "T15C3633497CA82421E03EFF74B9B15368BBE7EB75A518688ED0B3991CF7B500E0978474", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647926179, "uuid": "6ca7bb31-533e-4e7a-9aae-b1567bfd65e0", "value": "fddc083fa31a17c938d0a17ec7cd3025", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647926179, "uuid": "00c50a10-c48a-43ed-80dc-e513b5a6f0f1", "value": "98304:OKYcgq9naHrE7tKvLl9VvcXyiDoafGFy:Bo037tALaXVDft", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647926179, "uuid": "76409075-de21-491f-950e-f0986d6b4e04", "value": 4896624, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647926179, "uuid": "5febb240-eca2-47c1-84ca-d7c636b5cc33", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647926179, "uuid": "1aaacdf0-d067-4b0d-b59d-10aa43f58b37", "value": "47695853.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cc535096-a9e4-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647956068, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647956068, "uuid": "52d1fdcb-d933-4a2f-ae19-fedc367f4f1e", "comment": "Malware payload (Heodo)", "value": "01f447571f7b4da3f4b869c17195dfc6", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647956068, "uuid": "bbed0388-e916-4229-aeda-da017cdd3081", "comment": "Malware payload (Heodo)", "value": "15425ab787de6352710aa20442098876be8547cb6c9fa134ff2b927d59c77c43", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647956068, "uuid": "b8d959a2-532a-496c-9111-6211d18fd781", "comment": "Malware payload (Heodo)", "value": "e64f9392cd195ac35747b7f9bbc2528be3d7ffdc", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647956068, "uuid": "863f1df8-8adc-4a99-b0f2-10b07fb75042", "comment": "Malware payload (Heodo)", "value": "11e5d423615fa75a16e0c4bafd64a609d942fd79074d1cccea07323c44f19d17a4ca90126ce9e4c036747d65de566bca", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647956068, "uuid": "b3d56c78-0081-4464-88a8-16849aef3bad", "value": "T153E4BF4177C2C0B6C15E017A5982D35D22F9ADA1AF3996C3ABD0BABF7EB40C29D35311", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647956068, "uuid": "b6c1e19e-4374-4902-9055-4a0ac47c7eaa", "value": "5529db874583b5635436baabaebb4b71", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647956068, "uuid": "58508ea3-c6b5-4305-ba51-0ee0c892f411", "value": "12288:hr7tPMgvzJAHX/18nLrOo2HYJnfA/QCwirzKA0YhR3Hm/zZe+sB9qF6+Z2ncwH2i:ffdA3/18nLrOoaYNfYPhabS10", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647956068, "uuid": "4c09c867-7818-4fd8-8570-72f7f8201e2e", "value": 675840, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647956068, "uuid": "431622dd-abb6-43df-84e2-97aafa520737", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647956068, "uuid": "43dc3102-7818-463b-988b-4d3d5f69abab", "value": "15425ab787de6352710aa20442098876be8547cb6c9fa134ff2b927d59c77c43", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "75d831de-a9b6-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1647936166, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647936166, "uuid": "d9bad31e-ca92-4b7f-a19d-8af8697f91f8", "comment": "Malware payload (Mirai)", "value": "0b823594b2cffd43ecacbf35a2c630b1", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647936166, "uuid": "3036163a-6890-40b7-a63d-ca24f3c7a13a", "comment": "Malware payload (Mirai)", "value": "157883ea0516112ac3d780f8577dec24d5a1819336973b98c9f9df56dab88cbe", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647936166, "uuid": "8994f0a9-f134-4d83-956b-11beb79568a9", "comment": "Malware payload (Mirai)", "value": "ac2d4b0769fde9cd85841a8d4e75ca46fde545e2", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647936166, "uuid": "0f96184b-e7ed-4a72-9e81-06e116e7067d", "comment": "Malware payload (Mirai)", "value": "62489521653cebf482ac3a4e9c0919a79b57e59a5756734e17a24909e6a2b8041a482c32e7a1eb53b5c46cca0095d9f1", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647936166, "uuid": "fb675dcb-1d88-421c-a7b9-466ddb9a9d0e", "value": "T1FA832A9ABC819B01D5C512B6FE2E158E331317ACE2DE72179D145B3037CB92B0EBB519", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647936166, "uuid": "1aaa04ee-f990-40f0-8450-5c0752b5bb06", "value": "1536:6Rn7qwfjs+zZyjqwe3lpq/5ILZzhyaYLbb5MPigfyx8axqc5XYVz:5wfwTjfAp6MzEaXfyx8axqclO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647936166, "uuid": "47ef4123-90d9-4342-94cf-f5aad94d90df", "value": 87180, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647936166, "uuid": "31eee758-1142-4388-a0c7-efe981ad420c", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647936166, "uuid": "15fd3704-439d-419e-b614-f335dafd8df5", "value": "0b823594b2cffd43ecacbf35a2c630b1", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0d5efdd1-a9e4-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647955748, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955748, "uuid": "50259506-4d79-4553-8e4a-b194a7e780da", "comment": "Malware payload (Heodo)", "value": "059beed370541d2be4d8e1d9a82f8fd4", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955748, "uuid": "9afc82cb-3cc1-425e-9fed-e9a33e1f17fe", "comment": "Malware payload (Heodo)", "value": "15a2616ed57685831e733190239b78eb7fd7746f6921c9dd74f5656b7964dce3", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955748, "uuid": "a2516f0c-932b-45eb-96c9-4ae1c78a12c5", "comment": "Malware payload (Heodo)", "value": "9e63e3eca05b07fad2e5657077088cd470fe9149", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955748, "uuid": "dc09d1cc-901c-4e3d-b9fc-0a0685b77d3e", "comment": "Malware payload (Heodo)", "value": "b55f9a860af36e0ad4a43ea27bb938644b245cec2b938b905178c4d2159b06f06df574228ee3389004e07cba034573ff", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955748, "uuid": "2b8040b4-e1f1-4c41-b6ab-4b12cb75ac77", "value": "T17DD41A30BD5BF0F8C48A1BF46A05CA59620B7EA05625B0A372EE774D6F321334D39796", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955748, "uuid": "a4cf5ae7-6a1a-4539-b660-81edb553cc4f", "value": "b193e4975b360aaa9ff34a6f93823ae8", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955748, "uuid": "fa94f94a-80e6-4a91-8b10-69a756adbdcd", "value": "12288:ZxpNJJJ2NHPoczJ2OtIhxf3foRXIa5EPwvA:Zx2gczJ2Ff3fnaFvA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647955748, "uuid": "7f870e76-3c2c-4b2d-8f83-e9cdce8fced1", "value": 618496, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647955748, "uuid": "fe36c960-e604-451e-8d5e-d8c2d7fa65e7", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955748, "uuid": "f0278e07-134f-4ae1-954f-7b8bb1dc7125", "value": "15a2616ed57685831e733190239b78eb7fd7746f6921c9dd74f5656b7964dce3", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a214be4f-a9e9-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647958145, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958145, "uuid": "619b4b9b-43c1-44fe-9ece-fbdcbf3f45a2", "comment": "Malware payload (Heodo)", "value": "0a38c9a9286ba8790d4672d2f9808300", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958145, "uuid": "bd3a2e30-d9a9-43fa-b900-a4244df405d0", "comment": "Malware payload (Heodo)", "value": "15b5f408c6ce12b0885c1169aae8e4151dc782d5175b8aefefd7325a2e10056b", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958145, "uuid": "823936d9-322b-4d5b-91fb-dedae65ad977", "comment": "Malware payload (Heodo)", "value": "f1cf45e77f5e77c3a73de5acdc2150fb22159994", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958145, "uuid": "198b422d-ed02-4d42-ac8d-deacbf94c9d0", "comment": "Malware payload (Heodo)", "value": "f3e2d17645f460c37db8f900bd933551763b13d492aebf6119fda616a0eea3d8b023f5a6ad350d88973c5bcb42bf5194", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958145, "uuid": "fbdf191e-1fad-4596-a174-e56d21e6450b", "value": "T191059C596B46C0F2C3B53CF0182A42B11D9AFAF2C7B7023B9E84167D9A70DC17768D5A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958145, "uuid": "5435f958-8f9c-47f8-9470-2d9ee6acb86e", "value": "cd97bd977cef263c697f451ae2c47380", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958145, "uuid": "d1bbea73-0720-46b0-9d19-43985b1179df", "value": "12288:V20BXOMcVzpWfmmnDDgX5P8fMYsvFE6NKGfLjx8QvbxafqNPOd4jy:V9XOMc1KmmDcX6svFEDGloyNPOO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647958145, "uuid": "f2a24c68-f2b6-4573-bd21-60b2bf9080f2", "value": 799232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647958145, "uuid": "59f47056-35a5-447a-bb16-1073c7fe870d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958145, "uuid": "b1a3a0c5-c864-48cd-a2c3-66b3b2d03b72", "value": "15b5f408c6ce12b0885c1169aae8e4151dc782d5175b8aefefd7325a2e10056b", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a4ddf019-a9e9-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647958150, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958150, "uuid": "7052f86b-925e-41c0-862c-231769e67053", "comment": "Malware payload (Heodo)", "value": "b155c9d26ce705fe6e8bce667f214cae", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958150, "uuid": "4f209361-caeb-4458-b4e2-5ce3cb6389e5", "comment": "Malware payload (Heodo)", "value": "15bed30f32c0982cdfb7848917a24b5c62d54916b19f944057a8ea7e5f0cc9c7", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958150, "uuid": "7b09d3a3-8df9-46da-bcf2-8122b3c9d7fb", "comment": "Malware payload (Heodo)", "value": "daca2c11ef7fd92c833fdfe1a4a7195ee87d5133", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958150, "uuid": "e4c99aae-e617-4fdd-83ad-0c3d5d48bed8", "comment": "Malware payload (Heodo)", "value": "31b308aafad396c52e83898a63bd14a9c8ef985292b95751d460b75bee8b19a3d2546353f991f8e965ef5d98448ddd5b", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958150, "uuid": "13adb3ca-687d-4afb-8227-997c9bb61a15", "value": "T1E3059C596B46C0F2C3B53CF0182A42B11D9AFAF2C7B7023B9E84167D9A70DC17768D5A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958150, "uuid": "9ee18fb8-2e4a-4233-ab36-de14ed7f5f32", "value": "cd97bd977cef263c697f451ae2c47380", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958150, "uuid": "ec1add86-9014-46a4-92f9-6e8069cbf328", "value": "12288:V20BXOMcVzpWfmmnDDqX5P8fMYsvFE6NKGfLjx8QvbxafqNPOd4jy:V9XOMc1KmmDeX6svFEDGloyNPOO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647958150, "uuid": "c1e1774b-56e8-4daa-9a9a-b1c47a4b12ab", "value": 799232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647958150, "uuid": "fce388bb-6b26-40cc-9fb6-39e1a9d3a09e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958150, "uuid": "8a90eae7-bbee-4182-9119-6ae7d68c3262", "value": "15bed30f32c0982cdfb7848917a24b5c62d54916b19f944057a8ea7e5f0cc9c7", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "73107895-a9e1-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647954630, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954630, "uuid": "72069a82-5fea-41d0-9020-a09ed9b589c7", "comment": "Malware payload (Heodo)", "value": "da9458dade8e8620e8b577f4643af0d6", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954630, "uuid": "53057072-19e7-4701-8c10-0a5b7e9935e2", "comment": "Malware payload (Heodo)", "value": "15e9e4dbd3bc1a29a823ac496da9a60c85af214a3eb2bca520e959a8230e64dc", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954630, "uuid": "b8a2f214-36cd-4fc9-a19b-c9932d928983", "comment": "Malware payload (Heodo)", "value": "a4e68a1c372fefaf66c225a8101b3614a26fee01", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954630, "uuid": "22219409-d3e5-4bb2-8e00-f4a6e3bc4ba1", "comment": "Malware payload (Heodo)", "value": "dec3d5dc315c09dfb4e78a86f3a8602e0be3bdc869335782b6325bed5a8ac1f9c46843c92888acfbacd80ad00d2f5aa1", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954630, "uuid": "1e1f0e5e-787f-42d5-8ae5-841a69fe6307", "value": "T158B4AE11B790C076D2AA36342512E3B51AEDBC709AF5838B7FC07B7E5E315918A3835B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954630, "uuid": "8a188c51-86f9-4c9d-987a-aef9c782213e", "value": "f08242131de62ca6d7c4b2727b491b3d", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954630, "uuid": "faf082e8-0dcd-4c77-a3f1-2c99707a7e87", "value": "12288:dbFLiEzuSo9guqHuWjr2pyJ4W6SpktSuHE:5VWSo9guWh6ZE", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647954630, "uuid": "12b1378a-e080-4273-8652-8415de6bb9f6", "value": 500224, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647954630, "uuid": "cf004b0c-129b-4190-9fef-5e6b13baf960", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954630, "uuid": "cabd8a8b-6dab-43c9-9e5f-6a4d1730e706", "value": "15e9e4dbd3bc1a29a823ac496da9a60c85af214a3eb2bca520e959a8230e64dc", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a7c24453-aa15-11ec-9275-42010a9c0029", "comment": "Malware payload (RedLineStealer)", "timestamp": 1647977052, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647977052, "uuid": "21e5afd5-e85e-41ba-ad27-41d2347a6707", "comment": "Malware payload (RedLineStealer)", "value": "5c6181a1e038b1025793d63d9b8d8ca1", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647977052, "uuid": "805b3b4a-36e1-429d-b9b1-b733f621bb8d", "comment": "Malware payload (RedLineStealer)", "value": "164fae86b63c179c74d83504516b42a8483854c85a0a16984231489d9b1001e0", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647977052, "uuid": "ad4b1899-3b8a-4001-826c-cb5009cc918d", "comment": "Malware payload (RedLineStealer)", "value": "61a28f62c2d0df4a0650812984606687fd59f2fc", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647977052, "uuid": "b49ac60d-7225-47b8-8177-7f987132cf1f", "comment": "Malware payload (RedLineStealer)", "value": "ab2e5844976d791a3a9bfd2b93aef3fd5875ff712e9694d50f82cd1a45dada9ca097c036f2f879c08076dc96db3299b0", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647977052, "uuid": "bcc66aa0-0a75-43d7-95a5-e9acb33655dc", "value": "T1B694E0113785C432DD621E308D16C6B14E3FBDA299269687FB84AB9E9E32391B731342", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647977052, "uuid": "78c8829b-9f35-486c-9794-34ab8ec0bd79", "value": "9be15dbd8c71b70c7f8bc63920782bda", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647977052, "uuid": "2f0e2bee-8d51-4cc2-865c-3302b805f655", "value": "6144:b+jdrYuh1exMoX98o1FA6uyCd8FKtwZ28igaomq:Kj1//i9817ywAm", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647977052, "uuid": "c79db77c-9e87-452e-9590-a3f15560829e", "value": 420352, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647977052, "uuid": "6db7b3ec-7b04-47fb-b7c5-905af7adcc93", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647977052, "uuid": "cd2e5357-32de-40ff-b3e3-891b89a18ce4", "value": "92692652.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2745b204-a9b8-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647936893, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647936893, "uuid": "def031a1-196a-45f7-9799-0fc600c354cd", "comment": "Malware payload (Heodo)", "value": "a2ddce490ff63c27d5c7250b1ea23b96", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xlsm", "colour": "#6BFEB7", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647936893, "uuid": "f972bc80-2029-45a8-ba62-4fdcb3436fec", "comment": "Malware payload (Heodo)", "value": "1657902edfe446654331e430631ecedc7b227b55fe1ec23a2852f9dfe555a504", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xlsm", "colour": "#6BFEB7", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647936893, "uuid": "5be76851-ed75-4a33-8f10-bd43f964e605", "comment": "Malware payload (Heodo)", "value": "a18316892e9a1ccc8150510570860f93426dce5c", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xlsm", "colour": "#6BFEB7", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647936893, "uuid": "d7e38939-35a0-4ff2-b99d-d0c8abfecbb4", "comment": "Malware payload (Heodo)", "value": "fd83677015545d1cb4a9ec878d1ba986b1e9da5ed3588cbb50c68bcc2506ff17b95a008e3e24f7050fa8d950c388e1ff", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xlsm", "colour": "#6BFEB7", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647936893, "uuid": "ea5caa8c-47d2-4e95-a8e3-2b6b2b830493", "value": "T1D2F2A031F2E29F55E476583C468CDAF8D73DDB22420A7E2C308A537C5F126666A4F28C", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647936893, "uuid": "d688ff69-c09d-4ae0-b02f-5a81605f8740", "value": "768:DrtDp5eCAjOZpqcVbZYpoRuBlIiOKMArOooooooooooooooooooooooooooNQ3:DrtlgCUOZZ1ZYpoQ/pMAIY", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647936893, "uuid": "2d1874ac-385a-4408-81cf-aa409fdcfc46", "value": 36493, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647936893, "uuid": "a2377609-60ec-4fc0-a9e1-00c0282f18a3", "value": "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647936893, "uuid": "46b1a0ab-2fc2-4732-8ec9-bca592df0cee", "value": "mensaje 7331049.zls.xlsm", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2cc25897-aa0f-11ec-9275-42010a9c0029", "comment": "Malware payload (Formbook)", "timestamp": 1647974269, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647974269, "uuid": "3f3d4e3d-9299-4430-8dc7-9823854b46d0", "comment": "Malware payload (Formbook)", "value": "1ceb46d9ec4cfd18a969f62d67ab04fa", "object_relation": "md5", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647974269, "uuid": "ef500b26-93e5-47f0-bfdf-be8f05f235a2", "comment": "Malware payload (Formbook)", "value": "16d108f51f45ce601a5b10165629fb8fd6893508e03a2288374c2741a9474e11", "object_relation": "sha256", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647974269, "uuid": "defde423-d6f7-4cf6-a494-1c8da071d29d", "comment": "Malware payload (Formbook)", "value": "4be673e65e1c3d7944396f5b0a5c0ba73d6a340d", "object_relation": "sha1", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647974269, "uuid": "41c74ab8-9842-4b8d-9381-c27a47b76b70", "comment": "Malware payload (Formbook)", "value": "02861dd6380e96326ba74f84b30b81f919aae5572630ab3fd8d18a97eb43d88503b6737156d83372d0be5499499c960e", "object_relation": "sha3-384", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647974269, "uuid": "90d329fd-4808-4ff2-bc4a-b9cc92f8cf85", "value": "T1A0352353B65C8BB2FBBA03B085B211848BB521953513F51DCCD244FA96EBB24DB13B93", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647974269, "uuid": "bac32e28-a0aa-4fef-84f5-9f5f8fd55717", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647974269, "uuid": "eb816569-4f42-420f-adc1-79dd530c979c", "value": "24576:HohvKc6Gx6HTfBVUXTM+yVpKFNiVpIF5UgsXobpbet0dWOoJ6:HohyEx4V+yaeVGF8obpk0dVoJ6", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647974269, "uuid": "c0c84d8d-2a05-4c7e-8d37-8db345c609e9", "value": 1090048, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647974269, "uuid": "1732e118-d2e4-46f5-afae-58d43f64941b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647974269, "uuid": "8b6f28de-6822-4ba5-902f-b8d951fb797c", "value": "DHL 22-03-2022_pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "81e8a337-aa15-11ec-9275-42010a9c0029", "comment": "Malware payload (RedLineStealer)", "timestamp": 1647976989, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647976989, "uuid": "17565abb-84b6-4f86-8986-f9e6aaa837a9", "comment": "Malware payload (RedLineStealer)", "value": "fb47bd5df322999a379765079d178702", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647976989, "uuid": "a11b0afa-539a-4b55-aba7-3ceabdea1065", "comment": "Malware payload (RedLineStealer)", "value": "16d96c32a4e70a6de0d1c6e560d5b1e2b528a584b84c4888abf18242658332bb", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647976989, "uuid": "05138b99-f6c1-41bb-b719-be1741d19c44", "comment": "Malware payload (RedLineStealer)", "value": "bb60c7a7e100ae8266cd40a17ea2fe96702a53ac", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647976989, "uuid": "7dd72394-3b12-437e-9553-ca672777db64", "comment": "Malware payload (RedLineStealer)", "value": "70b476f7e64ec738e4f288756a038b21b0ddf7885756756aff3ffd71750302f1e1daf4db1c64c7624696e56f8f81856e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647976989, "uuid": "84d4a63a-b92b-4999-8295-a6a817c1c999", "value": "T1853633FB884D1C18DC979DB2B5B381027B7C9008AC5DE00ABDDADA9798F0617798D17E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647976989, "uuid": "4d8467d0-f955-443c-8e34-89a24e68fa55", "value": "fddc083fa31a17c938d0a17ec7cd3025", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647976989, "uuid": "e727f743-ac5e-4565-8fa3-396fdad15a4f", "value": "98304:EoU4lVNx3dbqgiJSxbwQ/tEkOPwHs3AzGmFv1ac5TL:TUsrx3dbqgikxnlZx6kV1rxL", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647976989, "uuid": "33fed3f1-3ac3-4bb1-a4a7-b45e9e40bc89", "value": 4874184, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647976989, "uuid": "fcea0019-30b0-402d-a022-b5fdd7d81f1c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647976989, "uuid": "8fae741f-135d-4aa9-a429-2b60712f973e", "value": "56303359.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bcd18b9b-a9e2-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647955183, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955183, "uuid": "8e7b2681-0016-4654-bd1e-81b1a67fcd34", "comment": "Malware payload (Heodo)", "value": "37ecc440761e5fb353c133d59d853f5a", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955183, "uuid": "8df0aa98-3c25-4cd5-af45-fc930518232e", "comment": "Malware payload (Heodo)", "value": "16f86dc9d6808716e73b6e1aab40f2fb24533cf75c90f060080b9dbc1229cbbb", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955183, "uuid": "79cd7b6c-86cd-4cc5-9a48-199637e98631", "comment": "Malware payload (Heodo)", "value": "4b6fb2c5a7f03e7a912df23809c7036a0fae9eb8", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955183, "uuid": "0ada2002-22d0-4501-a7ed-c5bf2e8200b8", "comment": "Malware payload (Heodo)", "value": "82f183accfef5ba43b253f1138dda5166fb1451290a71e5f20029d0ffc61dd966928ce1df534e8fc67b8fbbc52fd5791", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955183, "uuid": "ebd30591-411c-4686-a570-1826506f2a1d", "value": "T1C0D41950735AE1B7D0429CB58D1A82B5A90F6CA14A2471F3BBDE371DEB789B017213CB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955183, "uuid": "8196a856-fc30-4cec-b73a-21fc08c38369", "value": "463401f61c44b0d918f1e23374db995b", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955183, "uuid": "eb061cb8-ece1-4e8f-b92b-7145b7f0cdfa", "value": "12288:DjN/Z2wkRrA9CRDCjElAjHDsndSyHOrNvEP0Oua:dEHR+CR1yfsMyHOpJL", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647955183, "uuid": "49e9c4e9-b3e0-43fc-a565-52d5bf04b4d3", "value": 613888, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647955183, "uuid": "049054a2-8444-4d12-92d4-f2a95bd3ab7c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955183, "uuid": "bdd27bba-f68e-453a-b594-cf39dfe79642", "value": "16f86dc9d6808716e73b6e1aab40f2fb24533cf75c90f060080b9dbc1229cbbb", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a52ee86e-a9ed-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647959868, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959868, "uuid": "a0ecaf81-9a63-4f92-a479-b0f166d158a4", "comment": "Malware payload (Heodo)", "value": "abfa842549a70cb8e5d2a472e5d6f6ce", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959868, "uuid": "2e3ce30e-9951-4af1-bad8-1c04a134f080", "comment": "Malware payload (Heodo)", "value": "171a6b635361d5a03753ebe790714ecae9b30b14d084e97d4e1e54a029898ab4", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959868, "uuid": "25eff810-1817-475b-a879-5accee5f6514", "comment": "Malware payload (Heodo)", "value": "fb96398c21f261de5597536af32aa6e4625e387a", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959868, "uuid": "39c1ed41-15a4-4d80-ad59-ca68d5cf559e", "comment": "Malware payload (Heodo)", "value": "d271f818fe533f404ccebbd27e7555872e89d89cabbeee9da3d2c113653149b59f09cbfd76e6c700e6cb2ebed23ab63e", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959868, "uuid": "7ec075f6-e3f8-44d8-85fc-45574c587543", "value": "T177B4194F1E989172F0CF28776C22FB65F1EBB8009319B8116EA81B4CFB25B715961D4E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959868, "uuid": "f892b733-185e-4e12-918b-f34d7c86a168", "value": "ea66334e3c2bfce2838f2a75dde8dc63", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959868, "uuid": "60ab31ff-1225-4258-bae9-64f50f45410d", "value": "6144:8JZToYE666spbEgoZhZO1tZI+rB7FNXtwN2B5mq8dbSNQ7dqNThMx:8v/goZoplF/wN2PmBzdqNTWx", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647959868, "uuid": "b1f6f8aa-1792-486e-b91d-7d29350b4b27", "value": 516096, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647959868, "uuid": "d24f9164-3572-45d2-ac33-2c45691abe0e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959868, "uuid": "c4dfb2e5-1da1-49db-ac1d-e3c1e8c88fb8", "value": "171a6b635361d5a03753ebe790714ecae9b30b14d084e97d4e1e54a029898ab4", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d6be1e27-a9df-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647953938, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647953938, "uuid": "2413d7d4-a674-4c6e-8e7f-ef4e7abb4044", "comment": "Malware payload (Heodo)", "value": "7553537380d0ae712552ec9ea223d8c8", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647953938, "uuid": "a5810558-3e0d-40bc-b7fe-25f49f30ae63", "comment": "Malware payload (Heodo)", "value": "1740874ca6d69d8ced32f08a77521bd914ccc073667db35fb9808da643248edf", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647953938, "uuid": "7112b9ee-32bc-4011-9335-14743c824f87", "comment": "Malware payload (Heodo)", "value": "f6ab34682ca560ccf7ee02959937bfd1dadd3ca7", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647953938, "uuid": "42250922-db97-44a7-874f-401c64701924", "comment": "Malware payload (Heodo)", "value": "69b33e246a336331b117595b81ba686392afd9286edc7a063df1025fd18d8b4518acb2a0ea6f95ec13bf513c4f0ee252", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647953938, "uuid": "4357de08-f0d1-4cb1-9390-876dbd7e2359", "value": "T1F725AE223AC5C07BD2BF16364506AB6E62F5FD304B359AD76BD02BAD6E345C28735302", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647953938, "uuid": "b48cf187-307f-42f5-898a-4e222f89d519", "value": "c43d7d6aae03def404d4e73d7d3f62eb", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647953938, "uuid": "a86d90b8-7d2b-4282-8043-8edc182b6611", "value": "12288:3EfTTMN0tPXuuddE6R4eehQv1mR4z+ZinQ2v02gesq3MOeqxyo8:3EfTfvuaR4rhQdmuqX3HcMOeWyB", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647953938, "uuid": "3d90ab3d-d215-4fbb-b276-e5912ff74204", "value": 1036288, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647953938, "uuid": "e7b84e25-6605-4f0d-872d-48a8f7ed88fa", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647953938, "uuid": "3d82a934-ad8f-4f35-9ab6-79940d7562ef", "value": "1740874ca6d69d8ced32f08a77521bd914ccc073667db35fb9808da643248edf", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "abfad254-a9e8-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647957732, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957732, "uuid": "d1e5cec2-5bfe-44cf-b5aa-fceae70760b8", "comment": "Malware payload (Heodo)", "value": "7d765b82b8575cdb6e54889aa142060f", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957732, "uuid": "e6498167-af3e-4f3e-abfc-cee04d8dd64a", "comment": "Malware payload (Heodo)", "value": "174ae9245f667a5a4d2617f11e8992c29629bc02646b7c4fe50d93af6114038f", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957732, "uuid": "65dd543a-f218-4f16-b162-d1bf459e3875", "comment": "Malware payload (Heodo)", "value": "0fe1387118b28ec26526deb942423e706ad9dc4f", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957732, "uuid": "b6be92cb-ad2d-487b-8644-82dad05981e5", "comment": "Malware payload (Heodo)", "value": "638521dff3bbeaba4bafa1206917636c26fc2c118e3a3f3fa16267291ace234549a7f891b8e0a29f2ed0ce1133cbad8a", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957732, "uuid": "08d85866-10b0-4083-91d5-e486b21ebedf", "value": "T12E059F7A2B43F27AC7E50DFC186002981A75BAB2C7F7A4272F88327E5E717C15E61911", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957732, "uuid": "1844b271-c3c4-4835-be82-5e1f953862ab", "value": "cb131077fd443ccf418450d8ed763df9", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957732, "uuid": "58acdb0e-341c-4bd9-afe4-105dc0815e77", "value": "12288:KVHML2QJe6XxhqCWeQHR5f/jsVL6TwEHJlTeRNV52:GML2QJNxhqmQHXj1p0RN", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647957732, "uuid": "eed9800e-c404-45e0-a520-2eee82c42f31", "value": 815104, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647957732, "uuid": "de8c7356-0fc8-4302-9228-64ed2c8bc8f5", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957732, "uuid": "4c76a0b8-58eb-4422-8244-8497f6412e97", "value": "174ae9245f667a5a4d2617f11e8992c29629bc02646b7c4fe50d93af6114038f", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ab1c24c4-a9b8-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1647937115, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647937115, "uuid": "11227b7c-aa3b-4340-808f-0736550e577a", "comment": "Malware payload (Mirai)", "value": "53dd2630263d8028a1557e5aad1186dc", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647937115, "uuid": "ab739a26-5093-41fe-9ca0-da7bc3f89e28", "comment": "Malware payload (Mirai)", "value": "1776f58935b583f2786775255bdae9aad5b495154ffd43a87fa35de663f56ff5", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647937115, "uuid": "487f52f9-f52c-4375-8ec6-a9eb77c03e9e", "comment": "Malware payload (Mirai)", "value": "dcf93a823023e59a5f34f3c87c7367d500be97a9", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647937115, "uuid": "d92ed3a2-2106-4977-a455-1f61a489ecfd", "comment": "Malware payload (Mirai)", "value": "add5ad8b1a9d6e746c1c149689691481af96e6ef9f10e3da89325ab160a5081e367f3a96fca39b8315d359a642d6b969", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647937115, "uuid": "2daa54fa-db7c-49a0-a0f5-47ee6444a495", "value": "T10C733CD9B400EEBDF80ADAB64117490BF521A3518B930F3BA327FD977C720A45917D89", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647937115, "uuid": "109f4a9a-7af8-4e88-9716-67557aeaef33", "value": "1536:upw/AZtUAbg8bKZhizQ+KsJDis8XSLc34OWvnOK3v5NM1fhp:uFPg8WZhiz8ADiOpOynBU5p", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647937115, "uuid": "4c5e6df2-940a-41de-81ff-55bb4301d124", "value": 78472, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647937115, "uuid": "8569247a-582d-467e-9649-2b760a243e2e", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647937115, "uuid": "9407584a-9f41-424b-babb-e008ee76733a", "value": "53dd2630263d8028a1557e5aad1186dc", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d873a703-a9e2-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647955230, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955230, "uuid": "0eb6d027-38bc-4890-9b43-53d88fb751e3", "comment": "Malware payload (Heodo)", "value": "a259775a9e2c122c5c78d24d5ac58bb7", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955230, "uuid": "77ac2b46-6103-482f-8c02-1f55d476e2aa", "comment": "Malware payload (Heodo)", "value": "182d4f977682bf8fb46345d0722379dce7a30facf555c047f2f474a42aef98d8", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955230, "uuid": "42ba9538-4892-4508-918e-f093c1f462ab", "comment": "Malware payload (Heodo)", "value": "60127f99361b0c1d40d49301e9c94d90dbc5dda4", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955230, "uuid": "520abe11-a11c-44f6-8abe-c9a362c946bc", "comment": "Malware payload (Heodo)", "value": "2978563e599dfbe70c53ef5f4766e18ea4e3dcc5c74ea3cc49d03143233d89d6110ef6f30b0b5315d0a40f17666a8c7b", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955230, "uuid": "fde17325-2d90-40ef-9143-25a94673a6ad", "value": "T1B7D41950735AE1B7D0429CB58D1A82B5A90F6CA14A2471F3BBDE371DEB789B017213CB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955230, "uuid": "ab000eae-016b-4bae-bbb9-cfad23f5b65d", "value": "463401f61c44b0d918f1e23374db995b", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955230, "uuid": "9db6a304-1033-4b86-86c7-c536c0cd3572", "value": "12288:DjN/Z2wkRrA9CRDCaElAjHDsndSyHOrNvEP0Oua:dEHR+CRWyfsMyHOpJL", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647955230, "uuid": "9c362160-68e2-46f1-8020-bcd8be9e21fe", "value": 613888, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647955230, "uuid": "3ece01bf-9e4a-4a3e-a63e-122ffc5d2df8", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955230, "uuid": "921a9967-5dd3-49ac-8481-093d14001c66", "value": "182d4f977682bf8fb46345d0722379dce7a30facf555c047f2f474a42aef98d8", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f95f17e0-a9b0-11ec-9275-42010a9c0029", "comment": "Malware payload (Formbook)", "timestamp": 1647933810, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647933810, "uuid": "6fdbd613-266f-4ba1-880c-32eff709dab2", "comment": "Malware payload (Formbook)", "value": "56bce15094db3959bfe65523db929731", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647933810, "uuid": "bbbcee16-6cfc-4339-a5ab-09db4339ac1e", "comment": "Malware payload (Formbook)", "value": "1847e8de135d28fcb37ace0a43ed8f0f672e68fad31c5b6aea53fb79bde06a93", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647933810, "uuid": "df86e59b-8108-442c-84a1-2c853c5abfbf", "comment": "Malware payload (Formbook)", "value": "b397a7f23d317d0ddf8986bece55536c54eeaee4", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647933810, "uuid": "0fca4520-c1a2-441a-b32d-6fe1b51872f9", "comment": "Malware payload (Formbook)", "value": "9ecaf06f053959200f2463675ec786e93f7955f8826b8cbe4a5e48124d842f9d304ab44f7c71d0ca9eacad7e8993acd5", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647933810, "uuid": "c1f34b73-064e-48c6-afb2-c161fb0f9c79", "value": "T11435F8AD711472EFCC27C1718A648C74F6117CBB632B490A90973B9A6E3E487DF540BA", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647933810, "uuid": "ee8817a4-f68f-490e-9f28-30e258c3c4e7", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647933810, "uuid": "09ec7d58-e2f9-4029-86f7-feea0174ed34", "value": "24576:H4kxRmVEtsf7HwxQs7dB9EjZbCYUKgHdbPjUPT:HXKECEO8dPUo9bPjW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647933810, "uuid": "f77d278e-0e66-4ca1-8c18-e3376a2869be", "value": 1097728, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647933810, "uuid": "f4876fd8-358f-4200-bc2c-3f5ed3c83433", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647933810, "uuid": "0a317b12-c13b-48c2-be39-8b3039c8d995", "value": "SOA.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "005e389e-a9e3-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647955297, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955297, "uuid": "df13deee-67d9-46b9-81b9-158fb442e8cf", "comment": "Malware payload (Heodo)", "value": "76534d8eefe5c6712d2f6c6467e81565", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955297, "uuid": "0b9370b0-48ba-4ecd-bc18-a4c249032951", "comment": "Malware payload (Heodo)", "value": "184852d13615c7678a2a9726574988eba2a1f803e48c06ecb2b9724f1d3aeb43", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955297, "uuid": "a90d66d1-7aa9-49ae-af50-7970c437f572", "comment": "Malware payload (Heodo)", "value": "b96b62e76071ac97cbfa7037912d353da6789a12", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955297, "uuid": "b7661587-e957-4a9f-8388-fd50794f5981", "comment": "Malware payload (Heodo)", "value": "dbf50ca6f431beaad62e7928e4e25d567f9b5e02adb97f3c46217c648b9abe13271d11cac39ff84454c5bd671175c2f3", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955297, "uuid": "04726d93-e3e2-4f6b-8b60-5bc1d316cf88", "value": "T13ED41950735AE1B7D0429CB58D1A82B5A90F6CA14A2471F3BBDE371DEB789B017213CB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955297, "uuid": "35e7c6a9-cad9-4a93-bca0-a0820aadf587", "value": "463401f61c44b0d918f1e23374db995b", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955297, "uuid": "c7015e8f-7969-4b59-bf2f-b90de93de912", "value": "12288:DjN/Z2wkRrA9CRDC6ElAjHDsndSyHOrNvEP0Oua:dEHR+CRqyfsMyHOpJL", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647955297, "uuid": "ac980b69-63e1-4bea-b832-1c91a688d364", "value": 613888, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647955297, "uuid": "b3fa9264-dad2-4196-a555-16d5b6ec1d35", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955297, "uuid": "59c4a1aa-b6a0-463f-ac34-7b5bd9760327", "value": "184852d13615c7678a2a9726574988eba2a1f803e48c06ecb2b9724f1d3aeb43", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "04692585-a9ea-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647958310, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958310, "uuid": "3bd5ac13-41a3-48c8-832a-a22683540942", "comment": "Malware payload (Heodo)", "value": "26efb923384b2e294c188d830f3cd012", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958310, "uuid": "e39bd2c0-5e2a-4ebb-8db5-e4ffb95d2730", "comment": "Malware payload (Heodo)", "value": "184dfd2f0675a61ca72c4f7ed29000d07a55597fcc47e1f55cc895f4f5696b8d", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958310, "uuid": "1b88d550-981f-4590-9213-8e4c12ef773d", "comment": "Malware payload (Heodo)", "value": "baa27c791dcd0b396f80727f22257443e094a9af", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958310, "uuid": "33b96883-8df9-4670-8512-fc477f2c2be2", "comment": "Malware payload (Heodo)", "value": "abaabc6c6f69afdbc333a9c94872ca890d647f6089fd4e63d47c9d8c20268d6f027ce1aede6e349c30c195211459c429", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958310, "uuid": "50085761-f57d-4eb9-9b76-15d336e46003", "value": "T1C8059C596B46C0F2C3B53CF0182A42B11D9AFAF2C7B7023B9E84167D9A70DC17768D5A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958310, "uuid": "ebd98f27-f26f-488c-8400-1a740acae379", "value": "cd97bd977cef263c697f451ae2c47380", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958310, "uuid": "e02a87cc-60a7-469e-92e8-7b7ba8dff101", "value": "12288:V20BXOMcVzpWfmmnDDFX5P8fMYsvFE6NKGfLjx8QvbxafqNPOd4jy:V9XOMc1KmmDpX6svFEDGloyNPOO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647958310, "uuid": "aa71b37d-d597-4226-99ad-fa406fb63ddb", "value": 799232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647958310, "uuid": "ca101704-523a-4e70-8b5a-daabee244e30", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958310, "uuid": "5d7bfc2f-87be-4740-a2cb-9b4f7cb1581e", "value": "184dfd2f0675a61ca72c4f7ed29000d07a55597fcc47e1f55cc895f4f5696b8d", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9b53204d-a9e0-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647954268, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954268, "uuid": "7e8b0c5e-be0e-443a-8abd-b1a947de4257", "comment": "Malware payload (Heodo)", "value": "a2cffd3f1704797e93ccac9cbc3aadab", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954268, "uuid": "2fa58e7d-6cb8-49f4-9c4a-1a43c212dc6f", "comment": "Malware payload (Heodo)", "value": "1858261b2f71c9b57afdd642f4879f1e4fe0bfa312bc7d5dc11293f4580c89b4", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954268, "uuid": "4df1f89d-662b-4abb-9c7a-4cd0d0f1bee2", "comment": "Malware payload (Heodo)", "value": "06bedfb9ad3572c1fc002cb8d6590cef6b2e987a", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954268, "uuid": "4a268316-d61c-4ad1-8679-425663a5fe61", "comment": "Malware payload (Heodo)", "value": "303600e152970be0a6c51921a19d845daa4812516f8d43917dd62085b8d6a1bc7c1b14e6e5fa8c4e506b1b20a2dfae6e", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954268, "uuid": "1426743a-eccd-4ac5-b8c1-5f9c5c656b03", "value": "T15225AE223AD5C07BE2AF16760506E76E62F5FD304B2586C36FD11BAE6E345C29739302", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954268, "uuid": "b35ee3c0-43bd-4748-a131-736b8526ab4d", "value": "c43d7d6aae03def404d4e73d7d3f62eb", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954268, "uuid": "bcb50312-dec0-4c38-b8ea-68e7fb2955ef", "value": "12288:+LDlVD0Fj+g1dEJgcIzQHBKeWZlQz5tFjNRLU:Ci6fgcIcHB8ZgbLU", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647954268, "uuid": "57e45b31-8bd9-4c01-b891-7f077293a765", "value": 1028096, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647954268, "uuid": "4b3ba1a4-ea3c-46ce-9ba8-c5977a21c794", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954268, "uuid": "fe13511d-5a87-4272-ad66-c753583b23fc", "value": "1858261b2f71c9b57afdd642f4879f1e4fe0bfa312bc7d5dc11293f4580c89b4", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bf2a0d59-a9e2-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647955187, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955187, "uuid": "c9c5222f-6325-4645-bb8d-d1ce29bcf7af", "comment": "Malware payload (Heodo)", "value": "5090ec1ec51638c3ab0f9ce7598369ef", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955187, "uuid": "06bd1c93-8f8c-491b-bfd7-ce1496ae07b8", "comment": "Malware payload (Heodo)", "value": "18c4a5d7890df12629b384d985e93f0e60b91355d6a3cd45dfc46e4c7b5852ee", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955187, "uuid": "47edd001-7223-4f70-8375-081fbd598f7b", "comment": "Malware payload (Heodo)", "value": "e28bbff3f98e50e2b467d084fefd4483c9ba0a42", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955187, "uuid": "b79255b0-a183-4409-9216-0aec00681aed", "comment": "Malware payload (Heodo)", "value": "f879de9d2f070af1da874e93b51fa72c85d120e84fd131f6da9cad3035f3574eb050ed54f8ed27fd1107784f9962a348", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955187, "uuid": "633df2ce-99b3-470c-b9a1-53963911763c", "value": "T105D41950735AE1B7D0429CB58D1A82B5A90F6CA14A2471F3BBDE371DEB789B017213CB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955187, "uuid": "49311391-04d3-46b1-8019-1d846781a263", "value": "463401f61c44b0d918f1e23374db995b", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955187, "uuid": "a572bbac-5292-41f6-845c-12689a93c0ac", "value": "12288:DjN/Z2wkRrA9CRDCyElAjHDsndSyHOrNvEP0Oua:dEHR+CR6yfsMyHOpJL", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647955187, "uuid": "5c57c502-2196-4729-bacd-3c6bcce04a44", "value": 613888, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647955187, "uuid": "1e966070-bc43-406e-ac17-e56331130f1c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955187, "uuid": "d31d6471-568e-47fd-b332-ff3dd2f0ebfd", "value": "18c4a5d7890df12629b384d985e93f0e60b91355d6a3cd45dfc46e4c7b5852ee", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a767b86b-a9e9-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647958154, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958154, "uuid": "62c6bb96-fb55-4f82-9fc9-319e71721497", "comment": "Malware payload (Heodo)", "value": "fdb5f7d7b310839d24b218469b599b40", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958154, "uuid": "7be54e74-085c-44ec-9abb-fbf4815d219e", "comment": "Malware payload (Heodo)", "value": "18c4c010e21ec0a0e588dc8978eeca56cb4e72ecbf5e8793bfe9dfff704b71c7", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958154, "uuid": "ff95b886-a1ef-4509-8c1f-bdf3adb6c4ba", "comment": "Malware payload (Heodo)", "value": "7091585d6e498034512725e3a0e7fd46146e1ca8", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958154, "uuid": "514fae2d-c271-48ce-b9fb-43f7721f67c0", "comment": "Malware payload (Heodo)", "value": "f01cced94a3e4c57417a584e82a6777d0391af82ad8dc4dcd434ce0c928d2f081a41afd7fe653eef036ab988dff5ece4", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958154, "uuid": "86ba679f-5aae-45ca-9815-e77c862c0464", "value": "T1D4059C596B46C0F2C3B53CF0182A42B11D9AFAF2C7B7023B9E84167D9A70DC17768D5A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958154, "uuid": "6afcfed8-621c-4610-8596-366cb3d1f108", "value": "cd97bd977cef263c697f451ae2c47380", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958154, "uuid": "d3eb32b2-e07a-452d-bf4e-4acec6b998b8", "value": "12288:V20BXOMcVzpWfmmnDDQX5P8fMYsvFE6NKGfLjx8QvbxafqNPOd4jy:V9XOMc1KmmDkX6svFEDGloyNPOO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647958154, "uuid": "ee696ba5-b750-4357-8fe2-a95968c63cd1", "value": 799232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647958154, "uuid": "88e6c464-3d01-4e3d-8d0e-90dc6f5220d7", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958154, "uuid": "26f47217-9391-4592-abfd-8b389bd2f511", "value": "18c4c010e21ec0a0e588dc8978eeca56cb4e72ecbf5e8793bfe9dfff704b71c7", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "11787e8c-a9e4-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647955755, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955755, "uuid": "ae06b88b-9d03-4e4b-a86c-3024dcb9cb08", "comment": "Malware payload (Heodo)", "value": "51dff7e9771a7be73c63d7190bf6e24f", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955755, "uuid": "f1482467-78ff-47de-ad02-463567022150", "comment": "Malware payload (Heodo)", "value": "18cad848f3679826b59cbedf85085eb2aa61aabf61723410fed747165ba3b99d", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955755, "uuid": "0060a8c9-110f-4cf6-a6e4-6da1363e14d8", "comment": "Malware payload (Heodo)", "value": "9f904a33d61ed50cd0067f912945efd432e3c048", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955755, "uuid": "47a8da79-9f81-4576-a3c9-b34b5574f7da", "comment": "Malware payload (Heodo)", "value": "61aee2704eabe147b204f8322cb3340c3d26663541636635f3bb51ad30d2a7f8af9c1ed2e30f4f23f538e578c42539a7", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955755, "uuid": "d609bc9d-b2a9-47c0-917b-8277a692a1c3", "value": "T139D41A30BD5BF0F8C48A1BF46A05CA59620B7EA05625B0A372EE774D6F321334D39796", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955755, "uuid": "81527f4c-d3b7-4669-930f-e11d1dd2e7c0", "value": "b193e4975b360aaa9ff34a6f93823ae8", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955755, "uuid": "e0ae0b44-9cf1-4f36-a138-57e9a4573811", "value": "12288:ZxpNJJJ2NHPoczJPOtIhxf3foRXIa5EPwvA:Zx2gczJPFf3fnaFvA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647955755, "uuid": "c047b8e6-723e-4533-86ff-a4487774fa3f", "value": 618496, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647955755, "uuid": "7bbf187e-4fae-4dad-b2b4-c585ea9a5830", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955755, "uuid": "63975777-96b3-4ddf-8e45-def419603c74", "value": "18cad848f3679826b59cbedf85085eb2aa61aabf61723410fed747165ba3b99d", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "088c9cf3-a9e2-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647954881, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954881, "uuid": "8fc6d5a3-9f37-4a21-b26e-c85aa5c342af", "comment": "Malware payload (Heodo)", "value": "9175658cd9fc5d80d53fee76bc8df755", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954881, "uuid": "396e7bf0-98e4-4b55-b45e-5e55139d3cf6", "comment": "Malware payload (Heodo)", "value": "18f1c67bbc14bb41b943c28f80d91549ad13a02eb8c9485f2d7e8dc6fbf035b9", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954881, "uuid": "a75c8e29-4181-422a-b2cc-ed9cd66f3ffc", "comment": "Malware payload (Heodo)", "value": "2b614009aee1c041288e36619effdb7b5a5104d1", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954881, "uuid": "bd657ee8-0d5f-4df4-b818-11b595cb0f32", "comment": "Malware payload (Heodo)", "value": "ec4cc1e6ac4926541ca0a13926c2e5c651bbc09373bda1e89143142c4c7ed63a6712be2f7f29dd92322376e22e59ee9a", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954881, "uuid": "0faa0888-71c3-4bda-a24f-985c79223592", "value": "T136C47D1173C390F0C6576578840FE615AC7BB83C6B18857EB14B62AF4BF78909A346FA", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954881, "uuid": "0118fee6-3c1f-4b48-ae7b-d5c2abc99653", "value": "c7be10fff3b5624b64714e5733abbf40", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954881, "uuid": "e7c2da42-6754-4242-b8f0-a70c49b3f8c8", "value": "12288:S54yM33d3q3Z7BogCreNmF+U/9JckIAGfUeb:SKh3831BoQN6+ADckbeb", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647954881, "uuid": "b335f7a5-a614-4261-a817-1336f7d41793", "value": 580608, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647954881, "uuid": "5b7729a6-13e3-429e-a90b-d2eee028687f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954881, "uuid": "2e2e6119-89da-4ed8-8582-f2178474aa55", "value": "18f1c67bbc14bb41b943c28f80d91549ad13a02eb8c9485f2d7e8dc6fbf035b9", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cd4f3fcc-a97d-11ec-9275-42010a9c0029", "comment": "Malware payload (RedLineStealer)", "timestamp": 1647911832, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647911832, "uuid": "6271ab8e-1464-49f5-af24-959a6918e0b2", "comment": "Malware payload (RedLineStealer)", "value": "3accaa21c3d813ee62dd84193555fa30", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647911832, "uuid": "3398f796-a918-4b59-9704-9e33d288f772", "comment": "Malware payload (RedLineStealer)", "value": "1931ff5caf8441620218f46456f77c9314a56a5a7aefeb8c68b57929d0aca3df", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647911832, "uuid": "dfdb5f4d-4793-4df9-bb07-decd71615c69", "comment": "Malware payload (RedLineStealer)", "value": "b91d055e085490cacdd311d526d9836b4018e006", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647911832, "uuid": "af6dcc79-8bf9-45a6-93c2-8f81e2ed268c", "comment": "Malware payload (RedLineStealer)", "value": "66e353d45a24360fdff3855032865ee70014d07f0369bed754a8960c84739754a56bef9ea276097ba9f8e546e210700f", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647911832, "uuid": "475d3ef1-5552-415b-87df-9ae5f01b8322", "value": "T1DD1633E87DC82836EBD59CB8352CC126EB6C50DE5BDDB9499273C0650DDD08729AC38E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647911832, "uuid": "cfcb7629-64ae-4a62-9cc0-4d5431195bd7", "value": "445554923421947cbff896012e27345a", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647911832, "uuid": "516ac8f9-f0f8-4b8f-8f9a-3f1b0efc97f9", "value": "98304:ozeQ2H48gXOWi9iiamNP0uS3z2A3IhT8rfPU+KX:oCFHVgeWr1mR0uS3KA4SU+k", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647911832, "uuid": "e376cd38-1d56-4ba9-bfce-a26d69c6ff68", "value": 4149912, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647911832, "uuid": "73721dc5-a5c3-46c7-9216-80fde08be0e4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647911832, "uuid": "5c08f478-d4dc-490b-b08c-28cb5779f223", "value": "42006860.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c514db91-a9ea-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647958633, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958633, "uuid": "c354e4e6-0503-497f-9970-15ffba3b8e5c", "comment": "Malware payload (Heodo)", "value": "fd647f04d25b38355bff7645a7b1c771", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958633, "uuid": "8a30b670-4244-4ddb-bc4a-4ada83dec3b4", "comment": "Malware payload (Heodo)", "value": "19336480c506ea63b207ba5c7ab4b023f562cbaf0989f7c00780288e8a545b6b", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958633, "uuid": "add8aea6-5967-4f83-b1c6-9f46cdeec104", "comment": "Malware payload (Heodo)", "value": "7821d075e00eb460c6b61ab464f3723656a8d670", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958633, "uuid": "77c61b6c-5920-4371-8571-67c55954a7dc", "comment": "Malware payload (Heodo)", "value": "7c70a645a4e8e0b78d83863d357cb8228bc2791eee5b9fd85b2a67ac37386b390625143633fbb1b8cb7f9424389ed0c7", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958633, "uuid": "6bd71082-ead4-4150-b902-45a3ae06c919", "value": "T17A059C596B46C0F2C3B53CF0182A42B11D9AFAF2C7B7023B9E84167D9A70DC17768D5A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958633, "uuid": "a1392965-3dd7-415c-a6ca-771b7450cce5", "value": "cd97bd977cef263c697f451ae2c47380", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958633, "uuid": "16c951de-6216-4dba-acf8-1d47b5fcfec3", "value": "12288:V20BXOMcVzpWfmmnDDkX5P8fMYsvFE6NKGfLjx8QvbxafqNPOd4jy:V9XOMc1KmmDwX6svFEDGloyNPOO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647958633, "uuid": "dbf13436-43c7-4f27-99ca-badbf081e554", "value": 799232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647958633, "uuid": "a1a869d1-3f73-41c0-b473-74c4347b7402", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958633, "uuid": "38da9ffa-2ab5-404e-91dc-cfb029270c1c", "value": "19336480c506ea63b207ba5c7ab4b023f562cbaf0989f7c00780288e8a545b6b", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "913037be-a9e0-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647954251, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954251, "uuid": "c01bfa28-d98d-43b5-987c-157fa5a559fd", "comment": "Malware payload (Heodo)", "value": "4b50fb85354e08df94648e07a7c8d87a", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954251, "uuid": "40cb740c-b28e-409e-aec5-00752de6d18e", "comment": "Malware payload (Heodo)", "value": "1943a59f850ce84f01d345351c22d3ab99513aced9e945ea4c940cb653a4f752", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954251, "uuid": "ed51b7ca-e98e-4919-accc-f36208be059b", "comment": "Malware payload (Heodo)", "value": "f1ed49bc3b5481da8105ccfac2f053f1a8a12173", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954251, "uuid": "1c95d3b8-dc93-42d1-aa1b-c04574c0e6a3", "comment": "Malware payload (Heodo)", "value": "d3a93f584c94ddb4d8099c052a26fddfbfdf99de3d56924ff9fbe671e5af9057336b3e135d27248a48dc858366f5b458", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954251, "uuid": "66dcba34-0e0a-419a-886e-aca90a085001", "value": "T12125AE223AD5C07BE2AF16760506E76E62F5FD304B2586C36FD11BAE6E345C29739302", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954251, "uuid": "0418bfc4-4f81-4fb2-b69a-16da4751bfbe", "value": "c43d7d6aae03def404d4e73d7d3f62eb", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954251, "uuid": "552ea1d4-5fa2-406b-8a7d-b3871bf43be5", "value": "12288:+LDlVD0Fj+g1dEJgcIzQHBKeWZlQa5tFjNRLU:Ci6fgcIcHB8ZdbLU", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647954251, "uuid": "86787cf4-55d8-4b74-baba-1e444a974716", "value": 1028096, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647954251, "uuid": "57bf794a-d769-44a1-8bd9-e5f538b66e8d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954251, "uuid": "73a660b7-d34e-4f32-95c1-1d4255249f8b", "value": "1943a59f850ce84f01d345351c22d3ab99513aced9e945ea4c940cb653a4f752", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "23c7c9bc-a9e2-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647954926, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954926, "uuid": "669ff4c5-44fc-4328-a2b5-8f8b6c71f6dc", "comment": "Malware payload (Heodo)", "value": "acc68c2508ac160e2ad1b5c951e41b35", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954926, "uuid": "d9c6b5fe-d59c-4b1a-87d1-ba911faafcd4", "comment": "Malware payload (Heodo)", "value": "19448240c7f191e51e4702da827f3fcba8b8aec8224595d51232eab2b3f99f28", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954926, "uuid": "04b03bca-f4fd-4e40-adb2-5ed8bc3d9ee6", "comment": "Malware payload (Heodo)", "value": "e572b6a09e6010b57c8ba407ff6975b384fbdca3", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954926, "uuid": "e8ae0ae2-b3c5-424d-9369-cd0d88dcb144", "comment": "Malware payload (Heodo)", "value": "c6e6450aa5d4eeb8ac0fb4fde39a71d5666c371658c75b696f81cd86bb398806d01a951f8c8d05db70ccd8a4dc578640", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954926, "uuid": "9ce3ee68-2870-44cb-8e56-24a94c3594a8", "value": "T12FC47D1173C390F0C6576578840FE615AC7BB83C6B18857EB14B62AF4BF78909A346FA", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954926, "uuid": "35a421a5-04ab-443e-999f-7013d6a9595b", "value": "c7be10fff3b5624b64714e5733abbf40", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954926, "uuid": "f79aca6a-3509-4acc-b3d1-6ef5c9cd018e", "value": "12288:S54yM33d3q3Z7Bog2reNmF+U/9JckIAGfUeb:SKh3831Bo4N6+ADckbeb", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647954926, "uuid": "0d049e5c-455e-4044-9c36-4341a1809f2e", "value": 580608, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647954926, "uuid": "15d97895-8066-406f-bb7c-40fba82e6254", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954926, "uuid": "3485e46f-3ff2-49ba-b039-cef97078936f", "value": "19448240c7f191e51e4702da827f3fcba8b8aec8224595d51232eab2b3f99f28", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "82231dc3-aa05-11ec-9275-42010a9c0029", "comment": "Malware payload (Smoke Loader)", "timestamp": 1647970117, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647970117, "uuid": "e24f1c32-e96b-40f1-9658-a82be9754211", "comment": "Malware payload (Smoke Loader)", "value": "b7521be37e4aa2a94a7b8715b11e4fa4", "object_relation": "md5", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647970117, "uuid": "3b49d512-d96e-4f9c-82f7-8c2329773f79", "comment": "Malware payload (Smoke Loader)", "value": "19465495f815fdc07b694ec1a0da48cab639a4786a8ee94ddbb743d84f1c20e0", "object_relation": "sha256", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647970117, "uuid": "9c11ca96-40f2-4965-a4e7-1234fb09ef8c", "comment": "Malware payload (Smoke Loader)", "value": "67e32539d69156de65e1a34b7bee130260196b65", "object_relation": "sha1", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647970117, "uuid": "3a49b461-f5ae-4b47-bfb2-a973e3904665", "comment": "Malware payload (Smoke Loader)", "value": "16b586e76892eb0b5aa53c60f0cd49cce30f2ed14639c9cda2cc8f5e961f75d4c6bf6973c48887aa4e70fa1ca45891d0", "object_relation": "sha3-384", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647970117, "uuid": "30546136-7901-474a-a41b-a072e2544b06", "value": "T195A567F0AD01D4C1F57E5B6AF2FD3A48A1343217EBC94A4A00E7E5651EF6A11B90ECC9", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647970117, "uuid": "f4b54a1f-74b7-461e-9982-de410cfabcf4", "value": "12288:1z6qZZemmnPVp/m+EB4nZ2nkYR5UxLEpyI28DpDwHVs:ZtZem+Np/m+KXkYR5UwyI9pgi", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647970117, "uuid": "ad4085e9-f3f1-451c-9348-fe7519732a28", "value": 2151028, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647970117, "uuid": "95918848-6af0-4660-9829-f29c3b2034bc", "value": "text/rtf", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647970117, "uuid": "484154b0-ed81-4fbf-a023-c620e8c38c9a", "value": "Payment confirmation.doc", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "19c27a5e-a973-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647907236, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647907236, "uuid": "68fd7da3-b0e5-4f04-a86f-6fe08a787da5", "comment": "Malware payload (Heodo)", "value": "9b6a16bf756490593c32952bc8ffde5a", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647907236, "uuid": "923deeb9-e8ed-4c81-870d-53a4d455f685", "comment": "Malware payload (Heodo)", "value": "1962d1342ff1f9c528138d5c1c0347ac976747e62de6edf7cc618fc363500909", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647907236, "uuid": "afe327b8-34cf-47f5-ae0c-34d3eec62aa0", "comment": "Malware payload (Heodo)", "value": "d59b97fcd4a1137f2a05170bfd765efc75275338", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647907236, "uuid": "b7fa3fdf-b298-4395-9418-7367ce1c7145", "comment": "Malware payload (Heodo)", "value": "d3f7fc3f73f6dfe70244ac839d7cad28876b35cf7fdbac1901d65a97e76291d0ff4cb2b46f9800bec67f266b4a9fcee7", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647907236, "uuid": "09e87cab-466b-4a82-931f-beb09ccba59e", "value": "T14AB43A11BC916832C36FAC7456073262588EE7F0DBD1F26FA3E0495C9A7C5E36624BC6", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647907236, "uuid": "6b689f46-fbe0-4ecc-bc47-2ae918a9e7fb", "value": "14e6ae8d1400b6271725b3f01025b85e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647907236, "uuid": "58c0be9f-64d9-46f3-8f74-e101a05e05ee", "value": "6144:VikzyaB9eoCyx/mEhHB5RYSJ/xb+qiCjzQNPj79GkqbscgCG5qH6scI:VNnCGmyHB5SSJp+0zQN39GkUGQSI", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647907236, "uuid": "ddcaac4c-743e-4c4b-845b-b8474ad12583", "value": 505856, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647907236, "uuid": "867d235f-04af-415e-a6ad-869169cdda82", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647907236, "uuid": "7b8ccf83-2961-4a7b-994b-aaff570e70d9", "value": "emotet_exe_e5_1962d1342ff1f9c528138d5c1c0347ac976747e62de6edf7cc618fc363500909_2022-03-22__000028.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "42b0c4be-a9ea-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647958414, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958414, "uuid": "94da21ff-08d3-4253-91de-b971dfb01da3", "comment": "Malware payload (Heodo)", "value": "531829c16ceb75a886daeaf50914abbf", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958414, "uuid": "5b849834-1ee1-4e33-8057-02c4832192ae", "comment": "Malware payload (Heodo)", "value": "1971ab14ded37a82640d3d50a45fcb8774dd7a6d68f1816c106206f8e218401d", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958414, "uuid": "85f9022f-12e2-4911-8fa8-e5871596be40", "comment": "Malware payload (Heodo)", "value": "a37dc434356faed9956ddde1386a2874e47c0c81", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958414, "uuid": "14988aba-6609-444f-ac70-8e79b9e3d787", "comment": "Malware payload (Heodo)", "value": "d132d769ae6bd9dfb65a113dd42e7bf0670f8a726b839780ebabc457987bd8d991bcc1dbc82c71cd4df3d5b3c87cdb35", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958414, "uuid": "d5878bdc-d7d8-4614-9782-9947dd1c1c3b", "value": "T19A059C596B46C0F2C3B53CF0182A42B11D9AFAF2C7B7023B9E84167D9A70DC17768D5A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958414, "uuid": "a66efea3-9d35-4476-8fa8-a8702152394f", "value": "cd97bd977cef263c697f451ae2c47380", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958414, "uuid": "3dbd1ebb-00d0-4d83-93c0-d4b1a8917ff3", "value": "12288:V20BXOMcVzpWfmmnDDJX5P8fMYsvFE6NKGfLjx8QvbxafqNPOd4jy:V9XOMc1KmmDVX6svFEDGloyNPOO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647958414, "uuid": "032e9bea-e5a3-443c-a290-9f9586265dce", "value": 799232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647958414, "uuid": "b0836d89-a5cc-4db3-a86d-a941592442eb", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958414, "uuid": "a63a8098-cff6-47bd-a7e2-187551128a28", "value": "1971ab14ded37a82640d3d50a45fcb8774dd7a6d68f1816c106206f8e218401d", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c18c9a04-a9e2-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647955191, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955191, "uuid": "fc7ab045-96b8-43bf-9c6e-ea8d64204615", "comment": "Malware payload (Heodo)", "value": "9eda065f164b5c54ee76c91c326af37e", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955191, "uuid": "1f1ae971-ae77-4a15-bb58-69966a0d0439", "comment": "Malware payload (Heodo)", "value": "19b57062b567b21cc01c60bd63f23a2a9dbb32b144c1940f4a23dabd88f563d1", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955191, "uuid": "be362eec-fcb9-4b8d-9697-1c062a87b097", "comment": "Malware payload (Heodo)", "value": "57a0811bb07201fdd883d6a7039c755441045142", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955191, "uuid": "130b39ae-b566-495d-8f24-97ff8d3d5148", "comment": "Malware payload (Heodo)", "value": "f6ec2dc1b0052a68d7ead52d57637f8d76000e4730bd56bd09aba177ba71d7155faa3fc54589835b50d75b8922b4e19e", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955191, "uuid": "c10e988c-105c-41dd-b4a9-30b6f6e84c6d", "value": "T1F4D41840B259D1F9C4CA3CF83C1A9299625D6CBC7B8960F377BE36AD6B74D70132121A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955191, "uuid": "e553063b-246d-40bf-99cd-5fd7ae724557", "value": "463401f61c44b0d918f1e23374db995b", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955191, "uuid": "4d8fd0bc-ed1b-4983-8b40-211fcb16d036", "value": "12288:C2Y7Kg+5zhHHq9xT+zDWIGUcItvhFDuEPF:g2nHIxT+zDWucItvR", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647955191, "uuid": "3a086936-d112-4a09-bf16-75f4936a000b", "value": 613888, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647955191, "uuid": "14a4bdbc-65af-4379-b4d3-f5525f35eef6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955191, "uuid": "e5cbfc12-e0fb-4eee-becb-b0c9d4bc6131", "value": "19b57062b567b21cc01c60bd63f23a2a9dbb32b144c1940f4a23dabd88f563d1", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "44907928-a9ed-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647959706, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959706, "uuid": "708a37e6-6ba8-44f1-8d9f-5280da2fadf0", "comment": "Malware payload (Heodo)", "value": "51f01938c58015932a13e4bc85a29c29", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959706, "uuid": "fe988898-f162-4634-bcd9-d23a0aa705bb", "comment": "Malware payload (Heodo)", "value": "1b4454a4222c14140f5ecdd4004658f969e071f0ba8f3609361bb7a0b20bea1a", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959706, "uuid": "2c8a0d2c-2fc4-40b4-a096-fb52148e8d76", "comment": "Malware payload (Heodo)", "value": "e333e9b54c30a783acac0cbe311e3673c7516d6e", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959706, "uuid": "e8ff91e4-fe2d-40e8-92e8-cdc5b0417e14", "comment": "Malware payload (Heodo)", "value": "d414a292b743658fc98181c24124ff29db4c8ebbab3febd2306262cd31193bc8b9fb7dc84356f7bd9ec39a45e3c1c098", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959706, "uuid": "5dd998e4-a129-4ce8-97b0-13eca2767aed", "value": "T1B3B4194F1E989172F0CF28776C22FB65F1EBB8009319B8116EA81B4CFB25B715961D4E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959706, "uuid": "79543e31-5bee-4fd1-856d-9183d7448a97", "value": "ea66334e3c2bfce2838f2a75dde8dc63", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959706, "uuid": "2ef3bb65-0281-4765-92ba-f8df1ccf01a0", "value": "6144:8JZToYE666spbEgoZhZO1thI+rB7FNXtwN2B5mq8dbSNQ7dqNThMx:8v/goZodlF/wN2PmBzdqNTWx", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647959706, "uuid": "235e79d1-74eb-44ed-81fd-c24d30f4cbf3", "value": 516096, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647959706, "uuid": "9a14787a-4a5b-48d7-9f3c-5a00ef4e1eb7", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959706, "uuid": "8e35cc7e-5a15-4673-8ecd-be165d0fe353", "value": "1b4454a4222c14140f5ecdd4004658f969e071f0ba8f3609361bb7a0b20bea1a", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1d2c020c-a9e0-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647954056, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954056, "uuid": "70ef6e94-c9a9-4ed7-9ae3-ee8b7d810dec", "comment": "Malware payload (Heodo)", "value": "61c48420c607e1f8bdad3b5cd52398c9", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954056, "uuid": "9f8b3beb-f15e-4fbd-8071-ea1a00000453", "comment": "Malware payload (Heodo)", "value": "1b4c4de35baa85f98ef49ffa78341030a961b71a9cf545e4656c46eaf9b23da4", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954056, "uuid": "00c46f3d-c8e6-49f9-8c5e-bbcacdd7f73b", "comment": "Malware payload (Heodo)", "value": "43db107cf1f58ac7331f89fc773199279dac89b2", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954056, "uuid": "dccee2ad-5cb3-4d68-9ff1-c25be3452da9", "comment": "Malware payload (Heodo)", "value": "da80ea1f8a26e980e2938ec3c692f8ce3c6b9de350b9bfb0e723a4c10d3a2ee9e1cfb0bd414997d823cd4e62b39e73f5", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954056, "uuid": "02c7d793-a36f-44d2-a77f-7f42bd1923d1", "value": "T1BD25AE223AD5C07BE2AF16760506E76E62F5FD304B2586C36FD11BAE6E345C29739302", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954056, "uuid": "7f4a44af-f334-4f89-a2a5-5ac08be8ff80", "value": "c43d7d6aae03def404d4e73d7d3f62eb", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954056, "uuid": "a4f67a42-dfd2-4e0b-8854-80107b1dfde3", "value": "12288:+LDlVD0Fj+g1dEJgcIzQHBKeWZlQS5tFjNRLU:Ci6fgcIcHB8ZNbLU", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647954056, "uuid": "0423f548-3aca-483d-aedf-fbe8bb13d973", "value": 1028096, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647954056, "uuid": "a1bf1e11-8d4b-445d-aef2-40bfa4162337", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954056, "uuid": "f2cbcfe9-5bca-47c3-a00e-b2148ff2e504", "value": "1b4c4de35baa85f98ef49ffa78341030a961b71a9cf545e4656c46eaf9b23da4", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c2a229b8-a987-11ec-9275-42010a9c0029", "comment": "Malware payload (njrat)", "timestamp": 1647916109, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647916109, "uuid": "30301a17-1e6d-4197-af29-f0911a226582", "comment": "Malware payload (njrat)", "value": "1809e2943d3f35719676b9226b1abd54", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647916109, "uuid": "c4f18427-a0ac-4d35-88c5-bcfd8f017b5a", "comment": "Malware payload (njrat)", "value": "1b9d859eb05a79e57ad28c795c09c31ddbefbfe110cdddcb0f738bec584da6df", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647916109, "uuid": "f012b310-3981-4558-a27d-e37b49203192", "comment": "Malware payload (njrat)", "value": "f92ae15fd30d8492b9dded2b71bd8fef592339a8", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647916109, "uuid": "f67c6ac1-5f45-456d-b76b-1125752545f6", "comment": "Malware payload (njrat)", "value": "8e57639a431c40b484c62dd9ff3d14959f3460e339b0abf4ac19751e109462a3304f1df6c5d9b350f3ae8240013c3408", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647916109, "uuid": "eaba6df0-12c2-4c2a-a2ca-d592f1bb2f4e", "value": "T121F22A4D7BE08168C9FD167B05B2D4130777E04B5E23D90E8EF664EA37636C18B54AE2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647916109, "uuid": "dafb4dfa-3328-4219-9e7c-a9f641b7b1df", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647916109, "uuid": "3082aa3d-2fdc-462e-bb49-5beec1deb892", "value": "384:ykFiUiD1blmJEpRGyEfjhvRuICY6KVIrAF+rMRTyN/0L+EcoinblneHQM3epzXbg:xFyHpR9EfjhEIC1KGrM+rMRa8NuFgt", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647916109, "uuid": "91706d60-6a36-46de-86ef-3c191ee3eb71", "value": 36864, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647916109, "uuid": "efe8febd-4b1c-4b21-91ca-249877b938d5", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647916109, "uuid": "5eea130e-87e8-4ad1-885a-48a8b982b6c1", "value": "1B9D859EB05A79E57AD28C795C09C31DDBEFBFE110CDD.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c7d8f59f-a9e8-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647957779, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957779, "uuid": "35448be4-d371-47ef-a6b4-6dbbb16441c9", "comment": "Malware payload (Heodo)", "value": "944f7bbebba6abb2ac78d934b68e3678", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957779, "uuid": "d4243245-84fb-4ad5-968a-989f0f34af14", "comment": "Malware payload (Heodo)", "value": "1bac774a10af8988e4dd73713c4c288425f395b02bd32d16ca1766baf1f7e7de", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957779, "uuid": "5006ee6d-24ae-4b86-bfcb-b630dba8faf4", "comment": "Malware payload (Heodo)", "value": "e8b41dd07fac7b011bdbccb54a81b0a4eb673eb0", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957779, "uuid": "aeb082dd-b00d-4a65-9e32-d195d9c3f4bc", "comment": "Malware payload (Heodo)", "value": "62f99d08f7f86b8a25c0b8f76445f4651fd675937b991b01e224cfb87254d93299d22dc1c211eb515de1df1a3db167ad", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957779, "uuid": "2d345915-629e-4dc6-87b7-bec6c70880aa", "value": "T18F059C596B46C0F2C3B53CF0182A42B11D9AFAF2C7B7023B9E84167D9A70DC17768D5A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957779, "uuid": "e0e009a4-5a66-4196-8712-0b4f28909d3c", "value": "cd97bd977cef263c697f451ae2c47380", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957779, "uuid": "3241fd8c-c37e-4ee8-840a-1ef10ea8be38", "value": "12288:V20BXOMcVzpWfmmnDDiX5P8fMYsvFE6NKGfLjx8QvbxafqNPOd4jy:V9XOMc1KmmDuX6svFEDGloyNPOO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647957779, "uuid": "b593543f-4ae8-433d-ae0a-c69e5b074640", "value": 799232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647957779, "uuid": "6aed215d-a358-429d-ae2d-01e6384fdaba", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957779, "uuid": "606d1fd9-7720-4bd8-b85a-dcf4f644b69a", "value": "1bac774a10af8988e4dd73713c4c288425f395b02bd32d16ca1766baf1f7e7de", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "93e977d4-a9ed-11ec-9275-42010a9c0029", "comment": "Malware payload (RaccoonStealer)", "timestamp": 1647959839, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959839, "uuid": "68aa4299-c5bc-4334-b58e-ebdd627c5782", "comment": "Malware payload (RaccoonStealer)", "value": "2a689877b053345fe5277be16391d0e6", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959839, "uuid": "34a035dd-5319-4dab-9abb-0c0e2259aada", "comment": "Malware payload (RaccoonStealer)", "value": "1bf82fd3ce19bf2d68a393064bf90399d64e82772e481ebd0f87ee031e92b9a6", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959839, "uuid": "eddd0012-e492-4cd9-872c-1200282db065", "comment": "Malware payload (RaccoonStealer)", "value": "838304891b762d7d3edbfacca4124db6bb0672be", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959839, "uuid": "23647927-80fc-46dc-8546-7a3ede9448b9", "comment": "Malware payload (RaccoonStealer)", "value": "90edb6cb762bfd5e1edcdab62a42c2d0fa9af233dd57496ca9ea35a714c0b997fbf55e5b428e1e621766c71b83f89c16", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959839, "uuid": "922fabdb-34a9-4dfd-b8e9-b2b1b06039ec", "value": "T1BEB412587303C173C48A52316964C7365E29F8371A69CE0BF76A1F2D9E703C1AB7A35A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959839, "uuid": "e1191485-4ce5-4301-b2e6-b6611da5de3d", "value": "4726b2723a987e7ca1cfb498c6580a30", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959839, "uuid": "91d86a4d-2453-4d09-8a01-6ee7ab08e34a", "value": "12288:wXAdVz3QnUB6Dn15yWMA+TjDTqeSEZw6:waBeUBOne0+nvqe/Zz", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647959839, "uuid": "2f70a261-eb43-498c-b23c-4126f20509db", "value": 524800, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647959839, "uuid": "35c62f43-6355-4919-b2e1-9b90ab22e2ce", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959839, "uuid": "6f0ae670-3560-4304-bee3-f1f328835f62", "value": "2a689877b053345fe5277be16391d0e6.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e6c4b661-a9e3-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647955683, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955683, "uuid": "6ed51731-5e97-40dc-8d0b-647ea2cc7485", "comment": "Malware payload (Heodo)", "value": "1665f9e148ab44096486439f5b1af8d1", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955683, "uuid": "59a7c46a-fba9-4eef-89d6-d91774fb29b6", "comment": "Malware payload (Heodo)", "value": "1bf8ad4ec9ad760c53773be3b30d988d0cee5e9c9f1e27e26517db7106f8ccd5", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955683, "uuid": "88c6e140-e663-4d0b-bbd2-0b431ec1f006", "comment": "Malware payload (Heodo)", "value": "049f60a48b42b995b2ab53222c5c4c4629483bb3", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955683, "uuid": "1f8e62fb-af6b-4419-99e8-4bd2d69d55d1", "comment": "Malware payload (Heodo)", "value": "5a159d85a4271972195be7584c8b7db86ece0c446cae123b0c484af6030b695cb8b83c3d1070cdf6526b136176acbcaa", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955683, "uuid": "67353dcd-d52b-4139-be43-adfef6359c53", "value": "T1EFD41A30BD5BF0F8C48A1BF46A05CA59620B7EA05625B0A372EE774D6F321334D39796", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955683, "uuid": "6511343f-ce95-40e9-a938-72cb53c3575d", "value": "b193e4975b360aaa9ff34a6f93823ae8", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955683, "uuid": "ce62c2eb-5f87-4a0f-9690-e070f6d5019b", "value": "12288:ZxpNJJJ2NHPoczJuOtIhxf3foRXIa5EPwvA:Zx2gczJuFf3fnaFvA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647955683, "uuid": "cd727930-d407-4351-a593-f86abfcbcfef", "value": 618496, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647955683, "uuid": "8f34b83d-ce99-4123-8958-6f643f2cdf5b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955683, "uuid": "560dcb92-d530-4f47-ba40-32573db4ac0f", "value": "1bf8ad4ec9ad760c53773be3b30d988d0cee5e9c9f1e27e26517db7106f8ccd5", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "caeeec95-aa05-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1647970239, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647970239, "uuid": "2a62e0ea-8060-40b1-879e-3969b0f87146", "comment": "Malware payload", "value": "01fb1c4b29b8c37345c7ece380fa1a90", "object_relation": "md5", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647970239, "uuid": "3838947f-1211-4d98-ac08-9ddd70de085c", "comment": "Malware payload", "value": "1c16e39a01bf2d8a1a2ba030d54905a16db77970f9f5956af68ba1af34772c6d", "object_relation": "sha256", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647970239, "uuid": "5ff7ac19-64b4-49fd-98f7-0fdf06c3258a", "comment": "Malware payload", "value": "22e8449f659082d64b2bd23d667be0a21b91b0bd", "object_relation": "sha1", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647970239, "uuid": "8dd78882-c839-4cd5-b22f-70c23a9bdacd", "comment": "Malware payload", "value": "df04633b55ab82263a8a05107beda3b80c9ccae0ae57c196541bafc5c16d4d930b99b10ebfe067c836cc7f0ae865b273", "object_relation": "sha3-384", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647970239, "uuid": "af4fe77d-139f-410d-9fe0-cee7410941d2", "value": "T1A234B0E03784DCE2EB9E8797A1555E8C172520BBEECA21CC4046FFD93A773518A0DC96", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647970239, "uuid": "9b8e65bb-535b-4ee9-a804-dcff9be0eace", "value": "3072:jy2GyZRFvkSwpGBANRoaUoLV1E5jrRJe4yj3EH8Hk+9f:jB7RFvIp7NRnd10De4q3Ewf", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647970239, "uuid": "72750e4d-77f4-4a04-8e62-c3caeac76a71", "value": 246481, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647970239, "uuid": "a6db774c-f6b8-4e16-a96d-7484fd0393ba", "value": "text/rtf", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647970239, "uuid": "3282c647-32a4-46da-9423-3eb360a254a8", "value": "shipping document 1.doc", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b6b1393a-a9df-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647953884, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647953884, "uuid": "5d9fe7aa-f49f-4aee-a0b3-030ded1e827f", "comment": "Malware payload (Heodo)", "value": "944b389d3d50860a250b42d88a2023c0", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647953884, "uuid": "5501085a-8525-4df3-96a4-19571b0cb87d", "comment": "Malware payload (Heodo)", "value": "1c432d725e33ff060382c3dcfc8c899509a10e5f5bffba46f818e72392d800b7", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647953884, "uuid": "fcc9744a-6146-44d5-8661-f1c5df252993", "comment": "Malware payload (Heodo)", "value": "c19df092f81a5a6b214f1213d2b031562689b42f", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647953884, "uuid": "06081bb0-a5cb-4440-9fd1-57e052916d2f", "comment": "Malware payload (Heodo)", "value": "304dc8dc97436e26322c63aef8b6e0c0c9dc3ff50a5a0aab391ba46a0bbaf35a4c9b69dc7e49b365706fc2ebc33f3aff", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647953884, "uuid": "c36d97ba-eb9f-432e-802e-0eb9a95a41ac", "value": "T11025AE223AC5C07BD2BF16364506AB6E62F5FD304B359AD76BD02BAD6E345C28735302", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647953884, "uuid": "f16d0690-2c33-4865-9c8d-4f57a2ac4be2", "value": "c43d7d6aae03def404d4e73d7d3f62eb", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647953884, "uuid": "89884bea-7347-40da-879e-ec8df2c42caf", "value": "12288:3EfTTMN0tPXuuddE6R4eehQv1mR4z+ZLnQ2v02gesq3MOeqxyo8:3EfTfvuaR4rhQdmuqK3HcMOeWyB", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647953884, "uuid": "bc9729d3-b8b0-4841-b44d-f6321467a753", "value": 1036288, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647953884, "uuid": "5d0135ad-db14-4e26-a157-6b5fbd417224", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647953884, "uuid": "12acff92-0dc0-44de-a917-a6616e2b6773", "value": "1c432d725e33ff060382c3dcfc8c899509a10e5f5bffba46f818e72392d800b7", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e9979987-a9e3-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647955688, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955688, "uuid": "cf86e1fa-499d-4aa7-9e03-6292bad0177b", "comment": "Malware payload (Heodo)", "value": "04add42c648d5fae1d017694817dd7d8", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955688, "uuid": "fdca3ec0-8022-41bc-a214-272db19231d3", "comment": "Malware payload (Heodo)", "value": "1c58568854d2578099f4b022f15e3d6ba024ec8e8a2acdcc7d11491dd6896b73", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955688, "uuid": "58de0db9-e8c5-419b-b125-ecfc8a1d43bb", "comment": "Malware payload (Heodo)", "value": "74550c11072b7a59195394e497cb461833eaecbd", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955688, "uuid": "3ffac79a-0be2-46e5-8ed7-6bf7983c6a8b", "comment": "Malware payload (Heodo)", "value": "cda457d8776415fc168127605257e23069a3a02a1a1b15c8cff3a3766e415fddab7a86b0fad5304598efc0e2a4baf2c8", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955688, "uuid": "f287abb3-ad57-4647-9302-e491e0a4d55f", "value": "T124D41A30BD5BF0F8C48A1BF46A05CA59620B7EA05625B0A372EE774D6F321334D39796", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955688, "uuid": "7ee1a41a-90ad-43c8-9339-32de341e6a9c", "value": "b193e4975b360aaa9ff34a6f93823ae8", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955688, "uuid": "c91a6d20-959b-48dd-812f-f3a569a574e7", "value": "12288:ZxpNJJJ2NHPoczJmOtIhxf3foRXIa5EPwvA:Zx2gczJmFf3fnaFvA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647955688, "uuid": "ece90579-d50c-4de8-bbd6-d6408bc0dc52", "value": 618496, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647955688, "uuid": "5422e27a-ca26-4a1c-99a4-e4bd97c4482e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955688, "uuid": "559ce9dc-6c61-45cb-a15b-ba66b8750bad", "value": "1c58568854d2578099f4b022f15e3d6ba024ec8e8a2acdcc7d11491dd6896b73", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "21314178-a9e0-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647954063, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954063, "uuid": "2ca3af36-e573-40e9-b036-4587ca845147", "comment": "Malware payload (Heodo)", "value": "07ebb83340275a56b4193a083b1347f9", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954063, "uuid": "96bfc624-b34e-420c-8cda-46e7d51f9d72", "comment": "Malware payload (Heodo)", "value": "1c5f05f4d15d94fc62b373352f27e3f7331de9b7ed2acad68511d995d27be448", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954063, "uuid": "c755be6b-000a-4ea6-a4ff-235ffd6cb958", "comment": "Malware payload (Heodo)", "value": "d056bc5e61fb9b80dada4ccee7aaa76ae8f4bae3", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954063, "uuid": "c990bd5d-d53e-43f3-aba3-946b177db94f", "comment": "Malware payload (Heodo)", "value": "a5824c3c06d0fa2c3785d52fff160be7a27fa07e62b592d6e5830db33cc1e5e49490dbf6eeb4b82fe26ae6d33a0877a7", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954063, "uuid": "53d08f30-13e2-46d2-aeee-d6d6b32c5f7f", "value": "T15C25AE223AD5C07BE2AF16760506E76E62F5FD304B2586C36FD11BAE6E345C29739302", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954063, "uuid": "995b72b9-ede8-4bad-810d-f713fab63b3b", "value": "c43d7d6aae03def404d4e73d7d3f62eb", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954063, "uuid": "82a4278a-8868-487f-9040-3df3709eb494", "value": "12288:+LDlVD0Fj+g1dEJgcIzQHBKeWZlQH5tFjNRLU:Ci6fgcIcHB8ZwbLU", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647954063, "uuid": "e8b41701-8c24-455e-a356-1e10dbda9d77", "value": 1028096, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647954063, "uuid": "47298d1a-bb26-4c59-918e-03e0b260756b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954063, "uuid": "704958fa-4f00-434c-93e5-5cca1d4c2c29", "value": "1c5f05f4d15d94fc62b373352f27e3f7331de9b7ed2acad68511d995d27be448", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7f351344-a9e2-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647955080, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955080, "uuid": "6f87ab97-091f-4f37-9915-5e561780411c", "comment": "Malware payload (Heodo)", "value": "6469c835a0b5ef2582c01ab484b5e055", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955080, "uuid": "3557738a-7878-4465-a77b-89ab7e63635c", "comment": "Malware payload (Heodo)", "value": "1ca4618bed238469571dad23040705b355df74feb0c66d0441e0cd04691e743d", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955080, "uuid": "0d00b2ae-a57a-49bf-a34d-50830c6e7e49", "comment": "Malware payload (Heodo)", "value": "b5fde1aa0ca576768ed1a1d10d9d00c23a49b1d0", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955080, "uuid": "5c4604d4-89f0-4552-9025-a30a4df98cd7", "comment": "Malware payload (Heodo)", "value": "bb42e0d2c95074ccf025aca907dff2686669e8100963a6b39c2472c8b59858a7efb728d9158527265b1e4e8482e22d26", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955080, "uuid": "25a6deaa-6a72-4c49-83eb-f37f0bc0fddd", "value": "T140D41950735AE1B7D0429CB58D1A82B5A90F6CA14A2471F3BBDE371DEB789B017213CB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955080, "uuid": "a22222fb-ee7a-4142-bfa6-d6b641bc469e", "value": "463401f61c44b0d918f1e23374db995b", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955080, "uuid": "a62b53f8-a2d2-4781-b20e-f0133cc68e48", "value": "12288:DjN/Z2wkRrA9CRDC8ElAjHDsndSyHOrNvEP0Oua:dEHR+CR0yfsMyHOpJL", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647955080, "uuid": "42e1bca2-5323-4915-854f-1af88d5aaca8", "value": 613888, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647955080, "uuid": "a52fbcb9-d262-429e-a99a-83caffd53efd", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955080, "uuid": "a5cb176a-6814-47d3-ac99-1c31805db2e9", "value": "1ca4618bed238469571dad23040705b355df74feb0c66d0441e0cd04691e743d", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "840d6440-aa05-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1647970120, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647970120, "uuid": "b9631b7d-e67b-479e-849f-5b568361ae06", "comment": "Malware payload", "value": "1d4606ece4cba58d6aa21f25ff3d52f2", "object_relation": "md5", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647970120, "uuid": "44bc8100-39a2-43d4-8ddc-e89d88b35673", "comment": "Malware payload", "value": "1cc07d7f8f3031b4d66c282c6c6874163fdb7bfdabc5ef13151bfbca060820da", "object_relation": "sha256", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647970120, "uuid": "6a983213-a723-4604-8c7c-475306e99bc9", "comment": "Malware payload", "value": "ab8b62903bac5dff2f7362fb6863154c084711be", "object_relation": "sha1", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647970120, "uuid": "bd5e2d13-3747-48a6-abb6-b5db6b537721", "comment": "Malware payload", "value": "459dbf10fbf6fdbb60180cef391944965a89b4d25396298e3f3f0d12190d84a32450cbf6ad575b52c2c6dba334e30f4a", "object_relation": "sha3-384", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647970120, "uuid": "f764f43d-2bf4-4866-8dd4-d728ea9e6c80", "value": "T1199557F0AD01D4C1F57E5B6AF2FD3A48A1343217EBC94A4A00E7E5651EF6A11B90ECC9", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647970120, "uuid": "d5d758f7-cd27-4fab-b9c3-8e86a10e5ef5", "value": "12288:JiZBncu3wGo66QXdo/yPIhqNtjDmo637QLkLgyCpi+aFQF2i6lYzXR:JZuxNjXdoKr/uoS7Q4lCp6s28R", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647970120, "uuid": "1444119e-b5a6-40a8-82bf-65c1f10be970", "value": 1975826, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647970120, "uuid": "91c906f7-fd56-40ec-a470-60744953512c", "value": "text/rtf", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647970120, "uuid": "87a7c7e4-532d-4328-97ce-2c42e42d8661", "value": "B35O-18342.doc", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5fedf755-a9e4-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647955886, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955886, "uuid": "32ff10f2-6e64-4c64-88f1-b3434e7dcca8", "comment": "Malware payload (Heodo)", "value": "b3b59974c900d0e594ce7c58162ebd0b", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955886, "uuid": "87b14fa9-5f22-4787-949d-a66d0fe088ac", "comment": "Malware payload (Heodo)", "value": "1cf3db1368354e2cb73b08ec3521ed61b69488f10d27a7a19c5bad42b9d2f6f5", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955886, "uuid": "41457781-3a44-494f-822a-916b579ea159", "comment": "Malware payload (Heodo)", "value": "46ec76eec03f545a9e26eb166c9b5c22f86daa75", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955886, "uuid": "ce1d6b75-f537-410b-9603-9474ed45e307", "comment": "Malware payload (Heodo)", "value": "84f0b96fa40693fe99745b016e9b039a7e4641066ac3f1be25919b30a48233f4d793eed1f9ae339dcfcc6e81bdf6e417", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955886, "uuid": "0ff2e837-11f7-4bcd-8d85-74e4dcc3f8a2", "value": "T139D41B017498F0B3E38918B04A858AFB724B5DB296117073F2ED378CA7725F15CE766A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955886, "uuid": "482f7a5b-6884-44c0-be03-d3bb0a3deb70", "value": "b193e4975b360aaa9ff34a6f93823ae8", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955886, "uuid": "988e6423-59b2-487d-a872-59428e2fae68", "value": "12288:pao0Se86lloPxHHVVIjqxEqRVoQmiIII999tLLLdAkkJoFLZZWbClgluPcRBATfV:AqxETMJ777u3OmONFqNJtN1v96TOAnF2", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647955886, "uuid": "45f095ca-de11-4e76-b420-096520ebe6d3", "value": 638976, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647955886, "uuid": "3a756067-9f86-4624-ad79-c14b7fa9ad8e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955886, "uuid": "6cc672ac-137e-4e05-82ea-6f3c49e56a71", "value": "1cf3db1368354e2cb73b08ec3521ed61b69488f10d27a7a19c5bad42b9d2f6f5", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8f675a8e-a99e-11ec-9275-42010a9c0029", "comment": "Malware payload (RedLineStealer)", "timestamp": 1647925901, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647925901, "uuid": "2725e502-e9d4-4217-81c3-0fcaa108ece6", "comment": "Malware payload (RedLineStealer)", "value": "039e920dd32750d5c907eb39c299c40f", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647925901, "uuid": "ba03ad7b-9f07-40bf-90b5-eaab10d24db5", "comment": "Malware payload (RedLineStealer)", "value": "1d00dc75e7779d923a262fe3ec4827ece578d5fa14a93ba38988d22669fa6b99", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647925901, "uuid": "d7a27891-3339-4384-b28a-475799705bbe", "comment": "Malware payload (RedLineStealer)", "value": "c336537f4f663df0aaf1bd7d1f6aaff2def08d7b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647925901, "uuid": "d58eed14-edf9-4633-8be7-8a4e4744c410", "comment": "Malware payload (RedLineStealer)", "value": "844f65f19a14045361b739bcc173fd8faf073d1855841071220e425860ac486f274c624b170a5171f4b79da1542e5c38", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647925901, "uuid": "c6d6e0f8-ebec-431b-9ee6-137982d0f812", "value": "T13826332878C7B81CD0A61B7452D338BA75FCC18092F9BA87D47DBDC0C0B5A29F576499", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647925901, "uuid": "10b09ff1-1cf7-48f1-921d-237127246a53", "value": "dfec469ff9e19f9df882decc3c09398f", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647925901, "uuid": "0bd646c9-b09e-44f9-a62b-9dcfd441ccc3", "value": "98304:4mAUfWv1B/yMqwgSb6JXTqfRXJckXYVe9LusjvIS4sprsR:4mvfeB/yMsSb6RTWXnYVOzxTprg", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647925901, "uuid": "5a2dd7f2-f427-4827-9318-6dfc9b179051", "value": 4841112, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647925901, "uuid": "192a11e6-c132-4a68-8e86-dd4ce08c1c39", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647925901, "uuid": "78ac7ab1-10c5-4beb-ac96-a7dd82066901", "value": "45896469.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c97a8f6a-a9e4-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647956063, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647956063, "uuid": "7d217baa-0800-4653-ab1c-2d304cd6ba75", "comment": "Malware payload (Heodo)", "value": "08870366ebbe058f2fe9c35578cc735d", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647956063, "uuid": "1b8b4d0c-3684-42df-9f35-b021a6c07274", "comment": "Malware payload (Heodo)", "value": "1d109c297722eeb5113774645ca5d22d4b4d35fb98d6ec001d9622f3340d2168", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647956063, "uuid": "ded5454a-248a-40de-b97a-681089af98d2", "comment": "Malware payload (Heodo)", "value": "1b3e0ad8206b86965e0fac87e1b11775f3656c22", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647956063, "uuid": "acb843ad-040c-47f2-8ee8-f7ae4da91e1a", "comment": "Malware payload (Heodo)", "value": "f4996d9b90a8bd6745201db165b9cebd03219d345e68045cbe33a2029ccdec8bcf534afcfe60ce3e11085a68f76d95ef", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647956063, "uuid": "01b27389-1acb-40a8-8c5e-9e098b7df61a", "value": "T10AE4BF4177C2C0B6C15E017A5982D35D22F9ADA1AF3996C3ABD0BABF7EB40C29D35311", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647956063, "uuid": "32b58671-6e1c-4557-8c11-32b1ba496f7f", "value": "5529db874583b5635436baabaebb4b71", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647956063, "uuid": "c9585fb4-0695-4ac5-9877-7599e72d8312", "value": "12288:hr7tPMgvzJAHX/18nLrOo2HYJnfA/QCwirzKA0zhR3Hm/zZe+sB9qF6+Z2ncwH2i:ffdA3/18nLrOoaYNfhPhabS10", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647956063, "uuid": "d321469c-7d9b-4dea-9970-12794ef1beab", "value": 675840, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647956063, "uuid": "fe02ad6a-209b-4b74-bc67-ffa82eae860b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647956063, "uuid": "e6e9df54-9872-4f8b-b737-45f9b90cadf7", "value": "1d109c297722eeb5113774645ca5d22d4b4d35fb98d6ec001d9622f3340d2168", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "60f6f03c-aa04-11ec-9275-42010a9c0029", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1647969632, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647969632, "uuid": "669222c0-f6dd-4504-97a2-5ce800e4d134", "comment": "Malware payload (SnakeKeylogger)", "value": "cf968c422c8b0364ab3746586c40c58e", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647969632, "uuid": "1695ff38-5296-4eb9-aeae-dd0e6cfe5ab2", "comment": "Malware payload (SnakeKeylogger)", "value": "1d2db4b1011c2a6535cddaf3d4aac45d731c69a88337a58e88758a1bf919b2fd", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647969632, "uuid": "d9acba98-d350-46c5-bfbb-f491965218fa", "comment": "Malware payload (SnakeKeylogger)", "value": "e4bea9107a22cf1ad8b5070561937b03b512423a", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647969632, "uuid": "2f71f884-a7bf-44c7-8936-18316566e006", "comment": "Malware payload (SnakeKeylogger)", "value": "64533371147ecc6199992ff6866e959a9828da84dc40d630465b743f51ac9d2751ef553837090d1da407fa0427e3e9b4", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647969632, "uuid": "952213ce-5976-4bf1-bc11-7ac5f0f1e167", "value": "T10974121CD16C7666CDB587BAD4A21058D3B6D6CB3301EBAB09C0A65F5BD33924B03DE2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647969632, "uuid": "d6abe1a4-d1e4-4d5a-9c40-b48077ec7537", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647969632, "uuid": "0643030f-1e2e-4bb4-a3ec-77d8c52df20c", "value": "6144:TP9AS6NEOvf9KR1G76QU4Lt8Ho3CpqOvm3EetqLKTOhpRRRRRERP:TPa1EO3602gB8Ho3Cle3vELKTkRRRRRM", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647969632, "uuid": "c15be4d4-f9c0-412a-a05a-1309357aa35f", "value": 345600, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647969632, "uuid": "eb2e0f9a-05b2-4d02-9780-df044b7ca848", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647969632, "uuid": "1d5d93d2-6c0c-480a-b865-9907e1c20fa1", "value": "cf968c422c8b0364ab3746586c40c58e.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ca3c3b7f-a9e8-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647957783, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957783, "uuid": "b9c5efa8-5fc3-4715-854d-58bbef1254df", "comment": "Malware payload (Heodo)", "value": "9941bc3f0564bbbd69e0cf466ef54bad", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957783, "uuid": "d9caaa78-5750-4aca-a464-00b15e4a9c0e", "comment": "Malware payload (Heodo)", "value": "1d319c508d20be9ede500aa334822943d6603eb30e5be7bb27c5ef69929342d3", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957783, "uuid": "4b09188f-97e2-443f-89e4-7111e658f23e", "comment": "Malware payload (Heodo)", "value": "5f1f5a2424dcdba56926e63d85afd72de3265750", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957783, "uuid": "edf39c59-ac74-4370-bd2b-678c7330bf0c", "comment": "Malware payload (Heodo)", "value": "8f8a8fa9ecd5cf9f104d9a215d893150f96ac348abd73c79d8dc987320b1b62a0c911d2c9966e1d2b1994a1428202680", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957783, "uuid": "f133eb75-3433-4aac-a7d3-e89127efeb21", "value": "T142059C596B46C0F2C3B53CF0182A42B11D9AFAF2C7B7023B9E84167D9A70DC17768D5A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957783, "uuid": "bd52a79d-3b19-43cb-b2f6-bc6d9595fd7e", "value": "cd97bd977cef263c697f451ae2c47380", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957783, "uuid": "b90a0b11-d940-45d3-8cb8-666b6c1c3a0f", "value": "12288:V20BXOMcVzpWfmmnDDcX5P8fMYsvFE6NKGfLjx8QvbxafqNPOd4jy:V9XOMc1KmmDYX6svFEDGloyNPOO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647957783, "uuid": "2b61682e-57f9-475d-8412-250d38709fa6", "value": 799232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647957783, "uuid": "83266ef4-54ca-4eb4-8af3-87da0a4234a8", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957783, "uuid": "ac1d5ee9-5234-452f-a7a6-823f0ca3606c", "value": "1d319c508d20be9ede500aa334822943d6603eb30e5be7bb27c5ef69929342d3", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "895bca4d-a9c2-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1647941353, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647941353, "uuid": "6b4146dd-fa38-4713-959e-82a12defda63", "comment": "Malware payload", "value": "eb49b94834bee4084c92c5a37dfb05fb", "object_relation": "md5", "Tag": [ { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "mite", "colour": "#5F7C2B", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647941353, "uuid": "ec9abca2-dd24-4e3b-abc4-db0a2db70310", "comment": "Malware payload", "value": "1d3fa819ab6e67af9841d0e69a01c2678c7867033123498340e96da7de8bec31", "object_relation": "sha256", "Tag": [ { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "mite", "colour": "#5F7C2B", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647941353, "uuid": "97e38d7d-750e-41fb-a8aa-ee76d1ec2573", "comment": "Malware payload", "value": "7ca966ee7b912368567e54a2a198def2fe1f1fe8", "object_relation": "sha1", "Tag": [ { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "mite", "colour": "#5F7C2B", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647941353, "uuid": "23e2c00f-6ed0-41af-b107-84591a85c19e", "comment": "Malware payload", "value": "296465f6bfadcd0f1cc56804bc403af79aedc269ae5f72a4393ab393ba8d7391b44a1b08d1e8f9b1c397264f372dfe88", "object_relation": "sha3-384", "Tag": [ { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "mite", "colour": "#5F7C2B", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647941353, "uuid": "6cc2d5f3-9919-499f-8bcc-c2178156b76d", "value": "T14D413C895D1E4F41C5D550B4B9A045166D4503CE703DE9CF392863B8DC08BA23CF6D98", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647941353, "uuid": "8395c1e7-cbde-4207-a32c-72df8d8a9d4d", "value": "48:9c7eUz5Fb08PHuyoH22FSkmVGeWmtCMtrgvC7FlslH:gRz5Fb/PHD72EHumHZplslH", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647941353, "uuid": "5f4e0fa4-738d-4f2c-9474-4e16174ae31f", "value": 2084, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647941353, "uuid": "24629b06-0a5a-4cbd-baa8-637b8cc040e7", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647941353, "uuid": "6555eb29-383a-47e1-a178-bfafc75581c9", "value": "dettagli183.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "605a3295-aa14-11ec-9275-42010a9c0029", "comment": "Malware payload (RedLineStealer)", "timestamp": 1647976503, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647976503, "uuid": "2566998d-0bef-48a7-878f-e10e275eb6e0", "comment": "Malware payload (RedLineStealer)", "value": "76fcba3790feb7ee8ac489604cffd634", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647976503, "uuid": "f35e8939-1fb7-414d-832e-14641e4b2d30", "comment": "Malware payload (RedLineStealer)", "value": "1d71ea7f2fdc1407652e9993bccd3b0a3148eddc7b0957cdb8fd101e90fb21bc", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647976503, "uuid": "d9657d08-de64-410f-af34-e706e96addf8", "comment": "Malware payload (RedLineStealer)", "value": "a349f2af9041a91cb44183c2101b107c2f6747ad", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647976503, "uuid": "f8df7797-7346-461d-9aae-8ad28a273b98", "comment": "Malware payload (RedLineStealer)", "value": "519b48c5bb07a24ec9319a9442d9c5fe4d6fb7b3c8cf6a9889267cd6d5bedad41c8e25e365017a0573a80565c0ccdddf", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647976503, "uuid": "0a62c200-7410-4c8f-8227-d4975f096376", "value": "T1A93633A58C15B6E1D1D54834ACE99D1FC07D23C5DECC7425CF482EC7A8FE1E2BA2A168", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647976503, "uuid": "13150f9c-702d-414d-aa9b-621c29255de4", "value": "fddc083fa31a17c938d0a17ec7cd3025", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647976503, "uuid": "a8507cb8-6ca1-42da-b772-5455732054e9", "value": "98304:ZC3oGWkxeba3O21+fI+8xHUQVxGWc8k/7oK+PQN:sY1kAba3f+38VUQTGW0/7oK+PG", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647976503, "uuid": "e92aec75-d695-45ad-b3d0-60b80f35ff4b", "value": 4894208, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647976503, "uuid": "e5f5e0fc-d85c-4df1-91d8-62a2e5f40ccf", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647976503, "uuid": "c959c25c-a756-43d6-9ab9-984139c133e7", "value": "50570824.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "dc343da8-a9aa-11ec-9275-42010a9c0029", "comment": "Malware payload (AgentTesla)", "timestamp": 1647931184, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647931184, "uuid": "7c5d1311-ca66-48a3-b773-17e55785d9d8", "comment": "Malware payload (AgentTesla)", "value": "7e9d2cdcf64b5ccd7a96ed13ab16d826", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647931184, "uuid": "413ae5cd-3fbb-4a38-8ef6-9ba2267df29a", "comment": "Malware payload (AgentTesla)", "value": "1d83eafb4c5771b07167ad6fada3d92c42e99d85b57dfea619072738bb13d7c2", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647931184, "uuid": "1cebdcee-a0b0-4eda-8451-7a8e15941ef4", "comment": "Malware payload (AgentTesla)", "value": "82754a7578da37d220c2884f8e859d28babfa4c5", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647931184, "uuid": "e9db7800-ae86-41c2-8415-e9b7add30a23", "comment": "Malware payload (AgentTesla)", "value": "b2757dbe79b50ed888e4e0e73702bbbdfd901998b518a9ab3dd075eee3fdc1b1c3c697f8cf681edde3adcd60cd2c2026", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647931184, "uuid": "4ae51bc9-b6d4-4fa5-ae79-74f865027ec1", "value": "T19015F868F25472BFC87BC1F18A6C4D15FA3068FB67074A72929337894D6E483AF4A075", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647931184, "uuid": "35055337-9057-4a2f-a471-e5d8d4981ce2", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647931184, "uuid": "3b9a9f28-36a5-48c3-b60a-d008e40b5106", "value": "12288:BYX+HzgTNmz/SRsVh3ds8oLZAvheOjGaS5I/xXEOPHFXVqDBjq6SFrMff3wjtXCY:BvTKmTSnq6SFrmotyHSZcm5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647931184, "uuid": "4734084a-d251-4c28-bf0f-8064bb156f39", "value": 947200, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647931184, "uuid": "1beb6cad-73c7-4486-a562-93efe2c9565b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647931184, "uuid": "1092a0d7-73d2-443d-b328-c6dc30a4bbca", "value": "MV Han Grace.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1fdd4751-a9cc-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1647945471, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647945471, "uuid": "4985d0ba-5e07-446b-9ab0-2430e2d0cdb4", "comment": "Malware payload", "value": "eba8ab75ec73be194d720c84ed1e7d0a", "object_relation": "md5", "Tag": [] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647945471, "uuid": "967126d2-2e6e-4833-95f6-ce91172f3cb8", "comment": "Malware payload", "value": "1da82a2f1c9ffd400e9e7f607d8e3553e3fb72cf2e75a925a93393c53b51d28d", "object_relation": "sha256", "Tag": [] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647945471, "uuid": "f33238f8-6fe2-45b8-a529-0f3f8e97ee34", "comment": "Malware payload", "value": "721338160155ac465a013fbd5cb1ebbbab7b3c4e", "object_relation": "sha1", "Tag": [] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647945471, "uuid": "a481fed6-e21b-4620-8d31-25a8623df161", "comment": "Malware payload", "value": "447034930eea5adca686ff58decc8c33df30a6ff194d44ce13fd57609f092e478a97cee6248d84f258cb9d735b7a6384", "object_relation": "sha3-384", "Tag": [] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647945471, "uuid": "4a2ef5cb-07f1-45f3-aad9-78e3187b5280", "value": "T107041290EBE49B0BD561567E5232436551F8AEB7D34C3E0806F1B21E4CFDE4A07A178A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647945471, "uuid": "3f38438a-bea2-4d43-a404-e277c9af6b8e", "value": "3072:OizHJ/2rLweusS6In7JWZ3THcqhuoNgyyAymdaYtXJX28DHBwB8kCZluFv5:LJ/GrG7JWtHcN+yAyK53DH1ksl+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647945471, "uuid": "eef8bc1b-15d8-48f6-996c-796a08a2db36", "value": 186872, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647945471, "uuid": "f4ffb674-ea61-4729-8e8b-7b59c0b7f819", "value": "application/encrypted", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647945471, "uuid": "8e8c3a5a-f52c-45fe-b0c8-fde9d887d325", "value": "new order list", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ec250475-a9e3-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647955692, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955692, "uuid": "e636895c-971f-48bf-9379-251c8c1f6c8d", "comment": "Malware payload (Heodo)", "value": "89d251558fed2a6c8b66bde74481a117", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955692, "uuid": "c9be45bb-8fb8-4351-958c-9dca33c7e3d8", "comment": "Malware payload (Heodo)", "value": "1db041b516f0165f5210d6b9779bbdf4dc37a8623fad6ba00f1db9e5b32b78d2", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955692, "uuid": "9429887e-7934-40d8-8a0f-6ccfe36f1c57", "comment": "Malware payload (Heodo)", "value": "33482019ec5a770b2a791b646d9945c1da077c3c", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955692, "uuid": "7e51de00-486b-44cc-95ed-2cc770736580", "comment": "Malware payload (Heodo)", "value": "34f24eede61553d8ca83a179a75a66a2e6b8fd19146f2b7f9d49cb8bc8343080cc92f3cb4d5530011ad7633d33a73e39", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955692, "uuid": "56f86732-5f69-4f84-8632-1dc19d105cd9", "value": "T1D4D41A30BD5BF0F8C48A1BF46A05CA59620B7EA05625B0A372EE774D6F321334D39796", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955692, "uuid": "5bc46328-9cba-425c-90fa-ad6906b20c18", "value": "b193e4975b360aaa9ff34a6f93823ae8", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955692, "uuid": "44bf4ab1-b560-4d38-b238-f999da0b92e5", "value": "12288:ZxpNJJJ2NHPoczJ8OtIhxf3foRXIa5EPwvA:Zx2gczJ8Ff3fnaFvA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647955692, "uuid": "e26de731-eb33-4032-a12a-ebbfd636ca7f", "value": 618496, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647955692, "uuid": "e1e27b83-4dfe-4b37-b688-4179c3021f8f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955692, "uuid": "c3d4ccc8-31a6-428b-9364-7ce1e4c4337c", "value": "1db041b516f0165f5210d6b9779bbdf4dc37a8623fad6ba00f1db9e5b32b78d2", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "46faf295-a9ed-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647959710, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959710, "uuid": "e9f9c4c3-8b3c-48b1-bee8-054faf26d7ee", "comment": "Malware payload (Heodo)", "value": "815d752788fe2533486caafe62347511", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959710, "uuid": "f1fe90b2-640f-443e-96ee-b6f356bd271a", "comment": "Malware payload (Heodo)", "value": "1dbd851574939d80a14410ffbd3c271a6ebebabd8d5eae51f3d0b5d827f13d3f", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959710, "uuid": "fe827114-5153-4b88-8a42-aa1c1ebaa6a6", "comment": "Malware payload (Heodo)", "value": "ec35ef993b27e4077747e32215d68f5563779d6c", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959710, "uuid": "864b5852-66bc-4741-a658-939050dd8033", "comment": "Malware payload (Heodo)", "value": "4f90e4c2a9601bff90abafa434c8f54dff4848df635df07340769f748c0ca8c76b0978749540f465946e0e05f85859c2", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959710, "uuid": "16722f72-eeab-4aef-9c9b-293d39e932b4", "value": "T158B4194F1E989172F0CF28776C22FB65F1EBB8009319B8116EA81B4CFB25B715961D4E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959710, "uuid": "973c7be8-87c4-4e64-bdce-13d64266de28", "value": "ea66334e3c2bfce2838f2a75dde8dc63", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959710, "uuid": "c971b86d-297f-4ae7-be23-e11d396015f8", "value": "6144:8JZToYE666spbEgoZhZO1tNI+rB7FNXtwN2B5mq8dbSNQ7dqNThMx:8v/goZotlF/wN2PmBzdqNTWx", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647959710, "uuid": "1674dbcc-c4f9-43a8-af58-96069cf0f06f", "value": 516096, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647959710, "uuid": "aa2a79c8-42b9-461d-b87e-81fc10829229", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959710, "uuid": "14f8074d-cacf-41a6-971e-32263960c827", "value": "1dbd851574939d80a14410ffbd3c271a6ebebabd8d5eae51f3d0b5d827f13d3f", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ee4bf265-a9e8-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647957843, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957843, "uuid": "e55db344-7a87-4fdc-90ac-3cd4776137f2", "comment": "Malware payload (Heodo)", "value": "70ffaa0cdb0a5012f216d3b697b28249", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957843, "uuid": "5045f57f-3453-461a-a680-15ae8757dbd4", "comment": "Malware payload (Heodo)", "value": "1e133e9072010b8a6a08cbc56171aca93559db18de3712cef68670ba5dd2bed5", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957843, "uuid": "48df1b12-144e-46ae-8d54-e4d99dda0713", "comment": "Malware payload (Heodo)", "value": "d21ebce1281b41113aa7d0001ec7c887179536eb", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957843, "uuid": "124ba23b-9d25-4259-baf2-a27adea6bb22", "comment": "Malware payload (Heodo)", "value": "b49a776e950b284f43d3c15028d0807b42ce9c8541458a5dcf74587731610b49587296f3561d1618e74f949619744025", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957843, "uuid": "3278f9ab-8529-4c7b-a37e-b2b11ffd9f83", "value": "T173059C596B46C0F2C3B53CF0182A42B11D9AFAF2C7B7023B9E84167D9A70DC17768D5A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957843, "uuid": "5d4148fb-5086-46a0-bdc5-66c7c81f8b93", "value": "cd97bd977cef263c697f451ae2c47380", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957843, "uuid": "b674a7db-8edf-4926-bc04-38c53cbefeee", "value": "12288:V20BXOMcVzpWfmmnDDlX5P8fMYsvFE6NKGfLjx8QvbxafqNPOd4jy:V9XOMc1KmmDRX6svFEDGloyNPOO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647957843, "uuid": "b79f8cb7-bd3b-41c3-ad8b-953dedbb92e8", "value": 799232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647957843, "uuid": "e62193b7-a6d4-4ffb-8da3-2872f1ee0977", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957843, "uuid": "f6f3af0a-35eb-49c9-8369-7b009b2fb054", "value": "1e133e9072010b8a6a08cbc56171aca93559db18de3712cef68670ba5dd2bed5", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f0eaefdb-a9e8-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647957848, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957848, "uuid": "b71910b7-5f91-4adf-9609-c5b855549d20", "comment": "Malware payload (Heodo)", "value": "3920dfc0e8da2836760fca82a061990a", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957848, "uuid": "1511a413-abf2-49d0-bbda-aee928922f29", "comment": "Malware payload (Heodo)", "value": "1e13883ae64fec83b23dcf2b07a3e108727cc2e172cc36f2dd6e4589ad4e4235", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957848, "uuid": "e8703fff-0e9c-4f68-ba61-c83f05a031e1", "comment": "Malware payload (Heodo)", "value": "6605a3e9c93313a8ccbce7ebc21b4898b02f9b0c", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957848, "uuid": "5e2d9fd3-323b-4903-8091-172949076d34", "comment": "Malware payload (Heodo)", "value": "7b9a82d3106a69af49753337f581cd433df22ec20a5e1d990891d467a1235357d500c9bec16a2bc5a9a557b8ba823107", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957848, "uuid": "71b34678-fffb-4494-80ae-8ff45858e143", "value": "T1DA059C596B46C0F2C3B53CF0182A42B11D9AFAF2C7B7023B9E84167D9A70DC17768D5A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957848, "uuid": "3c6967d9-7982-466c-9f2d-e29f030d96e4", "value": "cd97bd977cef263c697f451ae2c47380", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957848, "uuid": "dc407740-f22d-4da0-8727-a9633fd6d472", "value": "12288:V20BXOMcVzpWfmmnDD7X5P8fMYsvFE6NKGfLjx8QvbxafqNPOd4jy:V9XOMc1KmmDPX6svFEDGloyNPOO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647957848, "uuid": "9a371d8f-d785-4685-a5e4-3a61099151fe", "value": 799232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647957848, "uuid": "a03bab4b-6f40-4bdf-b496-4944136a2568", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957848, "uuid": "6c17686a-3f94-4ff9-82bc-f7caced9a008", "value": "1e13883ae64fec83b23dcf2b07a3e108727cc2e172cc36f2dd6e4589ad4e4235", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "72713b08-a99f-11ec-9275-42010a9c0029", "comment": "Malware payload (RedLineStealer)", "timestamp": 1647926282, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647926282, "uuid": "8d06b946-ca04-4dce-a8ce-e86a4d7912e6", "comment": "Malware payload (RedLineStealer)", "value": "e7686c6b490418d92b0ab03f3af34329", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647926282, "uuid": "802f7d08-3d8b-47a9-a645-e2dcb154e624", "comment": "Malware payload (RedLineStealer)", "value": "1e23496a641d9ca4325035b1cabbc194fab2add3a1eb8f5a168009118f288288", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647926282, "uuid": "d98d732f-8704-4270-8d7c-c77614df1976", "comment": "Malware payload (RedLineStealer)", "value": "8ba7d22b39b3bd590167d1215523e09cd1853264", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647926282, "uuid": "2ebc8e0b-8d34-4cde-8694-bd22848dc1ea", "comment": "Malware payload (RedLineStealer)", "value": "79c494cdc79a9fc5eaf724f67101deba6a910fca3cea9d27a5df084364d1c0ae793bccf3390f2451836de875171e67a7", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647926282, "uuid": "9719519c-f6fe-48b3-bbfd-48c4a1a4dacd", "value": "T1EA1533B0AA4BFE8CE59F13B077306EC84229272010696357612ED7D9FF640B6B52D46F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647926282, "uuid": "c6c6f4bc-f467-485c-8c60-0df73276f4e1", "value": "445554923421947cbff896012e27345a", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647926282, "uuid": "1582300a-1d3e-49d0-b9d3-403647126de4", "value": "24576:r8xte1ucvMGlhXDzXJaJXuz5pkEaHNYK39a1Cepg:IxA5vMGlhXDzgJXuvNaaCig", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647926282, "uuid": "496e82d1-d91a-48d6-8589-4f069c5bbf73", "value": 943920, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647926282, "uuid": "0a161abc-89b0-44cb-acc8-e4163ef85681", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647926282, "uuid": "1c751d3b-523e-4f44-b14e-941e5df800e3", "value": "48588603.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8181c957-a9e2-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647955084, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955084, "uuid": "33d6092e-61a4-4a71-bcc7-a0faabce0770", "comment": "Malware payload (Heodo)", "value": "456366e8ff00973bbd643b3cfee8d861", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955084, "uuid": "99fb9ba8-6fcd-48e9-b8cb-f5d1ef832c1e", "comment": "Malware payload (Heodo)", "value": "1e34eafba3b39684116f6d1d1316485399a4bc29635112a5c7ff618290297a0c", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955084, "uuid": "13e02dcf-6cb6-4864-aeeb-d79033dc52d6", "comment": "Malware payload (Heodo)", "value": "e10c97188a0776d5a9094722fe9f18f9992859bb", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955084, "uuid": "7933a21f-5f1a-470e-a234-d1234c022f37", "comment": "Malware payload (Heodo)", "value": "e7c5b65b7ce2c97b29af9c279f455c8eea01243d69d9d8e23e8bfe81d3c44fff4f94a4d3c0943a208872e9903947baad", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955084, "uuid": "23777351-f302-47c7-92bb-c46adbb5a34b", "value": "T167D41950735AE1B7D0429CB58D1A82B5A90F6CA14A2471F3BBDE371DEB789B017213CB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955084, "uuid": "f65cffb8-c87e-430a-acf4-95ea58252dab", "value": "463401f61c44b0d918f1e23374db995b", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955084, "uuid": "dc1b2c9e-e06f-460a-bda5-a2aaa616080f", "value": "12288:DjN/Z2wkRrA9CRDC7ElAjHDsndSyHOrNvEP0Oua:dEHR+CR9yfsMyHOpJL", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647955084, "uuid": "39b64bb5-37bd-49fc-b5d7-fea4b638b18f", "value": 613888, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647955084, "uuid": "92fe0ffe-44f3-4bae-b6a7-7787db9d9456", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955084, "uuid": "6b886427-909d-475d-9b35-33f9a495085b", "value": "1e34eafba3b39684116f6d1d1316485399a4bc29635112a5c7ff618290297a0c", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "49b531d7-a9ed-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647959715, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959715, "uuid": "869dbba0-0e42-4de2-b046-3c33f6d5cd6d", "comment": "Malware payload (Heodo)", "value": "d5102ec89c52f5682525c5655b324546", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959715, "uuid": "f5015fbe-27e9-4a78-a8ca-b43c6162b361", "comment": "Malware payload (Heodo)", "value": "1e6d0d93601b2a1715b0682466a801313eda41f02418a4d4727a0fa0b2afd2ac", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959715, "uuid": "2dcb2b5f-8ff8-4c80-9bc4-3aa61db01f7a", "comment": "Malware payload (Heodo)", "value": "3296d10d8cde384ea61f1d5853e38add1bb58fb4", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959715, "uuid": "fa127299-91aa-4794-aa65-da4e4b565f75", "comment": "Malware payload (Heodo)", "value": "03e4edc85305fe124fd37619a3c9d55abd39785e8a08338dc67fcfb8edfbf7533fa78510ae1cecd5b7ed8780a0a7a3a3", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959715, "uuid": "a1ee0002-dea1-4725-8390-41aa936eba32", "value": "T169B4194F1E989172F0CF28776C22FB65F1EBB8009319B8116EA81B4CFB25B715961D4E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959715, "uuid": "6603d354-0e3a-4215-8123-c9aae8cbfb96", "value": "ea66334e3c2bfce2838f2a75dde8dc63", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959715, "uuid": "b73e9c81-6132-410f-9169-db4ae46b477e", "value": "6144:8JZToYE666spbEgoZhZO1tbI+rB7FNXtwN2B5mq8dbSNQ7dqNThMx:8v/goZoHlF/wN2PmBzdqNTWx", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647959715, "uuid": "be316c99-0ca8-4758-ab0e-38c9d2381017", "value": 516096, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647959715, "uuid": "30b8d114-c5f5-4abc-988c-58c90e1b4a07", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959715, "uuid": "078eee1a-ec34-48bd-9d28-fbd4c60502a1", "value": "1e6d0d93601b2a1715b0682466a801313eda41f02418a4d4727a0fa0b2afd2ac", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9266ed24-aa05-11ec-9275-42010a9c0029", "comment": "Malware payload (AgentTesla)", "timestamp": 1647970144, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647970144, "uuid": "8b6ba2a4-3fcd-4b23-a125-019639e17d73", "comment": "Malware payload (AgentTesla)", "value": "8e46560badffb18cf519568399a9e192", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647970144, "uuid": "ecd2ed5f-651d-4885-af91-7f0d87d37c46", "comment": "Malware payload (AgentTesla)", "value": "1e6fe89f4c072a72cb2d6cdabbf400c8a857360b8825e1d6807de0e4ee4b5a67", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647970144, "uuid": "61117384-54ce-471d-abc5-af162b4a87fd", "comment": "Malware payload (AgentTesla)", "value": "8e3cf86825c7deb10a6cec7bdd68b71bfe61237d", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647970144, "uuid": "7ff92a5b-db47-4dcf-9034-0c82fd00acf3", "comment": "Malware payload (AgentTesla)", "value": "4c1518d528289ff8198994271d4faf375af29c2204db68ed32aa23addd8995ba13c3aad0e61dda6ebd73b5167dda64d0", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647970144, "uuid": "99b253b9-4eb9-4e03-82c0-21ebf1f08b5c", "value": "T12F7568F0AD01D4C1F5BE5B6AF2FD3948A1343217EBC94A4A00E7E5651EF6A11B90ECC9", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647970144, "uuid": "6784ce33-09bd-40a4-af5a-f9fc9ebb01d3", "value": "12288:JPUsvhBCsZD96Vfi7Pyx6sdENjr4B5CITO/WRO7:Jcqb6VCPSdWnK596WRY", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647970144, "uuid": "79a90053-ca6e-4152-b1e8-f0850937535c", "value": 1668061, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647970144, "uuid": "7bc94cb8-61ef-463c-8ee4-63d69fa60d02", "value": "text/rtf", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647970144, "uuid": "da54f911-4f23-454e-979f-69f912103068", "value": "catalogue.doc", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "96116067-a9e1-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647954689, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954689, "uuid": "f1052ef4-1b20-42de-a450-83b44fc80b28", "comment": "Malware payload (Heodo)", "value": "084d31aa2a48606697913c3ba24796a4", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954689, "uuid": "36e83d42-99bb-47db-b727-a64c38620129", "comment": "Malware payload (Heodo)", "value": "1ecd8309c11ad8d6f3e4aad9c1a45e44870d94e996262de2071f34b32337ca90", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954689, "uuid": "8fe29751-d152-4840-89a1-ba732205a687", "comment": "Malware payload (Heodo)", "value": "f803aea4c4606bcf57d2f6ec4b56c959be61b892", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954689, "uuid": "9a424f63-e781-43f5-a5b9-c9c30cc2219c", "comment": "Malware payload (Heodo)", "value": "42f6cbfe57088c9a57f41ac0005e996c355d89c5917bc5ec618b5399c51c2992a2d04438fe67a70620114bee1e38b449", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954689, "uuid": "399d1ae0-c07b-495b-9f83-42d9f913b208", "value": "T12EB40706B152B13DC24BD0B96E0167A951AED9FD0BB137A3AFA813CC06A34D5735DBC2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954689, "uuid": "286bf202-db4f-4bab-b285-27e39655efdb", "value": "42fe0d732d1bb90c6a7a1bcfb8ef88aa", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954689, "uuid": "eb9d08e8-addf-4ddd-a9f5-8824089cfadf", "value": "12288:AASStHx1vVHO+1Hx54bg0p9n4WNL7XE0UdX:ecHfv4qx6np9l7XE0", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647954689, "uuid": "e8cf6519-78fa-45e4-b7be-6c7845433944", "value": 532480, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647954689, "uuid": "7261bda6-f207-4925-8de3-85616b83eb16", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954689, "uuid": "5fa4c84c-edef-4468-8ee9-cecf84109166", "value": "1ecd8309c11ad8d6f3e4aad9c1a45e44870d94e996262de2071f34b32337ca90", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "89eb6706-a9db-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1647952091, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647952091, "uuid": "8735f9a6-dc1e-435d-b465-61b8d06a1849", "comment": "Malware payload", "value": "1d8b5f23b5f610cea0c47b3f390038f4", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647952091, "uuid": "960593fe-0453-496f-8e7f-7d68b4f88ffc", "comment": "Malware payload", "value": "1ef5242e064f14e0094a9a26faf6cef5524e18efb921e58b47a0511929393587", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647952091, "uuid": "a848d79e-ff8f-4f97-9134-af9abed99809", "comment": "Malware payload", "value": "10ea6b4f07a0d85c9f86ff4bc2816e68e08d929c", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647952091, "uuid": "d20e8850-b757-4fc3-bc11-7616a09cdb93", "comment": "Malware payload", "value": "63bce0368d1a42523db75c1b1b7adbe472a1e7532d0fdaf052751911f9e63e5377246cde65ddcbbf277ee82f3ee15646", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647952091, "uuid": "147807a3-cbec-4210-8bb6-e2056d00460d", "value": "T130A6238A8E2E7FDED588C1BCA564C2C629D80676025FAE4F6A50FD789F6C347DCD4060", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647952091, "uuid": "eaf3b229-f84e-41cf-9cd8-8da7f130b070", "value": "be2d82c40bda7c522623a8a6650dda32", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647952091, "uuid": "9c439d6f-9ccb-4413-973c-cd271efe42fc", "value": "196608:Qiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiii9YYYYYYYYYYYYYYYYYYYYYYYYYYYY4:QiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiF", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647952091, "uuid": "9d455f9f-7441-4f6e-ab8b-14fab9e930c9", "value": 9566208, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647952091, "uuid": "839d2e6d-28f8-4a89-ad04-67d5b49c8d39", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647952091, "uuid": "282f63d5-f43a-44e2-9e03-4855f9cb2fad", "value": "1d.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "eecf1577-a9e3-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647955697, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955697, "uuid": "b7f2be77-4dee-42a2-b83a-8b3bb3ea320a", "comment": "Malware payload (Heodo)", "value": "0c47784d97742117a7d0610fcce997f4", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955697, "uuid": "b9eb4e99-d7a6-4810-8d24-42f65f161aa7", "comment": "Malware payload (Heodo)", "value": "1f4bbd79747a79c4e39e8e3edb8329cfc938118712b04dad59248f133c08f5d4", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955697, "uuid": "67b57068-3c3e-4903-9fad-e28d1f47fa07", "comment": "Malware payload (Heodo)", "value": "ddb589a453e8ae642fc5c6aaa35db31f1a8390dc", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955697, "uuid": "cef2f1d3-c65f-4337-9f48-32fcdf8d6c2d", "comment": "Malware payload (Heodo)", "value": "25bf12ad0a0fc484c71c3f0f9c14780375d4f55b77fe57531553e73743289431b6bf885e397a8b63683eadd821badd5e", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955697, "uuid": "296ba711-3d13-4d53-95cd-c9774a8c85ff", "value": "T1C3D41A30BD5BF0F8C48A1BF46A05CA59620B7EA05625B0A372EE774D6F321334D39796", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955697, "uuid": "39a70ddd-5aa4-4389-b79d-65dbfd6211b3", "value": "b193e4975b360aaa9ff34a6f93823ae8", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955697, "uuid": "1a8b5a83-3fca-4f68-8c1a-d17d6059511b", "value": "12288:ZxpNJJJ2NHPoczJEOtIhxf3foRXIa5EPwvA:Zx2gczJEFf3fnaFvA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647955697, "uuid": "0bc31778-e19a-4635-818e-046d40b3b23d", "value": 618496, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647955697, "uuid": "f74248e7-9c00-41c1-a92c-a73bdb8d0788", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955697, "uuid": "ddc901cb-b391-4fde-9150-5a1453a9abcd", "value": "1f4bbd79747a79c4e39e8e3edb8329cfc938118712b04dad59248f133c08f5d4", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4cfe2d60-a9ed-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647959720, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959720, "uuid": "a8d36c24-31f8-4ae3-813c-2546d59643ec", "comment": "Malware payload (Heodo)", "value": "d01ff90a8c2c0d50cf2406631c6c9de8", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959720, "uuid": "e3eb11c2-7665-4d6c-ba91-b05f7b9ed8bb", "comment": "Malware payload (Heodo)", "value": "1f52e325b387a6c39b2e698cc34b80ebe82ffc194c0e90725ba03ea7819b0daf", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959720, "uuid": "0bf9b1f9-7b80-4083-b3b1-84c005acb823", "comment": "Malware payload (Heodo)", "value": "9fb4a779ce302402aa07a8f8812418ba5ed8fb6e", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959720, "uuid": "da2cdaaf-4861-43b3-bdf1-7bc0381fe6d9", "comment": "Malware payload (Heodo)", "value": "383a64cce7446348a5053827ad63078cd23e0c3fab5e02ee2f44a21d252b565a12bc93633e7cba7ac00614e27969f7f8", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959720, "uuid": "93e3a549-271f-4488-b56e-314f357144cf", "value": "T11AB4194F1E989172F0CF28776C22FB65F1EBB8009319B8116EA81B4CFB25B715961D4E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959720, "uuid": "245dfaa2-219a-48c7-95fa-2ed72237b158", "value": "ea66334e3c2bfce2838f2a75dde8dc63", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959720, "uuid": "4cc54b2a-651c-4c33-a085-cd36e736955b", "value": "6144:8JZToYE666spbEgoZhZO1tuI+rB7FNXtwN2B5mq8dbSNQ7dqNThMx:8v/goZo+lF/wN2PmBzdqNTWx", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647959720, "uuid": "bd6f75bd-db19-42e5-bfc0-ae5416b5e450", "value": 516096, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647959720, "uuid": "da4b9c41-d8dc-4d4b-b507-432c4d8fe218", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959720, "uuid": "26fe9814-f87e-4201-80e9-3117fdf24789", "value": "1f52e325b387a6c39b2e698cc34b80ebe82ffc194c0e90725ba03ea7819b0daf", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f1ae8db9-a9e3-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647955701, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955701, "uuid": "5f879c1a-0f0f-4c41-97dd-f23e39a1286f", "comment": "Malware payload (Heodo)", "value": "123b0c96ecf4dc71c0de47be108566ea", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955701, "uuid": "88ec4d60-3fa0-4886-b64b-235f2ba0b517", "comment": "Malware payload (Heodo)", "value": "1fa1410603c24b5b5b76db0ecc6368aeb4d99add1852fb9262235da6b7250e48", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955701, "uuid": "e15a5512-0205-4b34-8ffd-cdbd268f8af7", "comment": "Malware payload (Heodo)", "value": "4f51a65a3b5ed6951d06d683e2d2a9221e793e2d", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955701, "uuid": "3965c7e2-ab57-4b5e-95d0-049b63783633", "comment": "Malware payload (Heodo)", "value": "20c23ced21e0647aa41f82c389aa9d59848f1828cb085704902936cc8666ac5e318420a9e8ffb1e088bbcf7281796d9f", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955701, "uuid": "45581c9c-7bec-4ab2-a6af-a25df503b331", "value": "T102D41A30BD5BF0F8C48A1BF46A05CA59620B7EA05625B0A372EE774D6F321334D39796", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955701, "uuid": "a5260225-19c3-4ce3-9875-c2e20861cd2a", "value": "b193e4975b360aaa9ff34a6f93823ae8", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955701, "uuid": "79521755-5d41-4fb5-8be6-30b20ca99d1d", "value": "12288:ZxpNJJJ2NHPoczJVOtIhxf3foRXIa5EPwvA:Zx2gczJVFf3fnaFvA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647955701, "uuid": "e0ed268a-4967-457e-81d7-141140670213", "value": 618496, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647955701, "uuid": "cb2446e1-5933-4f10-b68f-6e31be29d599", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955701, "uuid": "dfc0c5f9-49c3-49c5-b9e5-7ad9a73fff96", "value": "1fa1410603c24b5b5b76db0ecc6368aeb4d99add1852fb9262235da6b7250e48", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4cc95857-a9b9-11ec-9275-42010a9c0029", "comment": "Malware payload (AgentTesla)", "timestamp": 1647937386, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647937386, "uuid": "7669c09d-5a58-4c2d-b6e0-8e9ca93a124f", "comment": "Malware payload (AgentTesla)", "value": "4d49757e71e331b63c2aaef6ac1710af", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647937386, "uuid": "d51e53d7-5a7c-4c22-88f7-fc7d23c8d75c", "comment": "Malware payload (AgentTesla)", "value": "1fb115e58966f5b80000b76ddd36462b806a477fd520e9a09f4bc0d91771ecb2", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647937386, "uuid": "176079ce-d4b3-4819-8c94-43915c30085c", "comment": "Malware payload (AgentTesla)", "value": "4269188a9903dd03c7d7c8e3f998663a0286ddf7", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647937386, "uuid": "67fff21e-453e-4606-b8f4-b54027dbfb2c", "comment": "Malware payload (AgentTesla)", "value": "3815a0e16893d44023cf8d59efc9ae046a4fb45d912698ff8948bc1212c370f8c87f973aa6413fdb2b1e109379c3841b", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647937386, "uuid": "492c25b7-d526-4117-a128-80476479804f", "value": "T1C205E8AD316472EFCC67C0728EA81C64FA5074FB631B4907E55707A99D0E887EF940BA", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647937386, "uuid": "cc010138-9e33-415a-9a81-e41f04bc0c93", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647937386, "uuid": "b9d5d216-5261-473a-9ad7-de5a01c823fb", "value": "12288:gpmf2Dh9z32DBll4cycOfLAgQrdkDIHEopxC0zettlLRVMZjqnZnwEPyE6v1ViTD:ZfGh9SSnw69w1sTWxvvTVNa", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647937386, "uuid": "18116c7e-8c88-4c77-aedb-7f2f003a7203", "value": 835072, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647937386, "uuid": "609e3a6a-b8de-4ec9-9a0b-617ecfe7a3cd", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647937386, "uuid": "666eb722-df57-4620-b588-b525e1a29fae", "value": "documents.pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d0f635b9-a9d9-11ec-9275-42010a9c0029", "comment": "Malware payload (Quakbot)", "timestamp": 1647951352, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647951352, "uuid": "fc4a4eab-0cb9-43f3-aa6c-309bc8b0138b", "comment": "Malware payload (Quakbot)", "value": "c8d85dc303bc046c712c629b38e8d4f4", "object_relation": "md5", "Tag": [ { "name": "obama168", "colour": "#ED4CA5", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647951352, "uuid": "1d338742-02b5-4141-b15a-e833188b3ead", "comment": "Malware payload (Quakbot)", "value": "1fbd2782371601ec4a77f613b0eef88cb98c1a8535ffeb415facd2692036351b", "object_relation": "sha256", "Tag": [ { "name": "obama168", "colour": "#ED4CA5", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647951352, "uuid": "62fc0c4c-a6d2-4828-a2c4-f3318c65522f", "comment": "Malware payload (Quakbot)", "value": "fc7ceaa11190f179ed142910e177c0b4ee7b36b0", "object_relation": "sha1", "Tag": [ { "name": "obama168", "colour": "#ED4CA5", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647951352, "uuid": "9ac27e99-a57f-4961-9750-357894cb3c2c", "comment": "Malware payload (Quakbot)", "value": "67725834db89897e9569c91ae45f0d80438bcbbc7a93591e4c6ad1b6857e6b3e66b487953a29f31fd166a775d3779a85", "object_relation": "sha3-384", "Tag": [ { "name": "obama168", "colour": "#ED4CA5", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647951352, "uuid": "ed1efc65-a27a-4368-a96f-fa2d7cf20f20", "value": "T1C6F412756C789003D6B68138561045F2E30F357AADF2F22E0E9B9EE91D730A653AD09F", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647951352, "uuid": "f4c5859e-2973-435a-8b62-11943ec2b745", "value": "12288:vvw82BmJ0cDP9iYhEbfsmtEkjnEIAKpVSCCKRAmS+24nyxswY1tgYKpVGKig7Jlh:wvB4zkY6DdtEkjnEIAKiERjzksrwJggN", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647951352, "uuid": "8953ab8d-c5e0-450a-b5e8-0a6ff13f7545", "value": 767553, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647951352, "uuid": "1e403d11-f325-4a4b-a637-07d99392d950", "value": "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647951352, "uuid": "17c9b669-dd68-492e-ad2c-932278e0be7d", "value": "Compliance-Report-1691536999-Mar-22.xlsb", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "98ae5034-a9e1-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647954693, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954693, "uuid": "bae1d34a-2912-4b4a-9a60-614987bd19c8", "comment": "Malware payload (Heodo)", "value": "24e0e71cf20aa56c0dc5e6ea6fcc3e14", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954693, "uuid": "84282020-389b-4754-a327-6f55fce82393", "comment": "Malware payload (Heodo)", "value": "1ffcaec89787b7c0661e15475bd45cca4d4ba8cc6bd15a16ef9b87673bdae631", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954693, "uuid": "4248b503-c40d-4cb2-8be1-040e87163c2e", "comment": "Malware payload (Heodo)", "value": "385e7a069d66283400e7a1712ccce9b8c7403c57", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954693, "uuid": "5335ca82-c76e-498c-9e3e-686a914c18a5", "comment": "Malware payload (Heodo)", "value": "35ae7d3c382b7d7fdbba42c8908836cca0983670a986f35421d791e5c67d24ffc84da70f67b0478c77f0eb2d7df6d766", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954693, "uuid": "6285b8b3-3787-4464-878a-19fb07dd8315", "value": "T1B7B40706B152B13DC24BD0B96E0167A951AED9FD0BB137A3AFA813CC06A34D5735DBC2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954693, "uuid": "f2e7cdc9-a3a6-452a-a507-1cf96b4f78db", "value": "42fe0d732d1bb90c6a7a1bcfb8ef88aa", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954693, "uuid": "ec8f1f8a-3afa-4824-b88e-d21988b60a56", "value": "12288:AASStHx1vVHO+1Hx54Sg0p9n4WNL7XE0UdX:ecHfv4qx7np9l7XE0", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647954693, "uuid": "242f94eb-de99-431b-8503-b5c3cfb0188d", "value": 532480, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647954693, "uuid": "99dd8973-020e-449a-9694-3796adfda127", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954693, "uuid": "cea211ac-fb71-49b0-9682-c2a07f710065", "value": "1ffcaec89787b7c0661e15475bd45cca4d4ba8cc6bd15a16ef9b87673bdae631", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "df504faf-a9da-11ec-9275-42010a9c0029", "comment": "Malware payload (Loki)", "timestamp": 1647951805, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647951805, "uuid": "a24cf87e-958f-4a07-a865-27f101e83625", "comment": "Malware payload (Loki)", "value": "ec51e61a7ecd72a435877542bd9fe5e2", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647951805, "uuid": "453d41fa-a4e0-4561-86d5-3bbfaa57305b", "comment": "Malware payload (Loki)", "value": "20260f56bdb1f66273d93fb092aee3f623222818d6c46e943df24e2a6d6d3ff8", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647951805, "uuid": "90837ae8-abf9-4fa5-b114-3c31dc6815d4", "comment": "Malware payload (Loki)", "value": "900d5b6a5740d136f441234a8762f57c2671ffb9", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647951805, "uuid": "6ef3bcd5-f26f-4746-8262-f74b4a65fd65", "comment": "Malware payload (Loki)", "value": "4410816424cc1cefc92e2a7f6605246e18e800a52895c0985e59f41ea86374328a724153bfab9bb2fa6499c28781cda9", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647951805, "uuid": "d89cdf72-906c-4365-8274-515b9dd7cae5", "value": "T165247CE2A2C5FFC7C5BB25342EE536100B235B09291696419BCC262F77226DF3781B5B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647951805, "uuid": "0f5107ef-7d28-4044-be0c-71f05cbec509", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647951805, "uuid": "16ed447f-a2e3-42c1-8d02-eb545f75e6e1", "value": "3072:6ve07A7HTsJyCoHHXTAPRLz4ygZTdDucAROULw1/tSSnBp4iDHcwzF:6mZ7HTVCMjwRJgZhucAsnSSki", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647951805, "uuid": "d80aa701-9168-456c-9ff3-371dca7b8456", "value": 219648, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647951805, "uuid": "5c1ca86f-8bf0-4fd4-ac27-387296565da4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647951805, "uuid": "bf2ae5fb-705f-4d85-95a5-182c239de9a3", "value": "Sipari? P.O475003pickupdocument.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7c3a6f3e-a9e1-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647954645, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954645, "uuid": "d6283041-baa1-4f13-aac4-427d76d2564e", "comment": "Malware payload (Heodo)", "value": "97b02109a950f8ba13b4ac01369b10b8", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954645, "uuid": "71d0ab19-efc3-44ba-981e-eea9334e232d", "comment": "Malware payload (Heodo)", "value": "20a1f1baddfd3dc5c538623093299c830fb185529981ebd5b4a69aca31663e96", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954645, "uuid": "890d1e2b-cc25-4baf-a040-5f8ac0f0a714", "comment": "Malware payload (Heodo)", "value": "19d3917f94901bc73aa5a7b028e75ce8c1f56c12", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954645, "uuid": "287dd775-edbd-4257-8022-fb3bc5d9bafd", "comment": "Malware payload (Heodo)", "value": "c1f39a2257f9d541752ffef6b74b1229caaafd04349cd250c5d27fd677bf77294b7e73b81b3432f686024c3b49285936", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954645, "uuid": "802af5c2-2658-4435-b538-b49e639220a2", "value": "T1C7B46B992251F077D11B503D0BCC2AAD7EEB88F09A6DF27FD2A3558D0F31190A62D993", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954645, "uuid": "42e96f54-04dd-4301-b8e4-1a6fd13053f5", "value": "42fe0d732d1bb90c6a7a1bcfb8ef88aa", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954645, "uuid": "2476bb05-9d45-4c58-8616-ac505c6424ad", "value": "6144:cH4C1DzgG1GCQw2HOOnPE10JQNqytvrC4cHV9jp6YagzSAIVCL4Ry:cYC14G1GUgOOs14Qkytm1xpdIVCLqy", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647954645, "uuid": "aea4d663-f869-405d-9a93-86dadeea3a7b", "value": 528384, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647954645, "uuid": "efb6dee1-f91e-490e-8ad4-5391e1545974", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954645, "uuid": "4467709a-bc97-4e3f-b7f0-9cc40ee863bb", "value": "20a1f1baddfd3dc5c538623093299c830fb185529981ebd5b4a69aca31663e96", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4d548b54-a9e2-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647954996, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954996, "uuid": "eed63fcd-7940-426f-8e7d-0c4cc35f689d", "comment": "Malware payload (Heodo)", "value": "ba53be2b7b127d0eadba371554b5b7d9", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954996, "uuid": "00082cd6-2486-4142-8740-fcc5a7df2b5c", "comment": "Malware payload (Heodo)", "value": "20b8627cede8e80fc3a80456256caa9d1b35390acaf79f03b24a3eb9e59d2f5e", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954996, "uuid": "f8601ec6-5d7d-40e4-a649-3da18a08183f", "comment": "Malware payload (Heodo)", "value": "93289e801523a8ecb0acbdae9eaccee1353fe387", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954996, "uuid": "63cf89c6-8615-4f71-ba19-d370d675b843", "comment": "Malware payload (Heodo)", "value": "de75c08b968f17d38770ffd122499b7e01d185cc6f5aec66c627c4b1c85164428f947ac68715b56a05249fde4a9a28f6", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954996, "uuid": "ccbbc704-4153-4107-b905-1295e6197cfc", "value": "T135D45B11A5538073C7FB25F2CAF163B766DAAB91C72B452E02A8C07F7924E437752E21", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954996, "uuid": "00a2a085-27eb-438c-ad87-db730b81c6c7", "value": "c7be10fff3b5624b64714e5733abbf40", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954996, "uuid": "1982b99f-809b-4da3-bd54-eb01162af7f2", "value": "12288:UWBpwupxl0OeL/grxdGzO+r9AjCb/XKh:Psupxa/gU2mbvKh", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647954996, "uuid": "7babcf4b-3e2d-4b6b-a75c-e92d50560e9c", "value": 599040, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647954996, "uuid": "74afde42-7b5d-4651-a83b-18e160f04fd5", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954996, "uuid": "eb81332d-4f01-4c24-b657-55c39edd1846", "value": "20b8627cede8e80fc3a80456256caa9d1b35390acaf79f03b24a3eb9e59d2f5e", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ded1b681-a9a7-11ec-9275-42010a9c0029", "comment": "Malware payload (RaccoonStealer)", "timestamp": 1647929900, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647929900, "uuid": "9bce8f4d-bf19-4ea4-ab72-6f274c8ce8cb", "comment": "Malware payload (RaccoonStealer)", "value": "98d62216a3df889107bdd8148fe2e28f", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647929900, "uuid": "d0093600-2360-4c6c-a441-5d99a5395136", "comment": "Malware payload (RaccoonStealer)", "value": "20cdfc02c239254853f4915308b81aa9823916b8cd6eaa02b3c1a19b67b36e38", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647929900, "uuid": "0d9b69ae-f8ed-486a-8fec-94febc6e6c3e", "comment": "Malware payload (RaccoonStealer)", "value": "2565ee792f4a41593d588b6ff4be619f4156ae69", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647929900, "uuid": "5aa9fe4a-23b7-4c07-9e78-6149cd0d0a16", "comment": "Malware payload (RaccoonStealer)", "value": "7840b4473f3127a9391e5427912b0b1b1ca1287f9aa55ba47ab6a0700f91e03df0713c81f187580264cf871c3b7042bc", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647929900, "uuid": "8bea96a7-58d1-44cf-a74f-d248c5c1dd90", "value": "T1A0B412A63762C136C5996834B0E4C362FA3AB87306D94193B780477E5F306E3BBB6751", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647929900, "uuid": "42f00074-ba7b-47e7-8ecb-3a5183c78b22", "value": "9961a441bd45a012df9cb046f9dfd5d8", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647929900, "uuid": "48ec3b3c-5412-494e-b1d3-7ab35688a6e7", "value": "12288:tF/pgGS4jytLamEq6L01Vqit643GHGN2o:tLgGS4jytLa10/qN43GHQn", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647929900, "uuid": "513714f5-b5e1-4509-8230-e5f9c763df05", "value": 524288, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647929900, "uuid": "572de872-f225-460f-a789-81e0795c0caa", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647929900, "uuid": "5eb84532-defa-4b37-beac-4a7380874011", "value": "98d62216a3df889107bdd8148fe2e28f.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "19fa5b13-a973-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647907236, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647907236, "uuid": "01fd5dae-62ce-4694-b012-66fe59c1d92f", "comment": "Malware payload (Heodo)", "value": "f19e351668ee858a192e04a36a59cf8b", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647907236, "uuid": "c9da674e-6ff8-4e3a-a69b-ece4664877f3", "comment": "Malware payload (Heodo)", "value": "20d08c512650693c605630f9ccb6394943a5bd2f6cded2a2095290767b31bfbf", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647907236, "uuid": "9d4d3277-9531-43a9-b9b8-78cfe8971ae0", "comment": "Malware payload (Heodo)", "value": "b7462e8f2cfb1dac737a158226837221b56d9b74", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647907236, "uuid": "fe987595-06a2-4a02-bf15-7d260d08379a", "comment": "Malware payload (Heodo)", "value": "b8db0dcb0c630f5a4785ccd86221b8bb2f3a726cb38d4ec965365b011d3db1b61e7f1bc6ee4dbb2ec01cde6746ebd62c", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647907236, "uuid": "3ed3f874-6298-4c32-bcba-fafd58df4e42", "value": "T1ADB43A11BC916832C36FAC7456073262588EE7F0DBD1F26FA3E0495C9A7C5E36624BC6", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647907236, "uuid": "2640c0fc-9db2-47ee-9263-47ba0b0e1229", "value": "14e6ae8d1400b6271725b3f01025b85e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647907236, "uuid": "33326984-8858-47ef-be43-4938dfc1e00a", "value": "6144:VikzyaB9eoCyx/mEhHB5RYSJ/xH+qiCjzQNPj79GkqbscgCG5qH6scI:VNnCGmyHB5SSJp60zQN39GkUGQSI", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647907236, "uuid": "e3c0bb64-6620-48ec-8b75-0e053b7fb371", "value": 505856, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647907236, "uuid": "8d888d82-1f51-485d-8cf9-9fa9856d8e3a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647907236, "uuid": "c38f3118-60b9-466b-b54a-db518d71b749", "value": "emotet_exe_e5_20d08c512650693c605630f9ccb6394943a5bd2f6cded2a2095290767b31bfbf_2022-03-22__000028.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "179362b1-a97c-11ec-9275-42010a9c0029", "comment": "Malware payload (AgentTesla)", "timestamp": 1647911097, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647911097, "uuid": "9ed0a64d-7f51-4644-97e8-f84867673c95", "comment": "Malware payload (AgentTesla)", "value": "521519ddf7e586ebfaa02ec26b787ee7", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647911097, "uuid": "0304271f-0892-4d8f-974d-af5b6f0e3579", "comment": "Malware payload (AgentTesla)", "value": "20da9061d97a613081f164a4ace352121755f24a0e0c717d2791e03579daff53", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647911097, "uuid": "93337b36-2619-4887-b23a-32109c2a61e6", "comment": "Malware payload (AgentTesla)", "value": "7cc245e1cf44485b6fc26858bfd41d6858bd6462", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647911097, "uuid": "28251484-30ba-4e37-8ea4-c7d701ff9fa6", "comment": "Malware payload (AgentTesla)", "value": "1dce8a1701ff6d73b1e172b58b769606f943f0c5f6815107f8192b1114d732a44ae7d2c131669a92aba880f3dcf01d7c", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647911097, "uuid": "13345c5c-ea49-48b8-bfda-0b5d9fbd362b", "value": "T1192523D4B258CC15D26F4BBA94B4530913F8C8389921F78CEE5222F357A977DE3A0983", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647911097, "uuid": "69fe9bd0-6d7a-4633-8b55-17a9ccf78288", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647911097, "uuid": "c795e4e9-60f3-4327-af06-801327bb913a", "value": "24576:E8ohwH82CO6zGNAGMGKKbOZtE1XCI2Pf12WZRVmqKOZVzjM:E8ohwHU4AGM0bOAH2HEWRmqdV", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647911097, "uuid": "59acd733-ad46-46e3-8dd5-d4be9b5c58b5", "value": 1024512, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647911097, "uuid": "fd1f6155-2819-4553-8b5d-f0c4d2d583aa", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647911097, "uuid": "b9d7811e-725b-4ed1-a230-b6b1582e7d4a", "value": "COPY.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "157b4d6f-a97c-11ec-9275-42010a9c0029", "comment": "Malware payload (RedLineStealer)", "timestamp": 1647911094, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647911094, "uuid": "8768cb5b-cb94-483f-8a69-ab218d20bee2", "comment": "Malware payload (RedLineStealer)", "value": "634fb3eeffc9d7f01d1f007e1e53c935", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647911094, "uuid": "ad8dd636-f814-4880-9b43-f81e5e4206e0", "comment": "Malware payload (RedLineStealer)", "value": "20e601fdc81f247e76d50525101d89659d6743d08b8d88254bf19e0ab4a8f461", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647911094, "uuid": "9170f407-6ea4-425e-a517-f70436bffb2c", "comment": "Malware payload (RedLineStealer)", "value": "4dc4a430ee666415d2e6d2e500412a8bae19d5e3", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647911094, "uuid": "8147e1e4-2562-4cf2-a3d8-e51520ae4073", "comment": "Malware payload (RedLineStealer)", "value": "fa9ea4a38073ed8ef79e293e94783662c8fcd2d73ff6727340b9532486866aa559989b56745732243d576ebc4a8de1b1", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647911094, "uuid": "bae06671-4500-48cd-bf06-d0b00e36416d", "value": "T12FC423CE414CAD6AD98467FEBF2CDAD55F740D90EE801DD18A1FC403B86A1209173AF9", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647911094, "uuid": "5d571423-968f-4d87-bce9-89a1f6959a21", "value": "445554923421947cbff896012e27345a", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647911094, "uuid": "5059b54d-1ab2-4d77-afee-b8dd246ff4b0", "value": "12288:XBiuOgCFcKev49OqkQS03ULaHNqrxlKIQNo8jyGNAGZDaeigrJ0:XBikOcATkkEaHNYK33jpTZOj", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647911094, "uuid": "9f129632-4b99-4d70-a0ab-335ac0d507a3", "value": 572928, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647911094, "uuid": "9c8de56f-e7ac-44a3-a469-c89f2427bd07", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647911094, "uuid": "a782a682-d4fc-4f2a-9202-9a46b00f46af", "value": "38024582.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "daf0d4cb-a9af-11ec-9275-42010a9c0029", "comment": "Malware payload (AgentTesla)", "timestamp": 1647933329, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647933329, "uuid": "893801d4-34e0-4a7c-925a-e5a07f391228", "comment": "Malware payload (AgentTesla)", "value": "50ee4f9092cc008e5a7b9c3ac174922a", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647933329, "uuid": "4676e23c-92ea-4d0b-9007-2d7e47e3d4a3", "comment": "Malware payload (AgentTesla)", "value": "211d4a3c08de859af3fb0bf7fff5ebce4c6db3c0860e2e2182cbd98d21d9ff1a", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647933329, "uuid": "d5efc3fb-88b2-4043-8a01-61cf2d503065", "comment": "Malware payload (AgentTesla)", "value": "ac541e8f895a848dd70f6098d5be8cee77ed3a46", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647933329, "uuid": "70a8396f-c897-45f4-9c4f-51e0b5e9c944", "comment": "Malware payload (AgentTesla)", "value": "e96aea592100312aa1a2a73f750ae24dfbc65341804e4c7c521e09b594168e98cb9f1674b41c3aa7179b0a24ba980215", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647933329, "uuid": "7cce6fd3-4722-4f98-955e-6a2fbba26662", "value": "T10125330277788B73E48A17B8BC10670503B1ED220D66FABCEE0921C796DF7655B225D7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647933329, "uuid": "85516f92-920a-4e6a-9a2f-c47cb6398d82", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647933329, "uuid": "f94917d1-9a1d-4578-87a0-349b0f6668ac", "value": "24576:N0ohjmgYO5sdxyJpaUZgXTWtNCaBynX1pkelnYD/qu70IW:N0ohjmgYO77aUZgjWbCaBynFpk2nYD/Y", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647933329, "uuid": "4b66b3bd-c7f8-43e4-b80c-e8c28aa11685", "value": 1016832, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647933329, "uuid": "bf1a13e4-0974-45e8-8101-e54f682ab296", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647933329, "uuid": "82c69598-c285-4363-ab38-bf26428db3d3", "value": "Quote Request.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "71dbdde3-a9e2-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647955057, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955057, "uuid": "0e4fe82b-a065-49a3-a2d8-5214ce8e1679", "comment": "Malware payload (Heodo)", "value": "0e2fe6406cf3318d44a0972401d1b7ff", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955057, "uuid": "9edb0470-e902-49c3-97cd-8b6928f0efdf", "comment": "Malware payload (Heodo)", "value": "2159f41b45bd367027d27640b327dc27d5ea172d2c9633ab9744a45538ef91f6", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955057, "uuid": "bbc4a155-2050-4836-bfae-2f9a514272b7", "comment": "Malware payload (Heodo)", "value": "c6a30f5bdb8b4180fb39ba3d2f14c56c219784f9", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955057, "uuid": "029d7644-1f1d-42ea-945d-5a6426cfdf41", "comment": "Malware payload (Heodo)", "value": "23be0be58207e94500ed152315fd92feeb1e4337d8efde699e036921df7125a80a48ed3887a36ab1c3e96405fa4d200f", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955057, "uuid": "e4540705-1183-44ab-ae6e-988cf71b37f8", "value": "T17FD47C82F7429EF2C00B03347C32B2586BADEAD5D2158D6B9398A5AE1F35573493DE43", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955057, "uuid": "87260969-bc15-4589-9e2a-73b1d26e9efb", "value": "e0b213ccd96f46d30dcd8e225f4e9fc9", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955057, "uuid": "4211141a-3ff0-49bb-ab40-f472c6df054c", "value": "6144:XjPgWGbb0OEmS9Vzf5WI9nI1LSfcaQMyhKmZHNRuIfv7YtaIIo0cm59CH7PQ:X0bEtf5WyI1LSfcpfxhstaICRLmrQ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647955057, "uuid": "434ea5fa-02a6-4385-9f29-bc42aca62105", "value": 602112, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647955057, "uuid": "d1f3a674-fb62-4571-a8f4-588233a442bd", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955057, "uuid": "ddb92ae4-2866-4d07-93c0-e38b51f11e8c", "value": "2159f41b45bd367027d27640b327dc27d5ea172d2c9633ab9744a45538ef91f6", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "66b76619-a9e2-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647955039, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955039, "uuid": "64e8258c-44cf-4e2e-8a07-e125c048c8a4", "comment": "Malware payload (Heodo)", "value": "9836d82ced841a9e22fdaa0876c9d5fe", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955039, "uuid": "63bd9dca-4892-4c87-904c-f79c4345edce", "comment": "Malware payload (Heodo)", "value": "217fdfe1a56bce7bcbf7b5c314d6e2796acc6aa0b96f86ca195ecaa7101bc7e2", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955039, "uuid": "c0f397d4-39e2-4eca-8703-80b2e3e107e7", "comment": "Malware payload (Heodo)", "value": "8ab93eb9bcf836705445935146ab699d1d1dd7d7", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955039, "uuid": "a0046046-6772-4dc0-af6d-45c2385138be", "comment": "Malware payload (Heodo)", "value": "7957f450692a55b2103abd629b867ba1e2fe3a469c152987b82f6ed06dbf68b3ecd54ad8ff80dccdc5e98bb6c5185c49", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955039, "uuid": "0ac3c557-b4b1-43a2-a5b4-242052d72023", "value": "T179D47C82F7429EF2C00B03347C32B2586BADEAD5D2158D6B9398A5AE1F35573493DE43", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955039, "uuid": "57359844-43c1-4f05-aa50-1ee628068848", "value": "e0b213ccd96f46d30dcd8e225f4e9fc9", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955039, "uuid": "003ed417-18b6-45f2-b84e-bb6830384f02", "value": "6144:XjPgWGbb0OEmS9Vzf5WI9nI1LSfcaOMyhKmZHNRuIfv7YtaIIo0cm59CH7PQ:X0bEtf5WyI1LSfc7fxhstaICRLmrQ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647955039, "uuid": "83b9b83c-cf77-4c32-88cd-f5799caab5aa", "value": 602112, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647955039, "uuid": "06e9c2b9-c19f-4d70-99ae-747b25f62358", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955039, "uuid": "66994afb-93f1-4b2d-8bae-df7b7c91e689", "value": "217fdfe1a56bce7bcbf7b5c314d6e2796acc6aa0b96f86ca195ecaa7101bc7e2", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d51db1e3-a9ed-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647959948, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959948, "uuid": "cac10085-705d-4725-b244-5b2144949eed", "comment": "Malware payload (Heodo)", "value": "376447e563e82ed7e478b7726eae5aa1", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959948, "uuid": "740e8ace-d228-4eca-9ba0-da8c0380aa7d", "comment": "Malware payload (Heodo)", "value": "218134abdc8cdf42511bd731e5808fde47b990aa9d4540fd9c6dfd36bdcf1e6e", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959948, "uuid": "24ef85f7-f7b3-4a84-bbc9-c52ad21e69a2", "comment": "Malware payload (Heodo)", "value": "e4b837d811fd8291897a49b35e0371dd5175da4f", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959948, "uuid": "398213e4-1789-43e5-97cf-d725346e77e8", "comment": "Malware payload (Heodo)", "value": "ee7012133c59f16737a314910df60b86626bf629e2d2f8a9c167db22a646467feea4e3e4d37cb244819c7e8a707c4109", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959948, "uuid": "70a64294-4929-444b-aead-e523b7542802", "value": "T14CB4194F1E989172F0CF28776C22FB65F1EBB8009319B8116EA81B4CFB25B715961D4E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959948, "uuid": "ef259946-183e-444c-8084-6a306ef043c9", "value": "ea66334e3c2bfce2838f2a75dde8dc63", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959948, "uuid": "28663ff9-b796-40ec-b966-e64ad6b4c942", "value": "6144:8JZToYE666spbEgoZhZO1tEI+rB7FNXtwN2B5mq8dbSNQ7dqNThMx:8v/goZowlF/wN2PmBzdqNTWx", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647959948, "uuid": "02db7cf2-0041-419f-8641-d56a3af6fcf7", "value": 516096, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647959948, "uuid": "e4cc7030-62b0-4cd5-b751-f5424b344703", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959948, "uuid": "496f183a-2c9a-4792-878f-0428c1815fdb", "value": "218134abdc8cdf42511bd731e5808fde47b990aa9d4540fd9c6dfd36bdcf1e6e", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "41d1e312-a99e-11ec-9275-42010a9c0029", "comment": "Malware payload (RedLineStealer)", "timestamp": 1647925771, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647925771, "uuid": "03b2bc1f-9494-4dab-84f5-3cc99d79b30a", "comment": "Malware payload (RedLineStealer)", "value": "6b98f1ca9da714234c46da0952a3bfce", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647925771, "uuid": "2f89cad3-2771-46e1-94da-b7fa58c55e0a", "comment": "Malware payload (RedLineStealer)", "value": "21ae778bc2049c6c715303e2f357afe66eab3175b062fc8702eb1b8bce9efe1b", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647925771, "uuid": "7941af9b-8cf0-4a29-9c5d-9c7fd37c5956", "comment": "Malware payload (RedLineStealer)", "value": "982c59f04d3559145bf5ae8797bad56c043c4a5d", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647925771, "uuid": "b8236795-6f6a-44f6-95e7-905a34b200a4", "comment": "Malware payload (RedLineStealer)", "value": "2c55073a130137ee37cfe15e2c6d694b8c0de9ea1263e6dbef6a1501f11a52b9496146c8cd25c6594b8000a7caee3db7", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647925771, "uuid": "a2b985b5-96cf-4c44-ae6f-321963c95d59", "value": "T1ED2633009E83608AD945DB7E30ADF524DFA742ECB4DDD56176372AC0386486BD8FD0AB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647925771, "uuid": "ccdb8262-89d3-4459-8de5-61bcbb554e26", "value": "dfec469ff9e19f9df882decc3c09398f", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647925771, "uuid": "39f0796b-1943-4a0a-8d43-6ad3ebddbf50", "value": "98304:wBGwTBCRlSbInTVo2uTiSPoT/ImbFErfhOIddFC:wRIRlS2BmGoabOdFC", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647925771, "uuid": "8676f624-cf18-4b21-9a4c-b1a2b448ca51", "value": 4851864, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647925771, "uuid": "4cccbb8a-a252-459b-8238-bb51195b382b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647925771, "uuid": "edacf05a-1c9c-431e-9d7c-8876797b4b77", "value": "43899566.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f71d243a-a97c-11ec-9275-42010a9c0029", "comment": "Malware payload (RedLineStealer)", "timestamp": 1647911472, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647911472, "uuid": "fc139a3a-73bb-4564-aec1-2cbbec55036d", "comment": "Malware payload (RedLineStealer)", "value": "76e9c84ff8d3064c1dd0f6ea8f007b9a", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647911472, "uuid": "0dead6b0-a7c3-4347-8aca-a99b0565a204", "comment": "Malware payload (RedLineStealer)", "value": "21ce4eea2fc1dfcdbfcab7645818ccb6fd63df8fb49587c14995d124c322552e", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647911472, "uuid": "aa7840c0-148a-47b6-8d81-9f7eb3d19960", "comment": "Malware payload (RedLineStealer)", "value": "7b487e32acb289a355353678794297d9c7eb4cac", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647911472, "uuid": "84291f10-59ce-4e23-9039-454304bd626b", "comment": "Malware payload (RedLineStealer)", "value": "94cdf88a6bd2f6922f93fbcbe4a9136091af576f68d350b686d39fb557a1f55a2a57d7daffb8d68f0a54a58e3a1dcb72", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647911472, "uuid": "6bd8ba38-2624-4987-ad85-7f050e17099c", "value": "T1881633A169C7D14ECE8DF9F9738CB44DE62F093F0AE4B42553AF4C428C87A15A2DC45A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647911472, "uuid": "2ed05ae6-a919-4841-bfd7-71f4286e8b67", "value": "445554923421947cbff896012e27345a", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647911472, "uuid": "365deabf-17bb-41f9-ab04-9b1010ff7311", "value": "98304:T+BDGVNb7/AjrnyWnwkffrY4+W41cGLVJ:T+BAbbfwneW4+GxJ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647911472, "uuid": "bff3d5d5-04ec-446c-848c-71490f7b556e", "value": 4072392, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647911472, "uuid": "29c4ce27-872b-4fd9-b045-f462908a3b23", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647911472, "uuid": "957f6e37-177f-401f-b399-21ec1f346ccc", "value": "39769457.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "253e83dd-a9b8-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647936890, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647936890, "uuid": "9e4b14bb-787e-4998-905b-a1adb9976e59", "comment": "Malware payload (Heodo)", "value": "8d141a796773f4f97a401862f212aaa1", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xlsm", "colour": "#6BFEB7", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647936890, "uuid": "da160b83-14fd-4c1c-9317-49ff49aa2e93", "comment": "Malware payload (Heodo)", "value": "21e65d250d71aa504d2df24e8a75dde6b79ce628c30d4decf3b32fcfa41d565f", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xlsm", "colour": "#6BFEB7", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647936890, "uuid": "7b15f4ec-0a15-44da-b509-97ab31a18a92", "comment": "Malware payload (Heodo)", "value": "3526843fc3dabf09bb6eb17ce79e567547ea7768", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xlsm", "colour": "#6BFEB7", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647936890, "uuid": "9267ad4f-2741-46ae-9013-6b90960f59b5", "comment": "Malware payload (Heodo)", "value": "37a9209e98d3dd10d46c403be3b7e779040748f6e72a3e2ccc41f50fded3acd92db6148e394f09909bcf1cde5da3f35f", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xlsm", "colour": "#6BFEB7", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647936890, "uuid": "6aa94b86-a115-4ae4-a407-bc65dcb34c8e", "value": "T130F2A031F2E29B59E477583C478CCAF8D77DDA2246067E2C308A13BC5F123566A4E24D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647936890, "uuid": "e6404049-57c7-4c2e-8569-421a829318ea", "value": "768:Qhtqi5eiNlAjOZpqcVbZYpoRuBlIiOKMArOooooooooooooooooooooooooood7O:QhtqigGUOZZ1ZYpoQ/pMA8i", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647936890, "uuid": "11e3d820-f44d-4a03-901c-4a12a16e3a85", "value": 36475, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647936890, "uuid": "56cb1a38-28de-4ac6-8225-22d2ad6f7caa", "value": "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647936890, "uuid": "8e010861-2c0f-4369-948e-9cf91e91b7a4", "value": "informe 228.xlsm", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "84bd177f-aa12-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1647975705, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647975705, "uuid": "95d0047d-6a4f-47b1-89f8-9ece46eac5b5", "comment": "Malware payload", "value": "ed153bfce1f2ff7566f306cd9e6600c6", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647975705, "uuid": "d8abb5ed-5e62-4eeb-ade0-b6e502ceda41", "comment": "Malware payload", "value": "220677a0620a15079bbde9a9f33f127b4f751423fc9b5b2865310fb958f11b5d", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647975705, "uuid": "7c9b6bca-635e-42e3-805f-42eba6d7d124", "comment": "Malware payload", "value": "17b483c438423fa060f4fe6ebe2a8a92b1c3df8d", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647975705, "uuid": "a59d327e-cfe9-4480-8bce-aabcd8865c10", "comment": "Malware payload", "value": "3a38321e3cdeaaae222092683b9b0813e68dbd779b07ba6ea48bccf62f153c5fdf6edddb1ab8406e6032c1ba0f60d01b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647975705, "uuid": "f74793bf-3393-4261-9c7d-acaec64caed8", "value": "T12B269D395B09ED796BD70222D06B311F6880C535D6CFB08E379E0DC1AA8BDBECA9D445", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647975705, "uuid": "5f6f3ac1-b922-45c5-bf1d-a466238104d0", "value": "98304:e+HSkNTNHweK16eii4Jeov1xpvaU447SGakU8quJ16jNVv1Wn2Xp8A6cCVk+bpT4:x8KivKVN16jXdg4p4R4b+bNxpx8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647975705, "uuid": "ac2bc06e-b416-42e2-9f63-6eb1c10a4d4b", "value": 4727457, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647975705, "uuid": "c7371da3-1660-49b6-a547-6799aac03389", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647975705, "uuid": "ab76ae75-be10-4858-b413-2d486ca89e58", "value": "ed153bfce1f2ff7566f306cd9e6600c6.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4942ad14-aa0b-11ec-9275-42010a9c0029", "comment": "Malware payload (Formbook)", "timestamp": 1647972599, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647972599, "uuid": "2db3314f-0e6d-4755-86f7-d70c0041d7ba", "comment": "Malware payload (Formbook)", "value": "a76fd34ef5236a55fef611c180fe984e", "object_relation": "md5", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647972599, "uuid": "81157a48-f066-4f40-9419-edd63fafdb7d", "comment": "Malware payload (Formbook)", "value": "223f9b4a7023ccb0cadd6e693083c48a51236fc3b8c17bfc85082350f4ff3ba5", "object_relation": "sha256", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647972599, "uuid": "1209c620-6881-40b3-85e1-838cd72d1ec7", "comment": "Malware payload (Formbook)", "value": "38d9fab9b82c38dc0f79bd841562be3006e622b4", "object_relation": "sha1", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647972599, "uuid": "91134fb3-c2be-41a7-b0c6-651ee0d5c23a", "comment": "Malware payload (Formbook)", "value": "7bd2c126c3b141afe8e6856fd0043e9b4d5337f519f408919d77c2c9d4d30bf68a7b21b116f32659293bb3ee84e86bec", "object_relation": "sha3-384", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647972599, "uuid": "0acc8fa9-5fa1-4091-9ce9-1116da3ebf39", "value": "T12B141251BC254768D654AB38EB248E275160DE103BEB5F405139FEAFA430D3AF4AC477", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647972599, "uuid": "db0da691-f086-4442-ab71-ce72c84fffce", "value": "3072:noovN4glDWyEhZ2ZS78etJComkV5CJNwAKW6saHt5uUZ1eS:o2yyEhue7AkODpKW6FTuUeS", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647972599, "uuid": "60ca22c8-36ee-4631-82e0-b5f16de31dec", "value": 190552, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647972599, "uuid": "cd12c205-9a1d-4797-ac10-1ccc8b06f64b", "value": "application/encrypted", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647972599, "uuid": "e1b0b53e-ac96-425b-948c-a5d314ec050a", "value": "TMT Eood Order.xlsx", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "90bde529-a9ba-11ec-9275-42010a9c0029", "comment": "Malware payload (Loki)", "timestamp": 1647937929, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647937929, "uuid": "842ff2eb-7642-4368-8f20-469c48f76cfb", "comment": "Malware payload (Loki)", "value": "f36663bf22478f0ad37fd0f8b0165155", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647937929, "uuid": "527b7c57-e7a6-434e-b4ef-28e1312439d6", "comment": "Malware payload (Loki)", "value": "2269a69ccc3ae635d89bcf5860aecdafc37f063c5c52f37822c40ba2a496af55", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647937929, "uuid": "2dae243b-60a4-4344-8ccc-59f958b62072", "comment": "Malware payload (Loki)", "value": "1a97c21643c379bdc707138425fde0146a87cd6b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647937929, "uuid": "50c7e296-c10a-4484-a053-ba088a6aef89", "comment": "Malware payload (Loki)", "value": "61c382dbee84ffebd814a7608298db579b620eda23ecd3c786a666a4738e986eecc63ebb9ed0c3b85f3f8fc07194bcd2", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647937929, "uuid": "bdf5010c-1f5d-4ba9-a8ba-e19305e95074", "value": "T1E81523E8AA999336F7BD05F459351B0027F29614A833F64EDDD162FA468F340A10B3E7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647937929, "uuid": "5da24a8c-28b0-4dc1-90b4-5387de4e496e", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647937929, "uuid": "772b9036-c148-468c-b6b8-7dcd4273f1ac", "value": "24576:1XohFu/UYAzGcA2bjBJAfgMRJ5/dcjHQAtvzG8q8HkHu:1XohQ/pAuudKfx/5/pu", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647937929, "uuid": "fb3d205f-f05c-41ce-b843-f3452ab60351", "value": 926720, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647937929, "uuid": "6f4c374a-e6b6-4475-8f5f-7fee6b00a332", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647937929, "uuid": "d3f72a67-e93f-44ea-9b8c-89d36d208901", "value": "DOCUMENT 19202828.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "75affb5c-a97c-11ec-9275-42010a9c0029", "comment": "Malware payload (njrat)", "timestamp": 1647911255, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647911255, "uuid": "c6f5059f-647b-487d-8cfb-7583b2e2f454", "comment": "Malware payload (njrat)", "value": "350f283de8dadabeea29e5bdf4b5a6b6", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647911255, "uuid": "8a0851b7-b08f-4abf-a886-d2e25f1d5fd3", "comment": "Malware payload (njrat)", "value": "229438439820bdea6cfd13d4ef305c2361e22e4fa780a25e0b83984990d7998a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647911255, "uuid": "4e15d67b-a036-45f2-a4b7-e4130b0e493e", "comment": "Malware payload (njrat)", "value": "cf409fc7f6293d3ece63978c50ec02d081fb720a", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647911255, "uuid": "94184e41-9da8-4a46-a71c-91e77739625e", "comment": "Malware payload (njrat)", "value": "fedcb49d3760aaf5a1ac42eebe7b885dbdb0598c6b62096f2ca5ed03cbe39a68df19652863573ecba15a72ef827c783d", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647911255, "uuid": "fea4f4df-cc6d-49ff-bb43-0082239cd15f", "value": "T1B5F533999780A771E312FDB282E3317D7E05732868C8B903EF7BEA54D1DADD60658B40", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647911255, "uuid": "8674bf66-e4b6-47cf-a2ef-2ccb36aa646a", "value": "140094f13383e9ae168c4b35b6af3356", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647911255, "uuid": "397c0343-ffb4-484b-9bda-9c72da168b5a", "value": "49152:G0ZsEhGUJRMBT11cnShzykmCOvbl5G05++N0H1VGEL2P17Osb:VseGDD1cn2mCj+KHDGK2t7Osb", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647911255, "uuid": "896c4744-7b76-4708-88d1-3dcd595822e3", "value": 3421184, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647911255, "uuid": "c6a16ff3-a155-4465-8a57-e8af534a1fa3", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647911255, "uuid": "f5f548b1-450d-4913-a57e-49ae0b871de8", "value": "39199877.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cbeda9b9-aa0a-11ec-9275-42010a9c0029", "comment": "Malware payload (Formbook)", "timestamp": 1647972388, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647972388, "uuid": "b15a74b2-7aca-4c6e-8bdf-fd2c61307532", "comment": "Malware payload (Formbook)", "value": "b15841b6c7c45baf2ed1ff02497b71c3", "object_relation": "md5", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647972388, "uuid": "89673c97-bcae-49cd-b624-32888d45055c", "comment": "Malware payload (Formbook)", "value": "22baae9e5b520ddace9bf46c2dcc2986f5c3a21932bd75c758925cc75a2c3484", "object_relation": "sha256", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647972388, "uuid": "8b0ed052-4980-4f30-b527-df2a30e8ead5", "comment": "Malware payload (Formbook)", "value": "0b337aff69d438f83cd75632bae05c36ff3c6785", "object_relation": "sha1", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647972388, "uuid": "36475120-aa13-4cfe-a0ea-63affa891d5f", "comment": "Malware payload (Formbook)", "value": "6cc0527badfdd7b404d78efbdc1dba9f99a76de9158c3e760bce1c95314641a6cad7aecd4ce003f5e7bd90df3039bccd", "object_relation": "sha3-384", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647972388, "uuid": "9fe39eb1-aa58-449b-ad61-daad83f23af2", "value": "T10C14121F091FD435F3F2DBF4D1A2E37C2807DD14010A76963969B38512BA6983EE35AA", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647972388, "uuid": "a9851ca0-17d6-4ccf-b252-b69b00c57999", "value": "3072:ucH4h2fGS+SDe6/zO0dRPam+/R7FC/59Yg94CcWb6prefkT4BwXVMXRV9EY+Pu64:GS+SDe6/qMRPamwnC/56LZokT4iGHL0Q", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647972388, "uuid": "afe12d51-c523-46e4-9140-6d28e7d5282f", "value": 192024, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647972388, "uuid": "12f99f21-2088-4c9c-a453-a1c136c9d624", "value": "application/encrypted", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647972388, "uuid": "8d0374dc-2b2d-47fe-b525-ca8ae850b772", "value": "NEW ORDER LIST&SPECIFICATION.xlsx", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7f5a1ab4-a9ed-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647959805, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959805, "uuid": "dd9eee24-43a9-4ad6-9a04-a9453eb83d14", "comment": "Malware payload (Heodo)", "value": "bf91eb6cb9a2dafa0dfebca397c1e04d", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959805, "uuid": "8468420a-e57f-42f0-af9b-9143e069b5a0", "comment": "Malware payload (Heodo)", "value": "22bcd13494a6baeb554f943694a301985ccb222341a97d7951b13e9b61e887b5", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959805, "uuid": "39ad77d4-0160-4b37-a7ec-1a098fcf6cbe", "comment": "Malware payload (Heodo)", "value": "8a3bcd84ad0d34b211ac4d8f4e86d65db5b6b416", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959805, "uuid": "f90e38b8-8cd9-4489-876b-852a1a2f67b3", "comment": "Malware payload (Heodo)", "value": "b1f2eb54139175fa10dff0c533717f031acd4ec18463e77a0f146bb9b4fecc65c21073fd7bff8e3b09aa2d5d1a148bc6", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959805, "uuid": "6e1ba2f8-fc6e-428c-928a-493d1efbe7b2", "value": "T10EB4194F1E989172F0CF28776C22FB65F1EBB8009319B8116EA81B4CFB25B715961D4E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959805, "uuid": "ae0e296b-9369-440c-8951-1071e643b200", "value": "ea66334e3c2bfce2838f2a75dde8dc63", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959805, "uuid": "76fc30e8-f2ba-40ed-af24-67ad5ccecb1c", "value": "6144:8JZToYE666spbEgoZhZO1tYI+rB7FNXtwN2B5mq8dbSNQ7dqNThMx:8v/goZoclF/wN2PmBzdqNTWx", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647959805, "uuid": "52ce8ba1-5fba-41be-b9b3-d951aeade605", "value": 516096, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647959805, "uuid": "258d55e0-7603-47c8-a6ff-010ab95507e7", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959805, "uuid": "89f709b2-42d7-49b5-bf97-c07de82a866f", "value": "22bcd13494a6baeb554f943694a301985ccb222341a97d7951b13e9b61e887b5", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ac3a5586-a9df-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647953867, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647953867, "uuid": "d2380cfa-18e2-4265-8652-281935bc7f03", "comment": "Malware payload (Heodo)", "value": "a0bc56320fa970341c0bd0939b1dae7c", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647953867, "uuid": "abbb90ca-e56e-4f7c-96b5-20771d0da616", "comment": "Malware payload (Heodo)", "value": "22bd7f59268468c81d8919b7b12f4122c140eeaed950d3e076fe6e72785dce90", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647953867, "uuid": "ac2c95bb-9944-44d8-ba50-00bedfc06c2b", "comment": "Malware payload (Heodo)", "value": "8bf868edd758294437ddf5476d830c80e1adef08", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647953867, "uuid": "57ad414a-f180-44dd-ac1c-70f857c147e4", "comment": "Malware payload (Heodo)", "value": "82f12542e1804d7157527606a19e45da51c112942463949dcae89694b3b5505bbb65cfef577d558e6854fd486eecc1c1", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647953867, "uuid": "0c2b2a1a-7852-49f4-9bd6-e02465a7c126", "value": "T1F865192267D844E8F5F75B32D87BA591AAB67C655F30C6CF1960024F0E72BC88D36326", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647953867, "uuid": "8fc5564d-318b-426c-a8d4-e4f45f745ef4", "value": "39948763cc1873dc50981ea479aab099", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647953867, "uuid": "caa871b7-c609-4d1f-ba7c-61439eb0aaa4", "value": "24576:vXdNDDUQ+5lv7RTE61NRXP2rRkY+uO1WSEnXfYB7vEs1yN:vdNDDUf5J7RTvrRXurCuO18fYB7vEs1k", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647953867, "uuid": "b99f6167-fede-4315-bb41-3b56f5e3bfa9", "value": 1506304, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647953867, "uuid": "def151db-f858-4c78-872b-646bd2be4fc2", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647953867, "uuid": "cf71b648-3310-4fc7-918c-733e0c66b8b6", "value": "22bd7f59268468c81d8919b7b12f4122c140eeaed950d3e076fe6e72785dce90", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1cb56c6b-a9ed-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647959639, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959639, "uuid": "ee58694b-d9d5-424b-bc28-a3078fc0f9c7", "comment": "Malware payload (Heodo)", "value": "13b35364bd7f8e040ad641def1fbf156", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959639, "uuid": "c9064817-7dce-408c-9d44-f967dfda468d", "comment": "Malware payload (Heodo)", "value": "22c81dd1204118cf4be39dcf9bad9508df8f44a331d349b85124fcd55411321e", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959639, "uuid": "9b881795-8cb5-44a4-a941-2a49ad894115", "comment": "Malware payload (Heodo)", "value": "4fe532e5292989c7a6762a67edcf4b132726f601", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959639, "uuid": "03ef0371-1b10-4887-9ac7-e6f4d8b6fcec", "comment": "Malware payload (Heodo)", "value": "3e199dc10563ab915cdd004fb013d21016b074f5938cf7f2d86eb588ca46edaf857e428c2bcc4911893babfd63a40944", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959639, "uuid": "b8f1c558-0925-4723-875f-18b98c87ecf1", "value": "T116E4AE607B81C0BAC31E30B50517A37966E9A9709F3897C7BBD46B7F6E740C19D3821A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959639, "uuid": "b769c374-db50-4bad-a5e0-c928d0ab6e61", "value": "cca9170027b8a1c09e4e49e3efdfdd6a", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959639, "uuid": "b1a36673-6106-4721-964a-9959131f25ca", "value": "12288:JzpSPnEifD6xu1XRiTFIy30ZKm0X8sD12m1yMu0mPVOXNZ:JzpSPdDBQTFIy3mFW8a1/cNVY", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647959639, "uuid": "b8a834fa-6460-49e6-9cc9-95d723a4c86d", "value": 660992, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647959639, "uuid": "fae7573d-5c89-45ff-9f03-3bd12b3a48b6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959639, "uuid": "788f0c2d-615e-473c-abbb-d25a1e14eade", "value": "22c81dd1204118cf4be39dcf9bad9508df8f44a331d349b85124fcd55411321e", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a9f72b46-a9e9-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647958158, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958158, "uuid": "b61b29a0-083b-46ff-9428-d85b9658e2c3", "comment": "Malware payload (Heodo)", "value": "e7de3d36c9a0b483a20da43fd586d41f", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958158, "uuid": "5f0ea1d7-1cb8-4618-a7ce-0a0759cd7ac7", "comment": "Malware payload (Heodo)", "value": "22e2b57e1d7d67977bb8b1cc5c3c803595875f78e928e1383a4bc6647a9dd503", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958158, "uuid": "7d68a1d6-f9fe-4e96-b5f9-8522caa086ab", "comment": "Malware payload (Heodo)", "value": "3730238aa25289924100c9559a6b19acb112ca68", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958158, "uuid": "3a65dad7-34ac-4614-a288-860c9c7194ac", "comment": "Malware payload (Heodo)", "value": "4fd1786883f30ae21a5914e5df1c752efa66e0aaaefaf8824757d7d85df52a14fe53b552d4995cb7cbf1b3d2cc65093d", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958158, "uuid": "ca8be32f-997e-4377-891f-4192bf55eef0", "value": "T1C5059C596B46C0F2C3B53CF0182A42B11D9AFAF2C7B7023B9E84167D9A70DC17768D5A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958158, "uuid": "1891d00d-18b8-4658-9352-f926730a0701", "value": "cd97bd977cef263c697f451ae2c47380", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958158, "uuid": "ffa242d0-9852-4fef-8670-938c28123e19", "value": "12288:V20BXOMcVzpWfmmnDDBX5P8fMYsvFE6NKGfLjx8QvbxafqNPOd4jy:V9XOMc1KmmDFX6svFEDGloyNPOO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647958158, "uuid": "79dbebb2-7bb0-42ee-9867-c00a94c5bdd5", "value": 799232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647958158, "uuid": "46d43b49-c02c-491a-9e7a-cdfb133e7c3e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958158, "uuid": "0633c150-e2f2-4b0a-8e3d-f38eb8a041dc", "value": "22e2b57e1d7d67977bb8b1cc5c3c803595875f78e928e1383a4bc6647a9dd503", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "93d12725-a9e0-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647954255, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954255, "uuid": "d6e8b9a9-b6cb-46e6-92f1-2407a5439703", "comment": "Malware payload (Heodo)", "value": "140f4aa48da57b33e82672ed9fa54a2c", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954255, "uuid": "3d97b322-dd62-4953-b27d-a869a209a316", "comment": "Malware payload (Heodo)", "value": "2317c45b74b2ba61b9b074bf6296d7081093d043b2dea723ac852ded518c6871", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954255, "uuid": "45793e51-8c3b-4eb4-9080-b034fc1739fe", "comment": "Malware payload (Heodo)", "value": "e0ebd80267a39d37dea786d8c7a59efea9cd987a", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954255, "uuid": "5e3a6ae5-aab1-4870-ae5b-607ffdcf29f6", "comment": "Malware payload (Heodo)", "value": "8266e6d3a71bc584a49d3030b1a699725ed2affaaf094d63d143a534b322f46054fa36c67fed795c1c22b0bc663efb75", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954255, "uuid": "0c6e4413-fd34-4cea-b38d-2d7ea84ef429", "value": "T1FB25AE223AD5C07BE2AF16760506E76E62F5FD304B2586C36FD11BAE6E345C29739302", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954255, "uuid": "b8b49a76-b8a7-46ad-8045-dd13b736d859", "value": "c43d7d6aae03def404d4e73d7d3f62eb", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954255, "uuid": "a361f7dd-911a-4ffb-a648-cef9258017f0", "value": "12288:+LDlVD0Fj+g1dEJgcIzQHBKeWZlQX5tFjNRLU:Ci6fgcIcHB8ZYbLU", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647954255, "uuid": "d9fcb8d1-e990-4c2e-b7b0-00eaa9ee037f", "value": 1028096, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647954255, "uuid": "33ba6256-5049-4ece-8df3-53555b168f2c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954255, "uuid": "50e7e7e1-f6ef-4092-98b4-b734495c2fa6", "value": "2317c45b74b2ba61b9b074bf6296d7081093d043b2dea723ac852ded518c6871", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1f5d1915-aa03-11ec-9275-42010a9c0029", "comment": "Malware payload (RaccoonStealer)", "timestamp": 1647969092, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647969092, "uuid": "27201c73-7205-456a-b981-9c57e1c732eb", "comment": "Malware payload (RaccoonStealer)", "value": "dff29e842500a140a740789a5ae36bb7", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647969092, "uuid": "aece43a9-3fe6-49ff-89a1-214332fa944c", "comment": "Malware payload (RaccoonStealer)", "value": "2324f4a3075dd29ad5968843189c8a11b536775cf64baa202ca6f3e9db418a0a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647969092, "uuid": "717919b4-f780-447e-8921-63d2a616fce0", "comment": "Malware payload (RaccoonStealer)", "value": "69c191f677b34f923efe118f8709ab39b304138e", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647969092, "uuid": "22721ff9-eb35-41ec-831a-25033d1ff355", "comment": "Malware payload (RaccoonStealer)", "value": "7808768f24169037266fed169a9b89aafe6e58e4be6317a166e5b1cc7ed7addc90b817c38f9c75984cfcc05a8a7ec1d8", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647969092, "uuid": "364c2529-4256-400c-af05-934378bd6834", "value": "T1E3B41269B550C032C453A4342D15C572632FB8311B798A8BBB492B7E0E727D1FB7A35B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647969092, "uuid": "3caf6807-6baf-4638-8a52-1570b6feeefb", "value": "7c5b10d9e40901c040091d030f4c7b35", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647969092, "uuid": "83621fdc-e97f-4c70-a643-e65a294fec80", "value": "12288:zE3zcGzW3jeL/NdJL0wr28UFj6LUp8Kt4s:QZEw1pr28O2oeKt4", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647969092, "uuid": "a1df2c40-2b62-4dbe-89b4-ed2610d0f32b", "value": 534528, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647969092, "uuid": "91e015e5-8071-4301-b570-c2f66efba573", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647969092, "uuid": "2203893c-d0d4-4acc-ad8e-7c5eee46b3ba", "value": "dff29e842500a140a740789a5ae36bb7.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "887fc24c-a9ea-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647958531, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958531, "uuid": "6a24691e-a04f-44fb-895d-e683a2f266de", "comment": "Malware payload (Heodo)", "value": "d4e0cea3c73faf3bcc2a81836cedd333", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958531, "uuid": "47d2c365-e438-4511-bc4f-b57a9670b946", "comment": "Malware payload (Heodo)", "value": "237748b362cc7d301e2371082455979ad50f4bfddc7cf3ed904b61ff64a4926b", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958531, "uuid": "55fcf3dc-e7c7-4200-a983-cf78349df4d3", "comment": "Malware payload (Heodo)", "value": "7ed3e6ea9a81a2f5f6335a00e542aa77d511581f", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958531, "uuid": "067a0990-7706-4b8b-b843-9f9c5c8fc8d9", "comment": "Malware payload (Heodo)", "value": "37b7fb7bb99620919456086cd17a3e3aa349574276c27b20065351df71ce94c036b11c63b08233485af797159ed3d651", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958531, "uuid": "30bbd3f5-db1e-486b-a524-6f99f3107643", "value": "T1DC059C596B46C0F2C3B53CF0182A42B11D9AFAF2C7B7023B9E84167D9A70DC17768D5A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958531, "uuid": "cbc050e8-2bd5-4e58-b9a1-7320b60c782c", "value": "cd97bd977cef263c697f451ae2c47380", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958531, "uuid": "ba02fbfe-195b-4a71-9e34-7424f70b5a3f", "value": "12288:V20BXOMcVzpWfmmnDDnX5P8fMYsvFE6NKGfLjx8QvbxafqNPOd4jy:V9XOMc1KmmDDX6svFEDGloyNPOO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647958531, "uuid": "bcee34e4-fa5a-4577-8234-b22f689129a3", "value": 799232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647958531, "uuid": "ef76fc8e-f99e-48ae-8647-7304772aeeae", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958531, "uuid": "3085820d-d80d-437c-8d20-b0e4fea5f823", "value": "237748b362cc7d301e2371082455979ad50f4bfddc7cf3ed904b61ff64a4926b", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "09b6912d-a9ea-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647958319, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958319, "uuid": "7d8e4c58-6ae1-4cb4-b05b-4e6a692ce5c9", "comment": "Malware payload (Heodo)", "value": "a41af388017a6d235672f926d0da69ab", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958319, "uuid": "7ced3e59-9b4d-4c31-b803-7fa0af1ac411", "comment": "Malware payload (Heodo)", "value": "239f71a5eb9bda163857ef95cb5b52d31e21ee3e76ea22431be1bbc3561979a3", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958319, "uuid": "1d286d07-d6ad-4d75-baea-ec63e1c16ef5", "comment": "Malware payload (Heodo)", "value": "83dd23ca4c637b07baf80d2ae3998c52f141637c", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958319, "uuid": "4ad39eec-7aa9-4464-8fc2-8f32a7aaf082", "comment": "Malware payload (Heodo)", "value": "7bcf0666d8710cb92b06acd21945914b2a5a540ffd1f61980627e278b9683890c80a41ae10796511c6b22ac22bd8e9bb", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958319, "uuid": "65d82a8e-943e-4e1a-ab36-b0845fd90b5d", "value": "T1FA059C596B46C0F2C3B53CF0182A42B11D9AFAF2C7B7023B9E84167D9A70DC17768D5A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958319, "uuid": "7cbbbf2e-1b87-4359-b5c5-e51c3e75a4b1", "value": "cd97bd977cef263c697f451ae2c47380", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958319, "uuid": "ed6184b1-6224-4b0d-a581-204f82897507", "value": "12288:V20BXOMcVzpWfmmnDD6X5P8fMYsvFE6NKGfLjx8QvbxafqNPOd4jy:V9XOMc1KmmD+X6svFEDGloyNPOO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647958319, "uuid": "809efe93-5bfd-4b06-a513-94b9cbff4296", "value": 799232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647958319, "uuid": "eba4ee33-0680-4643-a657-887d1430be24", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958319, "uuid": "83472ac7-d664-4f64-bf23-1f55b0d79beb", "value": "239f71a5eb9bda163857ef95cb5b52d31e21ee3e76ea22431be1bbc3561979a3", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "038d31c1-aa15-11ec-9275-42010a9c0029", "comment": "Malware payload (RedLineStealer)", "timestamp": 1647976777, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647976777, "uuid": "869598b7-e2bf-4c7e-8d29-efa5e8580e61", "comment": "Malware payload (RedLineStealer)", "value": "1b3d5bbb3422011229c6498a91dbfaa0", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647976777, "uuid": "d8551a7a-f1ac-4288-a3c6-6eecbf05eac7", "comment": "Malware payload (RedLineStealer)", "value": "23cdd164eb054e285d1809114b5b5286c20cf7e9444cd5a70b06d3a71cd7fa1e", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647976777, "uuid": "9dc2b535-68b5-415b-bdb4-e155dee4b7ce", "comment": "Malware payload (RedLineStealer)", "value": "3de0bb4680497165ec858d83c01c72f330dab8ca", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647976777, "uuid": "1d69500a-b71f-4a81-9310-4ed671b6bfd7", "comment": "Malware payload (RedLineStealer)", "value": "5ace2451b723218450172ab943dc8316338709534d78ff5155387167a2cef7427deffe09a4ecce40d7eb76daf72c0f66", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647976777, "uuid": "1d021298-4877-4e7a-ae35-5c0a3975a572", "value": "T1961633A5B205BCA7CC7366FF116A623AE77390C509C0F16FA72AC5C8949075BB41E4EC", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647976777, "uuid": "7152a194-828c-4277-8da8-04e0d9f461cd", "value": "445554923421947cbff896012e27345a", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647976777, "uuid": "ff145cae-2257-47e7-b28c-6e68f9cc7ee7", "value": "98304:KB0M5SABKL7Lm74mSaQo+6IRjd041Wn/8/Z8TSjJzERVur:t8lBKPCFVD/4qG9Wo", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647976777, "uuid": "b8841d01-c266-4ef9-b240-6a5363692a8c", "value": 4123288, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647976777, "uuid": "6041c3ab-991e-4777-85fb-9e16c932fd15", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647976777, "uuid": "2a0c2cc1-4836-4fc5-8666-7a624ca491c9", "value": "53845542.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "958ce41a-a9e3-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647955547, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955547, "uuid": "cc13b0fa-4eb1-4ab3-8e87-fb2cf315a48c", "comment": "Malware payload (Heodo)", "value": "2a34b2b7628ed3424a94bb774c5f5bfc", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955547, "uuid": "c92f6eee-849c-4e95-a03a-9b642e1b8b2b", "comment": "Malware payload (Heodo)", "value": "2418a68d22f268efa9c29e8f8b167964125483f0ea8963389810e33271abd078", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955547, "uuid": "aa928f81-c61f-44b9-b81b-5c8000d63daa", "comment": "Malware payload (Heodo)", "value": "7b686dee3eb028054e92bf2c09f719fa4ec6963e", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955547, "uuid": "61b2bd00-e3a2-479d-979a-885acffc5537", "comment": "Malware payload (Heodo)", "value": "2c262032093903d020b228b55336508855095758d769384dd63912058fc2f4971afad380d8e3d070ee853692e3ba99b4", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955547, "uuid": "4da5f4f1-810b-40db-a2bf-bb31c85f7090", "value": "T11CD46B03BFD3F0F6C12F0F394505D608989A7AC6A62A45A3539C6BAFED770138D36652", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955547, "uuid": "f5b171bb-b1e2-4490-a93a-61315468e186", "value": "987fe31a9a4cd6eac4ce656a05c3724c", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955547, "uuid": "ee0e9133-70b3-49ad-9b0e-608d8e30e32e", "value": "12288:QXvRLpX4HMAus65rSxMxWXb6Sw5BxfmRgnI:Q/Rt4HMA+rSx2BlmeI", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647955547, "uuid": "dc6ef8d0-1006-453e-b215-e4f4707bb2e2", "value": 614400, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647955547, "uuid": "fb77bf3e-3f90-4d3f-a96a-380c5d93bfd8", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955547, "uuid": "d4779878-e0e3-4d62-a500-a7eba682aa14", "value": "2418a68d22f268efa9c29e8f8b167964125483f0ea8963389810e33271abd078", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "586e8498-a9e2-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647955015, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955015, "uuid": "a25684fd-448c-4258-861f-f46691972660", "comment": "Malware payload (Heodo)", "value": "9a49d9d8c37ee89fc84567b3c0f3da5b", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955015, "uuid": "4ad417c5-eb0d-4030-a1c7-db540b043488", "comment": "Malware payload (Heodo)", "value": "245859b1b206d55d3631bff311d52011bad6c8fe5cdf74651dc6d03b295b2135", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955015, "uuid": "429e92c7-f6b6-41bf-978b-e8c1c2c18367", "comment": "Malware payload (Heodo)", "value": "8ccfe78e60f514d1fde16158af255841141543bd", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955015, "uuid": "e4c6e757-3743-4e53-9724-fd7830414b8c", "comment": "Malware payload (Heodo)", "value": "597f7dd5e2c8b92bd235824a6c7731c3f5cc3b294ee9b284313d3d25401fe62876af48c073e0e35656d44291142713b5", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955015, "uuid": "72486682-8feb-4448-ab9d-c332af6d66a5", "value": "T101D45B11A5538073C7FB25F2CAF163B766DAAB91C72B452E02A8C07F7924E437752E21", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955015, "uuid": "08c8a4e1-4bf7-4837-88be-5503b8d3f400", "value": "c7be10fff3b5624b64714e5733abbf40", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955015, "uuid": "17e1860f-1561-44b0-9ff2-5eb32eda90af", "value": "12288:UWBpwupxl0OeL/grx+GzO+r9AjCb/XKh:Psupxa/gJ2mbvKh", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647955015, "uuid": "e1869795-b188-4739-93c0-5efd514522ef", "value": 599040, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647955015, "uuid": "6b1577e7-6100-46b8-9de4-ef79249b70eb", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955015, "uuid": "5826a4e1-ee18-46d9-9502-5e1e1ec48514", "value": "245859b1b206d55d3631bff311d52011bad6c8fe5cdf74651dc6d03b295b2135", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1b35cbeb-a9e2-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647954912, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954912, "uuid": "604febde-9e34-417e-bdcc-7f2e8b3a5b85", "comment": "Malware payload (Heodo)", "value": "99b816edc871d02c20ecd723779b8c33", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954912, "uuid": "a719f041-f3f2-439a-82b8-2936306b5120", "comment": "Malware payload (Heodo)", "value": "248997bf1a90e991d123ab5889f77319b65cc1f12b3fe33e39ac37a71c983c64", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954912, "uuid": "96621c5e-835b-4505-83a9-30cae6d50076", "comment": "Malware payload (Heodo)", "value": "807502a1f64de3d613531dd60be15acbfa06b493", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954912, "uuid": "81559f61-5155-47f2-a865-06765065c62a", "comment": "Malware payload (Heodo)", "value": "579051ddf45ba4d3ebe71dc75d9809e0821067b2b6f0ba1e6b93b8486752b015f86095267850349c168b66c0f5062232", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954912, "uuid": "d18a05ff-10fa-4eb1-b1d8-98d21e0ddd41", "value": "T174C47D1173C390F0C6576578840FE615AC7BB83C6B18857EB14B62AF4BF78909A346FA", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954912, "uuid": "b87dd08e-3009-4dfd-ab22-52a72f32a570", "value": "c7be10fff3b5624b64714e5733abbf40", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954912, "uuid": "9f2cb21a-fed8-4f7f-987a-dd0cea9bb6c9", "value": "12288:S54yM33d3q3Z7BogWreNmF+U/9JckIAGfUeb:SKh3831BoQN6+ADckbeb", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647954912, "uuid": "2c82ccbd-2259-41d3-be11-dce81c35a091", "value": 580608, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647954912, "uuid": "a1124d2b-46e5-41e2-964e-1642099981c8", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954912, "uuid": "010819c5-1c3b-49fb-a980-df437b3e24af", "value": "248997bf1a90e991d123ab5889f77319b65cc1f12b3fe33e39ac37a71c983c64", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6a200643-a9e4-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647955903, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955903, "uuid": "79bb71e8-9b5a-46b6-bcf1-7961b120dd24", "comment": "Malware payload (Heodo)", "value": "2f11629e3ba91201da9931def85fe1c3", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955903, "uuid": "5653589f-a574-449f-bc1e-16cb7c98bd5a", "comment": "Malware payload (Heodo)", "value": "24d66a8fb85baf8273efa618dc1a0411d1203787688c03e1df3e35bff0997a87", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955903, "uuid": "173da3ca-b4d6-4df3-8dde-c3857996e854", "comment": "Malware payload (Heodo)", "value": "5e32ffe0daad6c8e4363bdb6ed9b2aa17856bdbf", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955903, "uuid": "31cdd691-ea50-46ba-bd0a-b8b56e579078", "comment": "Malware payload (Heodo)", "value": "f38b90d207b7f82d6c2e861e1cac4064abf77eeff2275e7357a170230dac3684e8d0e74ed9801cd199292717d3c59184", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955903, "uuid": "5b90722f-c6f5-41b4-81ca-63b7d74da910", "value": "T18CD41B017498F0B3E38918B04A858AFB724B5DB296117073F2ED378CA7725F15CE766A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955903, "uuid": "54632a62-67c8-43a8-8bab-09fbb50516c8", "value": "b193e4975b360aaa9ff34a6f93823ae8", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955903, "uuid": "d5153f47-c7a0-43ad-b1f4-a11cadc76f30", "value": "12288:pao0Se86lloPxHHVVIjqxEqRVoQmiIII999tLLLdAkkJoFLZZWbClgluPcRBATfb:AqxETMJ777u3OmONFqNJtN1v96TOAnj2", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647955903, "uuid": "4a690c71-b300-4096-939a-a6252a3ef35c", "value": 638976, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647955903, "uuid": "a810a065-709d-48c3-9992-ef822a198383", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955903, "uuid": "46511d47-a851-4be8-9eba-a9f8e6a534a5", "value": "24d66a8fb85baf8273efa618dc1a0411d1203787688c03e1df3e35bff0997a87", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "13fdce41-a9e4-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647955759, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955759, "uuid": "6fcdbc37-7dd3-4d29-ad4f-0607aed47e85", "comment": "Malware payload (Heodo)", "value": "98ae5f4dc459224ef7b4bc9a40b39e1b", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955759, "uuid": "8dced91b-e4c5-4b86-a915-e8a814ea9561", "comment": "Malware payload (Heodo)", "value": "24e519090172a42bd49d39aff33212595b6c4ec2bf269701a1eeac0b766b18e9", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955759, "uuid": "310d2cfd-165d-4dbd-aa5a-7857d637b4f5", "comment": "Malware payload (Heodo)", "value": "14a0f71b2ca9237c81b71bfb39292611a6369bf2", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955759, "uuid": "b6f08e78-07c7-4aa3-a32d-fb89524ef03c", "comment": "Malware payload (Heodo)", "value": "a43e53c021b2c918e78f9904cc1e739cf07c5876243514ea82e1bfbc4a29361ea0b3651265941b9b16aef763b3d9c038", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955759, "uuid": "2bc19203-5fe9-423a-850f-f169a75d4132", "value": "T1A7D41A30BD5BF0F8C48A1BF46A05CA59620B7EA05625B0A372EE774D6F321334D39796", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955759, "uuid": "1a375a93-0055-4091-a494-31ad922a6499", "value": "b193e4975b360aaa9ff34a6f93823ae8", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955759, "uuid": "64ecaf1e-dcb1-4459-846e-444ac9db6fb5", "value": "12288:ZxpNJJJ2NHPoczJsOtIhxf3foRXIa5EPwvA:Zx2gczJsFf3fnaFvA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647955759, "uuid": "e0b1f102-bb94-4c08-954e-8fdf8f02b53c", "value": 618496, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647955759, "uuid": "3013e191-e4d6-4a99-a5bc-6494e67caf4a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955759, "uuid": "16633ce2-7254-4e07-b8ea-aae273c8c0f6", "value": "24e519090172a42bd49d39aff33212595b6c4ec2bf269701a1eeac0b766b18e9", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8cefb1b4-a9ea-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647958539, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958539, "uuid": "af9f6d92-1986-4a53-b134-b4a2402a243d", "comment": "Malware payload (Heodo)", "value": "d5d5bd494e5bcaa742233067ff3f18d5", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958539, "uuid": "d33e854a-de50-459d-90a0-879a67014a59", "comment": "Malware payload (Heodo)", "value": "259136f61061c567958bc24e4f2ef1c676346b34f2d88df2c1af5e5772cdfe66", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958539, "uuid": "d54f26e1-be14-4a4a-a343-d395d0546e5b", "comment": "Malware payload (Heodo)", "value": "c889d3e7ea426f74f6cc9192654ae91d8806cfeb", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958539, "uuid": "93debe6b-00d2-4619-bc27-ef852c1bf2e4", "comment": "Malware payload (Heodo)", "value": "4f08c50c87332041aeae7829f1d4ef40cb87df58d5f6318358978465d139755346688cc0eecd33946aa8d685242bcef2", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958539, "uuid": "3c37ad48-0bcf-4654-9306-e4a6a758a529", "value": "T1D0059C596B46C0F2C3B53CF0182A42B11D9AFAF2C7B7023B9E84167D9A70DC17768D5A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958539, "uuid": "e316b6da-f041-4bf1-aa4c-1df2b42e3b1b", "value": "cd97bd977cef263c697f451ae2c47380", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958539, "uuid": "c244eb9f-c251-4f49-b1c3-a3d2e767e6e1", "value": "12288:V20BXOMcVzpWfmmnDD9X5P8fMYsvFE6NKGfLjx8QvbxafqNPOd4jy:V9XOMc1KmmDpX6svFEDGloyNPOO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647958539, "uuid": "4f86077f-0727-469f-83a3-974b96939503", "value": 799232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647958539, "uuid": "71c9f4d7-6db0-4a6d-b64c-3614a3e11931", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958539, "uuid": "84be3d63-0f49-4310-bfd3-68c696d0a1ba", "value": "259136f61061c567958bc24e4f2ef1c676346b34f2d88df2c1af5e5772cdfe66", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "04609974-a99f-11ec-9275-42010a9c0029", "comment": "Malware payload (RedLineStealer)", "timestamp": 1647926097, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647926097, "uuid": "6801cafa-1f6f-4e05-900b-d20420f28ebc", "comment": "Malware payload (RedLineStealer)", "value": "92c4cfba825f7390ff8540abb69ab02b", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647926097, "uuid": "6cf47fef-48bf-4475-89fe-f6a54a17f881", "comment": "Malware payload (RedLineStealer)", "value": "2608bf856e36a1a4c624ab9c18eea5f587941fed7d0e7253973bf1054a03699e", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647926097, "uuid": "6a7ea8c1-8449-4b94-ab30-6990765f9fc2", "comment": "Malware payload (RedLineStealer)", "value": "5c4fd325d5e83241dfd50dd73859a2e12f477f08", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647926097, "uuid": "1f23359f-6cce-4695-a65e-5ea4e2a47a0f", "comment": "Malware payload (RedLineStealer)", "value": "e783bf0b0046178dd72cc5a5422e5b3c4dc2f534a1368bf4d39b3a0342012e31cc431b094c31e7b2b5983e59e286a6b9", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647926097, "uuid": "e2e9bde9-8aaf-4755-9d80-1f0417eb50f3", "value": "T129363396AAC44F4CD3B20DBA38D7095A3F2E4F26DDD0EE9F81692890D5D05E06C548FE", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647926097, "uuid": "c30e7e8a-d63b-4578-ab7e-5569688e7bad", "value": "fddc083fa31a17c938d0a17ec7cd3025", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647926097, "uuid": "78edba02-2b0f-4fdc-a029-5c0a51dfc98b", "value": "98304:sDvjC1aNNyNQ17uUFkh5tmg2YX8DP/3MuVofKEAUsGlb1ENOn+KfHA1v5wEhlA:ujCO717uUFkhq86/3oKEeGlO0+77vh+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647926097, "uuid": "94c7b8e3-732d-423d-bc64-5d6eea84bb47", "value": 4872704, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647926097, "uuid": "61da234e-19c9-4421-8056-a7dd00b39187", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647926097, "uuid": "408ed2d3-7ea0-42e8-9617-8199dc085c08", "value": "47217982.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6613ff5c-a9ea-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647958474, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958474, "uuid": "0272daf1-0350-4f50-8c71-103768acfd98", "comment": "Malware payload (Heodo)", "value": "d9e684a16286c9f7b31c033b238e8812", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958474, "uuid": "7f1c9051-4738-4e1e-a002-56939fac5a1b", "comment": "Malware payload (Heodo)", "value": "26251f520133a582f58182a253cc0c7e1369a94d3aa9941b47de970f7c5b403d", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958474, "uuid": "1ec3e01c-4791-485b-9ec2-9d679459c004", "comment": "Malware payload (Heodo)", "value": "7c34f57fbef8a9f5512d72822401907c98c7b828", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958474, "uuid": "100e31cb-66ea-485c-ad13-e52ff73dc44f", "comment": "Malware payload (Heodo)", "value": "efd3c897551f02c0fec55827de7684317b45ad4966f77b4548bbfcc6f2ce29c2543579270a90509e56288942e61adb23", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958474, "uuid": "86605d55-8632-42c2-ab3e-ba2760454efc", "value": "T1E2059C596B46C0F2C3B53CF0182A42B11D9AFAF2C7B7023B9E84167D9A70DC17768D5A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958474, "uuid": "8fe63d3a-daca-427b-8ed6-f843044d39ad", "value": "cd97bd977cef263c697f451ae2c47380", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958474, "uuid": "ad56624b-5d9a-48b5-ab27-3e520d2941ac", "value": "12288:V20BXOMcVzpWfmmnDD/X5P8fMYsvFE6NKGfLjx8QvbxafqNPOd4jy:V9XOMc1KmmDjX6svFEDGloyNPOO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647958474, "uuid": "42d077f2-fd28-4d49-a74e-00eb7563fe4a", "value": 799232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647958474, "uuid": "1eabf7cd-e429-44ff-a356-cca9e6363992", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958474, "uuid": "7b530110-14fd-46a9-8acf-beab3ba479bd", "value": "26251f520133a582f58182a253cc0c7e1369a94d3aa9941b47de970f7c5b403d", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cb1c2537-aa3a-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1647993003, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647993003, "uuid": "9e2db3a4-8437-496f-8573-462402d51510", "comment": "Malware payload (Mirai)", "value": "493d2629fa99b6e30ac2b2d6b4edfad2", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647993003, "uuid": "1ec72ea0-877f-484e-8981-cef34ef4ed61", "comment": "Malware payload (Mirai)", "value": "264904580baf8435ea942a35710ecf7a0f02239edff6818ec25f83abfff23392", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647993003, "uuid": "c5400973-abbe-4b7f-915f-97abc33cd2c8", "comment": "Malware payload (Mirai)", "value": "acb26eed82f55b876c9997482a03ee9d41e0463d", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647993003, "uuid": "10905f2c-73ee-4bd6-a5fc-605e5c33f667", "comment": "Malware payload (Mirai)", "value": "1dcee768c1d63ea2f504834a6d837c99a50564311b8714027fbc5401f3899cf8258f1c51d1a00236e838f819a80d2125", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647993003, "uuid": "b3d493bc-5eef-4e69-868c-ebcc940c0fc2", "value": "T10DB2E0D9D6EB1BC3C291D336D0BC5A4DA6732AC10346440B1109768EA79760E9BFF3A5", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647993003, "uuid": "e40c20e8-059b-4254-a79c-ff7d2224c322", "value": "384:MCDKKQOcRpmYLdn6RBOFRFt5rUFW10iSelCo3AnupPFNqnrrd1NEZgO8UXWozPLS:P/QOC0Yhn6ROHWFGrcwNVFCnNBxcpc3", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647993003, "uuid": "e661cb32-e026-42ba-82b3-80f556bdfffd", "value": 24728, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647993003, "uuid": "bfa4af3e-d7de-4c8b-ae5c-e407e25fdcb9", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647993003, "uuid": "740fa4c0-cfb5-48f3-be94-10ecd02cc9f6", "value": "sora.x86", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "29d8df01-a97e-11ec-9275-42010a9c0029", "comment": "Malware payload (Babadeda)", "timestamp": 1647911987, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647911987, "uuid": "7b94860f-728d-48cb-8120-876c8a638cdf", "comment": "Malware payload (Babadeda)", "value": "e2252350878e798e6fc569adde6a9815", "object_relation": "md5", "Tag": [ { "name": "Babadeda", "colour": "#2F44B8", "exportable": true, "hide_tag": false }, { "name": "BAT to EXE", "colour": "#0F856A", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647911987, "uuid": "7d3a4ae7-8754-40f3-86f1-18a429b18bc1", "comment": "Malware payload (Babadeda)", "value": "266a45969422bf72c70f51789a21f70f175f12a1e8b387b0dfcf6bf3f71c68e4", "object_relation": "sha256", "Tag": [ { "name": "Babadeda", "colour": "#2F44B8", "exportable": true, "hide_tag": false }, { "name": "BAT to EXE", "colour": "#0F856A", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647911987, "uuid": "835c65c9-89b9-429a-89ed-afc3fd152c89", "comment": "Malware payload (Babadeda)", "value": "177f283892f0571ae64c8b23ba156491295028d6", "object_relation": "sha1", "Tag": [ { "name": "Babadeda", "colour": "#2F44B8", "exportable": true, "hide_tag": false }, { "name": "BAT to EXE", "colour": "#0F856A", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647911987, "uuid": "d38231f4-ba90-4ec4-a9b4-374955158edf", "comment": "Malware payload (Babadeda)", "value": "a3da5f613ac7fbbef34a3624886c3b59f8408878fbf064bf0d401bf0741fe4eefd76324ec5652ca37d652938f8a36130", "object_relation": "sha3-384", "Tag": [ { "name": "Babadeda", "colour": "#2F44B8", "exportable": true, "hide_tag": false }, { "name": "BAT to EXE", "colour": "#0F856A", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647911987, "uuid": "a7f68d4a-7c27-4479-931c-b9547375528c", "value": "T1A9840150E2D445F3EAE2083202F5E06BE838A399AB54DDD7D39D78414E927C19B393F9", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647911987, "uuid": "a420020d-121c-4894-8b28-84a65b45befe", "value": "5877688b4859ffd051f6be3b8e0cd533", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647911987, "uuid": "4213b693-20e9-458a-96d3-51882099f4bd", "value": "6144:2zBkLL2NTBwqHpwUL/abfsjzpI2ZS+WpGUs+bx3OSiwIRuGM9ICDwTtaRYg8Vy:2KyNTWqJwuaGzpIflGQd3OlwIRuvIWbr", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647911987, "uuid": "94e204e2-308c-43ee-bd5b-05089d881f6e", "value": 379800, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647911987, "uuid": "2c0e7033-baf6-4741-864f-601d856ed326", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647911987, "uuid": "86860b42-c657-4a8a-b7dc-340530e2b707", "value": "42499798.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0c28132a-a9ea-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647958323, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958323, "uuid": "4f52aff3-ff21-41d3-b09e-8fdd04572da6", "comment": "Malware payload (Heodo)", "value": "48ee1ccea099521ef8ab600996d431de", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958323, "uuid": "f8b2ffe2-aa44-46a5-9dd9-edb6124e4809", "comment": "Malware payload (Heodo)", "value": "268aa1e2fe151de8387ce4b4e052fd974612988d0843d6026529e0aa5080c0a4", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958323, "uuid": "53adcfbe-c514-432a-8c84-eeafcac5ec8f", "comment": "Malware payload (Heodo)", "value": "cc314097857c2a05f723985761a5affd253a0770", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958323, "uuid": "acf03812-ab97-4848-a295-f7627331673b", "comment": "Malware payload (Heodo)", "value": "03bbb8fe8bdfc3c3a70f9b477653e0a74de5c0e9746f17494569d0f74837cfb8cdccd3ef1121bc15eb85068359012bd8", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958323, "uuid": "60b488b8-c871-4ac1-b9de-15e25ad6c232", "value": "T155059C596B46C0F2C3B53CF0182A42B11D9AFAF2C7B7023B9E84167D9A70DC17768D5A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958323, "uuid": "30985e06-700f-421b-b301-9bc1ff9db685", "value": "cd97bd977cef263c697f451ae2c47380", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958323, "uuid": "ca1628cc-f4c8-48f3-b4f1-667a0339264a", "value": "12288:V20BXOMcVzpWfmmnDDHX5P8fMYsvFE6NKGfLjx8QvbxafqNPOd4jy:V9XOMc1KmmDTX6svFEDGloyNPOO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647958323, "uuid": "45d47a7f-b3d5-4140-8a46-4b8cb7934227", "value": 799232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647958323, "uuid": "cbfec2dd-6f40-4f42-8c1d-760f150e1433", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958323, "uuid": "75cd5a84-8d26-401e-aba3-7c4a4442b65f", "value": "268aa1e2fe151de8387ce4b4e052fd974612988d0843d6026529e0aa5080c0a4", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c6e0a4ed-a99e-11ec-9275-42010a9c0029", "comment": "Malware payload (RedLineStealer)", "timestamp": 1647925994, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647925994, "uuid": "aa29ac07-0338-41f4-8950-9401ddcd7157", "comment": "Malware payload (RedLineStealer)", "value": "934b6b6471c81cb67b689d9532cbaa3e", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647925994, "uuid": "6ed0f6c8-b106-4a25-9706-112c62d9ba0e", "comment": "Malware payload (RedLineStealer)", "value": "27171b009f93cbf3d7eec7fd6cf34c57ce449a362823b30a54013d4bf4bc0e02", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647925994, "uuid": "3c16cb0a-1488-4587-aff5-b4698d3c6dfa", "comment": "Malware payload (RedLineStealer)", "value": "94f6cb8e8a8bcbfb21e4963acaae3db5222cb764", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647925994, "uuid": "07308d40-c066-406d-8d2e-8c30e1c2de31", "comment": "Malware payload (RedLineStealer)", "value": "0281e7af81f4d80e7493f08a4ff4373829aebb8e2a797d22bf5a512a62c85a395f421213b3dc6aae37ad28603340d7bb", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647925994, "uuid": "30324a58-47cf-43b9-9597-a9055c2b8ee4", "value": "T1412633C4F2E430A2EE4F5276F7592702D31496017A8E162427E857EBE2DB473C47ACA7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647925994, "uuid": "801bf7b9-c87e-4910-8e06-82d6e7a8af51", "value": "7dc28ef949f54ad98c715895ecc34cff", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647925994, "uuid": "e6609568-a5bd-4e41-a2fc-2a717ae7606d", "value": "98304:tFCwm3YsKYE4lFy2VzWkDNqMQudXY+wBRSdzzYhS:tFyosHEC9rQ+eBIdzzYA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647925994, "uuid": "5dc6004d-fdcd-4a18-96a5-abaef24396d4", "value": 4536320, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647925994, "uuid": "d813c52a-f55b-4689-83c9-8bf0b4ac2d00", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647925994, "uuid": "946c2d78-0e47-4a4f-ae06-083a3aaf2ab6", "value": "46707209.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0ada4de1-aa0b-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1647972494, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647972494, "uuid": "ed572dd8-c5c4-4f6b-b983-8cbd68fcdea2", "comment": "Malware payload", "value": "4ab3be6b29182e85788f12eafb470a7d", "object_relation": "md5", "Tag": [ { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647972494, "uuid": "ff8bb25a-ee95-462f-94a3-74fa24fd6de1", "comment": "Malware payload", "value": "2760f74498e3bc3911e6be6d0228d79e85d6e3720e366046a85c128aab587cc1", "object_relation": "sha256", "Tag": [ { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647972494, "uuid": "aa055138-bf0f-46d7-a35b-d6ee6e507b93", "comment": "Malware payload", "value": "416a752c584a8fc7d6fb55c9c7aeff37b145e23b", "object_relation": "sha1", "Tag": [ { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647972494, "uuid": "44529961-f5d5-4bda-b34c-47e603becc26", "comment": "Malware payload", "value": "167a809c7e54d4d5578b1e0aa9dfd062497c88a2b5c35247a4834d2afebbbd5331eb73574da0ed8374faaff6106e834a", "object_relation": "sha3-384", "Tag": [ { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647972494, "uuid": "31e91fa4-7453-4390-a8f2-653d81de9166", "value": "T1A604024AE67D336AD7219F36EC1C9DA22D3E8CF19459A14F22E7B12D6331C803647B25", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647972494, "uuid": "d3019b3f-585e-4290-8acb-e97e2a4a4908", "value": "3072:eJJpaZuuE/hNJ4bamh43Dv0Tp5J/gQnGQ+k5kgBjUiV+68pNNhxD++MAZrVoPnFK:uawfhj4bd4QTp5J/3Kk5kalY68pjhR+S", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647972494, "uuid": "45abda81-afd3-4a1c-b054-4f9b70ec768e", "value": 186504, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647972494, "uuid": "f9af0aa2-a1c5-448d-b3e4-4ba517638b3a", "value": "application/encrypted", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647972494, "uuid": "22cc6fab-cc7c-45f4-b852-e0dcc17938ff", "value": "SOA FEB'22.xlsx", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f2d51230-a9fe-11ec-9275-42010a9c0029", "comment": "Malware payload (RaccoonStealer)", "timestamp": 1647967300, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647967300, "uuid": "d56286ee-64f6-4aff-a808-5893de573f5a", "comment": "Malware payload (RaccoonStealer)", "value": "bbfcde1ab0fc199004988daa2dda9ce3", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647967300, "uuid": "f1144afa-e342-4c83-83b2-74865fe1213b", "comment": "Malware payload (RaccoonStealer)", "value": "2766b8092ec9d6a8cf04b83100613068ea365b7142751245864506e0d67c1bd0", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647967300, "uuid": "fa8bccb9-fc7a-44ce-8757-2c73db4a8083", "comment": "Malware payload (RaccoonStealer)", "value": "c4d384a930d25c5659120514a313b78e1340ba44", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647967300, "uuid": "de749f5c-45b1-4d73-a889-527c3dfda8fc", "comment": "Malware payload (RaccoonStealer)", "value": "0d1bad3d62c9933bf9b80ef46c3e160b2867f09de97d1afb7c368e924f781e1ddcf3b12ad22664f84749274786d2945b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647967300, "uuid": "67084ed8-35bd-494a-8cce-fd94ff965e92", "value": "T1F9B412117BB1D476D285B4393011C2306A3AFC726875CA6A7F86176E2E30FD9AB72707", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647967300, "uuid": "2a8a2128-9e62-48d6-ac67-de946c187f6d", "value": "b5c3ea6ff48d8dd547871439130af918", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647967300, "uuid": "dafae12b-8d53-4302-9f51-020ba98091da", "value": "6144:GJ0gt3GxNTDHRwcMYlKCE6C3EojNS5EWBSmT+uvPZNvSsWatdgSXZSxh:2rt3GxJzaHYU6C0QWAmvJNvSVOdLps", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647967300, "uuid": "adc88570-9f12-4740-adf0-3e8d0281a4b5", "value": 524288, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647967300, "uuid": "f175b1b9-dba6-4cda-8d5c-cf6899244662", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647967300, "uuid": "9d51e11a-b291-4d51-bb02-c024d755861e", "value": "bbfcde1ab0fc199004988daa2dda9ce3.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c452764c-a9e2-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647955196, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955196, "uuid": "06b19433-5591-4ca4-8f3d-966587dddd7e", "comment": "Malware payload (Heodo)", "value": "a6de770e3387af0e1ed5d81e5f805864", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955196, "uuid": "29bc8449-08ca-48db-a6c9-cc00227e2228", "comment": "Malware payload (Heodo)", "value": "27c559158daf985f765923f83f04f7023c9226d12e574ef82b02e92eb16f3b8d", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955196, "uuid": "a5a74992-7f4b-4269-8668-ab629e8426ca", "comment": "Malware payload (Heodo)", "value": "2cd085070a13d3f06bdc7f121bd283411c80b963", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955196, "uuid": "7eb244e0-4905-4fa7-b8e3-cc7705e0a6a4", "comment": "Malware payload (Heodo)", "value": "0da4ab8fb3682178263e51175b05b1f0ddf6909da602504f2193fe731a8dd956bd6ffa176d59d3f46d9e3bd6bcf69665", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955196, "uuid": "5eb765ef-c9ff-490d-b3eb-296ea98f1af4", "value": "T13DD41950735AE1B7D0429CB58D1A82B5A90F6CA14A2471F3BBDE371DEB789B017213CB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955196, "uuid": "4f07d41b-76ea-451d-a9bc-21481a6aeb77", "value": "463401f61c44b0d918f1e23374db995b", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955196, "uuid": "acb368aa-4523-481f-9a76-5b32a421f3bb", "value": "12288:DjN/Z2wkRrA9CRDCMElAjHDsndSyHOrNvEP0Oua:dEHR+CRIyfsMyHOpJL", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647955196, "uuid": "6484608f-136f-4d8c-953f-cfd31592c7d7", "value": 613888, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647955196, "uuid": "c4a26f87-59c4-46e8-aafe-a4675b48c99b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955196, "uuid": "d48fba67-b242-4d4a-a005-1b202797ea88", "value": "27c559158daf985f765923f83f04f7023c9226d12e574ef82b02e92eb16f3b8d", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c6e47372-a9e2-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647955200, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955200, "uuid": "953952cd-7b6b-4263-9233-d68e06562f08", "comment": "Malware payload (Heodo)", "value": "1c35c0853c87bbe3b05379e3816634f3", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955200, "uuid": "fa2739c6-581d-4ab9-bd85-c6630601ae78", "comment": "Malware payload (Heodo)", "value": "27f1341698acfb787f1b8d9ffa5af209c333a5348b8763b18066480abc2dc558", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955200, "uuid": "ae2ec56c-ef27-4026-be00-3eb5e0dbf45a", "comment": "Malware payload (Heodo)", "value": "b6e33b9ddf7f3edac152d8971b997a5a8cd13a7b", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955200, "uuid": "f7a37476-6f6b-4d22-bd99-c15562f2877a", "comment": "Malware payload (Heodo)", "value": "0855d256c57555f465a59a8c3f739d14d963f9532e7056bf8d2e52bb0005ddc14e06a90e072dbf42b6f60a4079d4cec4", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955200, "uuid": "6cd537c4-87d6-4a31-8305-fbe4038c81e9", "value": "T120D41950735AE1B7D0429CB58D1A82B5A90F6CA14A2471F3BBDE371DEB789B017213CB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955200, "uuid": "376c9531-5609-49f9-b53f-e2f928d79127", "value": "463401f61c44b0d918f1e23374db995b", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955200, "uuid": "ef94f84c-7324-4973-b506-3744b88a5580", "value": "12288:DjN/Z2wkRrA9CRDCrElAjHDsndSyHOrNvEP0Oua:dEHR+CRByfsMyHOpJL", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647955200, "uuid": "3144891a-eb8f-4957-a842-aa045715ae28", "value": 613888, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647955200, "uuid": "43acdc25-013e-4902-bda9-bea0a044cbe5", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955200, "uuid": "ed51c466-6c80-4e3f-ae4b-8e5d3cfabb16", "value": "27f1341698acfb787f1b8d9ffa5af209c333a5348b8763b18066480abc2dc558", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "daf8a187-a9e2-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647955234, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955234, "uuid": "87ad0be2-9f1b-4e08-a39c-9aef27b8b2bb", "comment": "Malware payload (Heodo)", "value": "0449f027497a1b3f41f343851ac335db", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955234, "uuid": "9418aacf-8b4c-4e98-b254-2d10149c6c96", "comment": "Malware payload (Heodo)", "value": "282c79fca6396d125a02630485405a6b14b574a35cd8dda6ae5994138fb396f7", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955234, "uuid": "ff672260-4b80-42ca-b5ca-ce0c8bb9fd6d", "comment": "Malware payload (Heodo)", "value": "99f1c49686ea26b9d862a724895695fa2a38ec5f", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955234, "uuid": "4a608a5c-b1f8-4c07-980b-d4cc9ccab20d", "comment": "Malware payload (Heodo)", "value": "91cc3b34ef0ea7b8a18f60c8d244335b4154cc4ce19900d5f4faf1a273e585d1409dfabf1a39f644ad230840920506d0", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955234, "uuid": "b9c4880d-0373-4441-b418-6256e1e5e484", "value": "T144D41950735AE1B7D0429CB58D1A82B5A90F6CA14A2471F3BBDE371DEB789B017213CB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955234, "uuid": "7639025c-a0b2-49fa-b820-4999beab412c", "value": "463401f61c44b0d918f1e23374db995b", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955234, "uuid": "5ea99ce0-02da-4daa-8c78-6a7c6a065610", "value": "12288:DjN/Z2wkRrA9CRDCjElAjHDsndSyHOrNvEP0Oua:dEHR+CRpyfsMyHOpJL", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647955234, "uuid": "549560f1-5444-4b07-bd13-9bf3e111bdbf", "value": 613888, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647955234, "uuid": "94e6b0f5-5270-4271-b8a7-0d82e56ce294", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955234, "uuid": "6da8e20c-2361-45ed-b2e2-cc7d22edf9ce", "value": "282c79fca6396d125a02630485405a6b14b574a35cd8dda6ae5994138fb396f7", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "956c5202-aa14-11ec-9275-42010a9c0029", "comment": "Malware payload (RedLineStealer)", "timestamp": 1647976592, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647976592, "uuid": "d9b63a79-acbe-4b4d-b28e-ac3c9d185c88", "comment": "Malware payload (RedLineStealer)", "value": "299b400d98ec9cd5115e1d969c915bdf", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647976592, "uuid": "8122a993-2431-4e2a-b274-80b7bf87ac70", "comment": "Malware payload (RedLineStealer)", "value": "286bb7855ae2d5a4963f4cefb78127cedff7ce7755e6da993be7c45c76676dd9", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647976592, "uuid": "f35120f2-8504-4df3-8d09-0255b7c4e2c0", "comment": "Malware payload (RedLineStealer)", "value": "2a53cd1d2380ce1115fcf891a8f9f53a5f6f6e65", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647976592, "uuid": "adfbee44-cc7b-45e4-a379-71ac8c21ee8c", "comment": "Malware payload (RedLineStealer)", "value": "64d63db24b77289d726a84c8a874b4e917d5bf3a166e714bccb9c4f44cebf0326e17491b7a71fe827b0b09c9af479e6b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647976592, "uuid": "aedab2b1-a9a3-483e-b201-3612ec5a5f9e", "value": "T113B4C43439FF9019F173EF75DAD87896DAAEBB633607E91D208103864A13B42DD8153A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647976592, "uuid": "df48cb47-2c6f-46dc-9682-f4fd6e7be8f4", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647976592, "uuid": "7b9abb9f-8a1f-400f-a9b2-520e48e34ec0", "value": "12288:3sp3TsUOzMnYlyxzlzl17PCWBYycd7K3HBBeVzM:3sp9gMnkEeKL", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647976592, "uuid": "a6f4c276-b501-46c3-85ff-8a71956681ce", "value": 502272, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647976592, "uuid": "d008a22e-0b09-4fec-8cb8-893d28b1fe97", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647976592, "uuid": "5bcbed03-bc9a-49e1-9f38-ac1a4e7962ed", "value": "51396197.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d40a89bc-a9c5-11ec-9275-42010a9c0029", "comment": "Malware payload (Loki)", "timestamp": 1647942767, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647942767, "uuid": "10c63562-8990-4453-9bd5-5af2b85f3282", "comment": "Malware payload (Loki)", "value": "17d67caf8b324b269f246a8a2efd081f", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647942767, "uuid": "016dfba4-5fb4-4d29-b922-c311ae4b8f7b", "comment": "Malware payload (Loki)", "value": "28888617c365a573886c81406a85e3d3d770cbb82031f9320b795cb259a3a54d", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647942767, "uuid": "3ef7602d-0ef8-4495-9930-5afb60db59c0", "comment": "Malware payload (Loki)", "value": "0404276b8dd1ef373872a030a19b2ad4e7b93b5d", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647942767, "uuid": "b723356c-6b3d-4f70-93ab-8297ea86d3f6", "comment": "Malware payload (Loki)", "value": "15f43c8e1cd943d14fb89a1b3785c84462da6890d6ff2c9cd421fc01b9b1918ef5e66a03c907afc5260daa01ffe40fbd", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647942767, "uuid": "9b6ef7fd-f56e-4aba-9f85-188ff5560208", "value": "T11054121695A8C837D6612D32AD72B3BAE7B4D7885602460F87B40CFA7E905CB097D382", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647942767, "uuid": "71579f5b-8a78-4edc-88d0-a4132d12142e", "value": "7fa974366048f9c551ef45714595665e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647942767, "uuid": "57fa33bf-b41e-4555-ad1a-21cb69e2a488", "value": "6144:rGi9z7a99E45ESKph3XfPERmQEvVz8d3iLTdCqADs4TIA84sWd65:S/2SKT/PERmQmzWSLTdCbDsJTuq", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647942767, "uuid": "12ab0c27-9b22-4f74-b85b-8146d782cfeb", "value": 305457, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647942767, "uuid": "a57bb7aa-df28-4571-826d-e73f8533d606", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647942767, "uuid": "2d99388d-a0ee-43e7-817e-c73288e12317", "value": "2022DT_PO2220_SHP.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "16b75106-a9e4-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647955764, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955764, "uuid": "5ee4045d-ebbc-436e-b615-90719010e701", "comment": "Malware payload (Heodo)", "value": "af0e8734f625966812c271843551e94d", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955764, "uuid": "d680ad7d-bce0-4243-bd69-3fb30172c604", "comment": "Malware payload (Heodo)", "value": "28b22e4748ed6c90065265fe383e0c06c0892ff6d1e31095d645d29cc435ae84", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955764, "uuid": "2dc3344e-81fa-491a-8845-7e7f36292620", "comment": "Malware payload (Heodo)", "value": "cd4673d61f73d5711f47dbd3beea058f4ac7224a", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955764, "uuid": "b5426e5a-a41c-4ec0-be60-f3ceb1877185", "comment": "Malware payload (Heodo)", "value": "24c9b9f7da42910389a85872070dbaf8efed859a90e4ebf9f6e1e5abf077e3bc17fbb3ce1f9501bcf6e74f517529dad6", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955764, "uuid": "95fc297c-f946-4ac4-9750-382980535ea6", "value": "T18CD41A30BD5BF0F8C48A1BF46A05CA59620B7EA05625B0A372EE774D6F321334D39796", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955764, "uuid": "f44c32ae-1334-4968-8022-674ff7312ed6", "value": "b193e4975b360aaa9ff34a6f93823ae8", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955764, "uuid": "5abe77b8-9a24-4a2a-8a87-c83ab58592ad", "value": "12288:ZxpNJJJ2NHPoczJVOtIhxf3foRXIa5EPwvA:Zx2gczJVFf3fnaFvA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647955764, "uuid": "14f81994-3b1b-423c-9114-c8eada8b6a4f", "value": 618496, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647955764, "uuid": "7fe9a1fb-4467-44c5-81b9-549c0a762e42", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955764, "uuid": "c386b9c0-16b4-4dd9-b2b0-c4f4d57b83c7", "value": "28b22e4748ed6c90065265fe383e0c06c0892ff6d1e31095d645d29cc435ae84", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fa97601e-a9e2-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647955287, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955287, "uuid": "144f72c8-a255-4c91-ae4a-1d1db4417cdc", "comment": "Malware payload (Heodo)", "value": "ac2e6278c714f62e722bdc03b7bb6e08", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955287, "uuid": "ce203ae1-c243-488e-b75f-283071605739", "comment": "Malware payload (Heodo)", "value": "29052ef5964ba718b0229104e87543f8cb9675d6f2555b23b22e36f4e7adc90b", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955287, "uuid": "61522ae1-7ed6-4c64-a472-31bce56ad210", "comment": "Malware payload (Heodo)", "value": "85d20a306808b2cc7d1d6df1198e53b2991856d3", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955287, "uuid": "414f581e-f7ee-492f-9d0d-368f2d44cd08", "comment": "Malware payload (Heodo)", "value": "3e6ddeca32479db07133a223949363ee35b21e267af7c0c4913938275ed99fea0fe41713d235b2214cbb7e1207d21a68", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955287, "uuid": "bb158ca0-9435-4a2f-a4f1-521f7c27449b", "value": "T197D41950735AE1B7D0429CB58D1A82B5A90F6CA14A2471F3BBDE371DEB789B017213CB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955287, "uuid": "b4ac542d-e9c3-4e3e-b327-8b97cfca7827", "value": "463401f61c44b0d918f1e23374db995b", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955287, "uuid": "2a48f0cd-88df-4250-ab7e-6218ae2f7505", "value": "12288:DjN/Z2wkRrA9CRDCpElAjHDsndSyHOrNvEP0Oua:dEHR+CRzyfsMyHOpJL", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647955287, "uuid": "0d4d6948-8da2-4b28-8181-97a25b5dcc36", "value": 613888, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647955287, "uuid": "f9583b5f-3ea0-4b66-82f3-a6f8c997ab0f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955287, "uuid": "7b5a9d00-0540-4367-9211-b41ed14a4f2f", "value": "29052ef5964ba718b0229104e87543f8cb9675d6f2555b23b22e36f4e7adc90b", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fd76c321-a9e2-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647955292, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955292, "uuid": "29adae58-9ccc-4402-9654-49c8ee47d9fd", "comment": "Malware payload (Heodo)", "value": "0e5e0d871efaa76a54a350ff70374773", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955292, "uuid": "917c0420-c73a-493b-aff0-01a101ab1f58", "comment": "Malware payload (Heodo)", "value": "29203cf2887a3cefb2f02e83087827d724a558ba051178c7de94539b0592551b", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955292, "uuid": "a5f2eee1-fb45-4097-b954-855883ae413e", "comment": "Malware payload (Heodo)", "value": "e4f2fc0adfb77bf3ff9f668f92145abf8bfe1453", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955292, "uuid": "d58a3c60-6a10-49df-a882-264b2c5ca095", "comment": "Malware payload (Heodo)", "value": "7794ef22b2ec8030b7331913ddcabc758dbc3ee4fa972db6eac9eb73f84cca586d9d4e043f982ae5ff765befa84b0cd7", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955292, "uuid": "90812b63-c3b6-4248-b23a-2a31d0aa4181", "value": "T147D41950735AE1B7D0429CB58D1A82B5A90F6CA14A2471F3BBDE371DEB789B017213CB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955292, "uuid": "44b58055-f793-4505-baa7-b4f99195754e", "value": "463401f61c44b0d918f1e23374db995b", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955292, "uuid": "b20157d9-01e3-40c7-937b-eb3355563be9", "value": "12288:DjN/Z2wkRrA9CRDCDElAjHDsndSyHOrNvEP0Oua:dEHR+CRRyfsMyHOpJL", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647955292, "uuid": "dbad9115-7438-40a7-b204-fe0ba28bbceb", "value": 613888, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647955292, "uuid": "9b7ed840-8b6f-4555-ac15-993c07f90f97", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955292, "uuid": "69053226-cd69-4242-be49-09785279bf69", "value": "29203cf2887a3cefb2f02e83087827d724a558ba051178c7de94539b0592551b", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "dd97b1ba-a9e2-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647955238, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955238, "uuid": "f8c1986a-3b8a-49aa-9e97-953657a63563", "comment": "Malware payload (Heodo)", "value": "4c2638d7b3576fa6263420278bd950f1", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955238, "uuid": "d9288a17-3bd9-469e-9d86-3a30ab54860a", "comment": "Malware payload (Heodo)", "value": "292e0bd7df725b768c808e9ec00b364c563b297dd4d566fc5c2375947b4b5bbb", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955238, "uuid": "78ec98b6-0459-488f-a329-a79395315a0d", "comment": "Malware payload (Heodo)", "value": "bc40c2d2c693fc48cb9199db458ff1c7da9354be", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955238, "uuid": "0a1bc665-dcbb-4975-9acf-8d032517a7aa", "comment": "Malware payload (Heodo)", "value": "d70d891d8aa85bdc47052536208e5ea55ca3469e6e5ccc125b4d49d2d4edc2297d54f6eec199af144b8e9adb68220d9a", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955238, "uuid": "a40173bd-09fd-4721-9fc7-b0d765766d78", "value": "T1F8D41950735AE1B7D0429CB58D1A82B5A90F6CA14A2471F3BBDE371DEB789B017213CB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955238, "uuid": "f28db727-f092-48c0-b8c1-32eb8740ac96", "value": "463401f61c44b0d918f1e23374db995b", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955238, "uuid": "935593f7-dd22-4a86-8fe5-cc5f1f46d540", "value": "12288:DjN/Z2wkRrA9CRDCnElAjHDsndSyHOrNvEP0Oua:dEHR+CRZyfsMyHOpJL", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647955238, "uuid": "1e5b0efa-a693-448a-aea0-ac4e940741a1", "value": 613888, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647955238, "uuid": "f236a189-f277-4bf5-86ca-5dd67022f18d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955238, "uuid": "3715bfc4-a918-41f2-a6e8-3b15539d4965", "value": "292e0bd7df725b768c808e9ec00b364c563b297dd4d566fc5c2375947b4b5bbb", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c0e85579-a9ed-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647959915, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959915, "uuid": "d9cebd48-5695-4c13-9b6e-1bc710bfbbcf", "comment": "Malware payload (Heodo)", "value": "eada0d684824f5aa67f056fb712514ca", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959915, "uuid": "8f1671de-079c-4619-a7e0-f7f176ea62d2", "comment": "Malware payload (Heodo)", "value": "2932c019b016c082ca2e5545e8f5702a93e27eac1d76675315c2b427ed81b243", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959915, "uuid": "de263f95-b06b-4d5d-bec6-001b74044e1c", "comment": "Malware payload (Heodo)", "value": "74f06e2b6441db7a5effd6dc9867424df10b4552", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959915, "uuid": "32a6bc9d-4d9e-47ed-8937-b879a928f180", "comment": "Malware payload (Heodo)", "value": "262c7244678eb3295f690bf863d40a0922d949d7bfe549679b6681d80e55a9e957e4185fced01115f2c4420b09f38049", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959915, "uuid": "c80fc2b4-fa6b-4bf1-9ef7-b63267614487", "value": "T197B4194F1E989172F0CF28776C22FB65F1EBB8009319B8116EA81B4CFB25B715961D4E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959915, "uuid": "784e04c2-57cd-4a44-af7e-995fb1474d7e", "value": "ea66334e3c2bfce2838f2a75dde8dc63", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959915, "uuid": "58b7c177-d369-435b-95bf-c06d91bba6a4", "value": "6144:8JZToYE666spbEgoZhZO1tQI+rB7FNXtwN2B5mq8dbSNQ7dqNThMx:8v/goZoIlF/wN2PmBzdqNTWx", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647959915, "uuid": "f08ffd05-a9c9-4c88-b071-a494c1acf324", "value": 516096, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647959915, "uuid": "c5b63738-f7ea-413f-ae40-10cf01f60c35", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959915, "uuid": "e9cf6d74-4fab-4490-8bf7-e91fa5c302da", "value": "2932c019b016c082ca2e5545e8f5702a93e27eac1d76675315c2b427ed81b243", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fd0b06b4-a98f-11ec-9275-42010a9c0029", "comment": "Malware payload (Formbook)", "timestamp": 1647919643, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647919643, "uuid": "ff5279ca-7518-4f5d-8ab4-4b60973d1616", "comment": "Malware payload (Formbook)", "value": "8df829ff4c1b14e4e0ad428259e1b68a", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "xloader", "colour": "#EA12D8", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647919643, "uuid": "523af5ad-1b1b-4085-ad43-f1ff6180f475", "comment": "Malware payload (Formbook)", "value": "293e285042ed8b51e4166782005c54d1b3c20ba5f148f90b318f3c788115e892", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "xloader", "colour": "#EA12D8", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647919643, "uuid": "cb063b9f-8c0c-4115-9efe-a6435e43de91", "comment": "Malware payload (Formbook)", "value": "09699b5a45147b12b3ab15c273c2f43ea98ec910", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "xloader", "colour": "#EA12D8", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647919643, "uuid": "dbc365cd-1fc3-4cba-a2a4-7ed5c77729b6", "comment": "Malware payload (Formbook)", "value": "78e9e97909d878be9b5297b2a661d27a99a761eed44052927778112ca2f338be08ac250c4901cddf927a00490af4693c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "xloader", "colour": "#EA12D8", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647919643, "uuid": "455f7f6d-ba79-409d-a8fb-62ba80f076b2", "value": "T1A005F7AD315472EFC867C472DEA81C68FA5074FB630B4917E45307999E0E887EF940BA", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647919643, "uuid": "282888ae-a04d-4f19-b27d-e650f51f08ee", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647919643, "uuid": "ae3ca78f-aa81-4ec2-8c73-63e8bfc4d56b", "value": "12288:15AkUSw606i92W0FGBVvShd8h4ulMmEGIFwcxTQjny0psKyDfasaMj2INJpv7Rul:rhV06iWnwNTdlncsqcncEsWbn1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647919643, "uuid": "94c1d266-ca1a-4e63-8180-6b1c09d8e6a9", "value": 864256, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647919643, "uuid": "66a6685e-c1a1-4bfa-9930-2b84c688c689", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647919643, "uuid": "fc2059a2-315c-4486-b1e3-97729a20982a", "value": "LfePS4pubczviio.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "30b4eccb-aa0f-11ec-9275-42010a9c0029", "comment": "Malware payload (Formbook)", "timestamp": 1647974276, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647974276, "uuid": "9d40fd3e-4540-4a98-848b-cd2df9a6e83b", "comment": "Malware payload (Formbook)", "value": "1e972b33270948b2328da0e2205ae289", "object_relation": "md5", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647974276, "uuid": "d960b164-23e1-420f-b62b-f2467545712a", "comment": "Malware payload (Formbook)", "value": "296d23fbc62ef5094f9348399fb53743b33f3465352499abc5fb7e82734b753f", "object_relation": "sha256", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647974276, "uuid": "75946f6e-a65a-452e-86fb-2f179bab1294", "comment": "Malware payload (Formbook)", "value": "aef88e419abbfc6149d1f9b385bde95a056ccc10", "object_relation": "sha1", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647974276, "uuid": "bfb49b77-67b4-4b31-ab81-30ee8f5ec0a2", "comment": "Malware payload (Formbook)", "value": "e720354d0d9978557823a18a614b2f53ec28fb53fd68c39366635b5274d91546eb4cc320f18a7ea159eaa2beda484c21", "object_relation": "sha3-384", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647974276, "uuid": "7ecb8738-1c45-45d9-bc2f-e94f3d23ef3c", "value": "T15244013268C18B2AFAD31E36C07E3B7EE3B99E1841865B5BC71C3F70A6F91835518255", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647974276, "uuid": "5c96a94e-e581-4558-9382-a97f4548c079", "value": "7fa974366048f9c551ef45714595665e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647974276, "uuid": "4c8ed2e3-6843-48a9-a7de-0eec3f0936e0", "value": "6144:LGiz3wntBgazxzbdZ+cII5C0C3FEiX7MHIJ:3wntBg8vHII5o3Fll", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647974276, "uuid": "dad2ca95-1bf2-4a12-9ab2-9c5aa5e5930a", "value": 264290, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647974276, "uuid": "b656dde3-0d31-41af-a994-1b2a47603885", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647974276, "uuid": "f39a70eb-2cd4-4abb-b97b-3c19cdb5b26b", "value": "DHL_119040 receipt document.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d3d96bba-a9e1-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647954792, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954792, "uuid": "8feeb420-823a-4619-a477-be87a2089f72", "comment": "Malware payload (Heodo)", "value": "b93da75610e52c696b49f0351489fdf4", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954792, "uuid": "5641faff-7a29-4ef5-add2-a40932ecca9f", "comment": "Malware payload (Heodo)", "value": "2995a27025be8c5bece1a812dac5fb4c1edd1a2e0977c41d034a6afb054e275f", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954792, "uuid": "6e8bef66-034a-46c2-b264-f1c08ac2c36d", "comment": "Malware payload (Heodo)", "value": "be21050a52d576065261e2f8b4ed93932f337027", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954792, "uuid": "c5247f36-5cd3-4f8c-bd05-b8420613ccf6", "comment": "Malware payload (Heodo)", "value": "ca7e76efa00b3d9c2550f3325135b6655b02360d6654a07195d03b2ed0a7c105ad24072f48be4ee17120c58ed457c8e6", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954792, "uuid": "95b55be1-e7b1-4343-a96c-66f5cb7db521", "value": "T1D3B40706B152B13DC24BD0B96E0167A951AED9FD0BB137A3AFA813CC06A34D5735DBC2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954792, "uuid": "4835b664-da4c-45fb-a16a-f87fdb2a2911", "value": "42fe0d732d1bb90c6a7a1bcfb8ef88aa", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954792, "uuid": "5a1f4a4f-21ec-4087-b452-3a1db2cdfd65", "value": "12288:AASStHx1vVHO+1Hx54ng0p9n4WNL7XE0UdX:ecHfv4qxWnp9l7XE0", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647954792, "uuid": "8cf18f39-d4e0-42dc-a5ba-3d52abbbfcb5", "value": 532480, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647954792, "uuid": "8f1ef5d1-16b7-4a96-b50e-cfa5ba4155eb", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954792, "uuid": "95b57001-7729-4bc1-b096-61f099105e9a", "value": "2995a27025be8c5bece1a812dac5fb4c1edd1a2e0977c41d034a6afb054e275f", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ad072138-a9e9-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647958163, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958163, "uuid": "1950a4c6-af2d-4b60-a6fd-ee4603d668a8", "comment": "Malware payload (Heodo)", "value": "fbf093ae00099a9ba8dc5206cece1054", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958163, "uuid": "6928334d-e7c7-4eee-b78c-7daf5903e560", "comment": "Malware payload (Heodo)", "value": "29b7833041ecb93cea0b39e925821d1fc013f8643d74a7c0cbf1ffa6fe0f867a", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958163, "uuid": "94db9f5d-06ad-4cb3-bf37-edf27c500e80", "comment": "Malware payload (Heodo)", "value": "7ee843d393de3c7a10f75d94eaef05b45fbe8017", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958163, "uuid": "f8c0944d-1201-43f0-88c5-6bd12bf9ab3c", "comment": "Malware payload (Heodo)", "value": "4e3432b17316d4f9e23f9c2de3ef1514b4151d7b8ea06dcb99a9e2ab35f1bef03341f2b7c360642b1a5af7bb78c85887", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958163, "uuid": "bba881f1-6968-45d9-83fb-b38328bdd87b", "value": "T1F3059C596B46C0F2C3B53CF0182A42B11D9AFAF2C7B7023B9E84167D9A70DC17768D5A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958163, "uuid": "f1c9628b-f13e-4909-a07a-ffbd728d2703", "value": "cd97bd977cef263c697f451ae2c47380", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958163, "uuid": "3b48a0c5-e3f2-4ff3-aa07-7567f4dca063", "value": "12288:V20BXOMcVzpWfmmnDDtX5P8fMYsvFE6NKGfLjx8QvbxafqNPOd4jy:V9XOMc1KmmDZX6svFEDGloyNPOO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647958163, "uuid": "00ef80db-4145-4fde-9623-e1deced1a5ec", "value": 799232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647958163, "uuid": "b6e6e9d2-1bc8-4c43-97e2-fd37a5203a38", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958163, "uuid": "0fbc944f-3f6f-4b3d-a934-ef90ebed6c46", "value": "29b7833041ecb93cea0b39e925821d1fc013f8643d74a7c0cbf1ffa6fe0f867a", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6d2d74db-a9e4-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647955909, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955909, "uuid": "823718a3-8d98-4080-a4f0-14c9c58e352c", "comment": "Malware payload (Heodo)", "value": "070a3dc02ded5cd67761bfd01b542703", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955909, "uuid": "53e9dca1-059d-4e1e-9670-7ec2eeedb9db", "comment": "Malware payload (Heodo)", "value": "29cf5f8ce60e5cbe55baeed647019274fbcbd245a2421fd068e225c82586ad05", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955909, "uuid": "df96b792-2c81-48b0-992c-3696902b2d44", "comment": "Malware payload (Heodo)", "value": "eccc6e036942b8c02eb0fe3168a83c4e203334f1", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955909, "uuid": "57cd6b36-ca67-4ed3-a566-d1f416dfffd6", "comment": "Malware payload (Heodo)", "value": "49a0e4da69ba49b66056696d1d1409e85c44158f6629579562226148ec27f1f578a61f226dbf1798857f98edec66c3c8", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955909, "uuid": "2398e775-bbe5-4720-95ec-deaa2e5a9c19", "value": "T135D41B017498F0B3E38918B04A858AFB724B5DB296117073F2ED378CA7725F15CE766A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955909, "uuid": "83274769-fbb4-4672-8cea-197e6bd09b0a", "value": "b193e4975b360aaa9ff34a6f93823ae8", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955909, "uuid": "b3267acd-286d-4b3d-8629-2b06865d1cae", "value": "12288:pao0Se86lloPxHHVVIjqxEqRVoQmiIII999tLLLdAkkJoFLZZWbClgluPcRBATfV:AqxETMJ777u3OmONFqNJtN1v96TOAnx2", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647955909, "uuid": "b8ae0f31-4845-4f14-852e-1b84decc0c8e", "value": 638976, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647955909, "uuid": "b3041c1b-05d1-49ed-9547-511f0b60b544", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955909, "uuid": "5891a665-a8cf-429c-86f4-ffb10090ed5b", "value": "29cf5f8ce60e5cbe55baeed647019274fbcbd245a2421fd068e225c82586ad05", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a2febf27-aa10-11ec-9275-42010a9c0029", "comment": "Malware payload (Loki)", "timestamp": 1647974897, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647974897, "uuid": "ab045ba2-5c0b-4735-88fe-7ee91eca3aa7", "comment": "Malware payload (Loki)", "value": "fdd2093a3e42074dd2c30afe6a007743", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647974897, "uuid": "27bef252-4864-4d7f-9d83-578845f0160a", "comment": "Malware payload (Loki)", "value": "29e35c799198c6801c422f8d1f014d8c2e024186220fc959de30e222f6be286d", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647974897, "uuid": "177bda88-ddde-4132-9655-d168079dc6ac", "comment": "Malware payload (Loki)", "value": "78f41b15eb94c3c1e38db96e273b3eecf7a6480d", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647974897, "uuid": "f977d949-8872-4c05-ad99-f484c2869da0", "comment": "Malware payload (Loki)", "value": "8ae49bde8f7b84864309b43253fe7d9a8dc90268e49979ef3537ede573b79595cee9989052a8dcebf42ac9848962b594", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647974897, "uuid": "56f91053-7dac-426b-9e14-0a193af04f05", "value": "T11154AE04B7A0D03DE0B312F8B97A93ADB52E79A15B3554CB22D52BDE26346D0ECB5307", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647974897, "uuid": "b83af63a-0a03-4b87-83e8-eb80ae9935a3", "value": "30c85236402d607ec86afd7c1aadbde2", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647974897, "uuid": "cec35c06-0860-4f30-aec9-21d7243d3f65", "value": "6144:Vi5mGwZIYdr/LV7ZWnEexFxsITrUzvRmw2C0+8/nhMQeo5:oHwZZdF7wnpbtj+0+Ae6", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647974897, "uuid": "b0788303-b48f-4a38-95ca-f5609afd0fea", "value": 303104, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647974897, "uuid": "65b6f0e0-137f-4d87-9b7c-80429cb7197f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647974897, "uuid": "ab434cef-1029-4a22-99ad-15bbc4610b24", "value": "fdd2093a3e42074dd2c30afe6a007743.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3bacb672-a9e2-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647954967, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954967, "uuid": "4c76eeff-a771-45a7-9a52-0a9ad6247961", "comment": "Malware payload (Heodo)", "value": "3fbbad2ddc52e1701c762b8c15644d60", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954967, "uuid": "fc3b1503-5c55-4b25-be73-7a4ab0a02a91", "comment": "Malware payload (Heodo)", "value": "2a3d21642370063fc64fdf988a51824e21cb2e359ef9b0d0763031035bba230d", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954967, "uuid": "1c9cecd8-4b6a-4c8a-8d52-09ef32e7bfa9", "comment": "Malware payload (Heodo)", "value": "e8ca8ffeef3aa8cde1d9026f977552c509be7154", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954967, "uuid": "90d40e70-2c39-4124-a537-e63895996895", "comment": "Malware payload (Heodo)", "value": "bbffe11058b7c2521b9305f14a5cf80d95512c04593cf34c001ef37ff4fa21bd348bbc7e06b3513d4832ae32a3f36f4c", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954967, "uuid": "71a37091-2e0d-4db4-a6bc-527e8faea0d8", "value": "T19AD45B11A5538073C7FB25F2CAF163B766DAAB91C72B452E02A8C07F7924E437752E21", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954967, "uuid": "ceed1b56-a9b2-478b-90ce-1f33ec61b660", "value": "c7be10fff3b5624b64714e5733abbf40", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954967, "uuid": "4266bc67-73a6-4114-b9d5-537c15009338", "value": "12288:UWBpwupxl0OeL/grxCGzO+r9AjCb/XKh:Psupxa/gh2mbvKh", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647954967, "uuid": "d402a948-af03-4147-a404-a145f9d2006e", "value": 599040, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647954967, "uuid": "25dc18d8-a83a-4f0a-a2cf-e677e0dda2b1", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954967, "uuid": "65f09001-5d2d-4f5d-a077-b75ffd085256", "value": "2a3d21642370063fc64fdf988a51824e21cb2e359ef9b0d0763031035bba230d", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f3425086-a9e8-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647957852, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957852, "uuid": "d633249a-7cf0-49f1-9fd2-f74e2879590d", "comment": "Malware payload (Heodo)", "value": "5f879f99f62f6587349568ae00b9a7c3", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957852, "uuid": "41c356cf-1219-47dc-a757-659f6e727e73", "comment": "Malware payload (Heodo)", "value": "2a5f70f1d393bafbfc6150197ea061862875d77d0b5be5c34a46753b45f73f58", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957852, "uuid": "77df736f-3ab5-41c1-ac97-1ce763292b02", "comment": "Malware payload (Heodo)", "value": "c2ba5f108f616aed39e10240f41dfa83231443a3", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957852, "uuid": "d2dea80c-41d0-44f5-89cb-f8acf3e85481", "comment": "Malware payload (Heodo)", "value": "b2b072567cd20d01723dd2aded048b3f369707bdcd7174a33585705de8083725873eb7b3911cf3691ab1dacbcd27c9dc", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957852, "uuid": "a4f3e1de-8990-4ec9-8ac9-4d9f9146d97b", "value": "T1AB059C596B46C0F2C3B53CF0182A42B11D9AFAF2C7B7023B9E84167D9A70DC17768D5A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957852, "uuid": "144379c1-09f0-494b-ac93-a9fc1abc7d41", "value": "cd97bd977cef263c697f451ae2c47380", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957852, "uuid": "0cf62ed9-164b-43d3-bfa2-fd316324eb34", "value": "12288:V20BXOMcVzpWfmmnDDYX5P8fMYsvFE6NKGfLjx8QvbxafqNPOd4jy:V9XOMc1KmmDcX6svFEDGloyNPOO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647957852, "uuid": "163513a5-e1b1-4cdc-a707-dddae3873b61", "value": 799232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647957852, "uuid": "a2025f0a-15aa-4dc9-8b38-bc77999dcc11", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957852, "uuid": "eb39a50a-23c8-4323-9569-dcfb235b727f", "value": "2a5f70f1d393bafbfc6150197ea061862875d77d0b5be5c34a46753b45f73f58", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "59d305d1-a9ad-11ec-9275-42010a9c0029", "comment": "Malware payload (AveMariaRAT)", "timestamp": 1647932254, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647932254, "uuid": "839c128b-00c6-48f7-9651-cf26caa32e8e", "comment": "Malware payload (AveMariaRAT)", "value": "b06d29fd9243a6cddbcf62742b4fb71e", "object_relation": "md5", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "WarzoneRAT", "colour": "#835220", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647932254, "uuid": "1c63f1de-10bb-4e9d-987d-af13c350e6ed", "comment": "Malware payload (AveMariaRAT)", "value": "2a6441d8796261b732b6631f065b66fe3b0cc35040121322917fb0acd9c44e2a", "object_relation": "sha256", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "WarzoneRAT", "colour": "#835220", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647932254, "uuid": "45f12508-a9ac-4258-ade5-40504456ed1b", "comment": "Malware payload (AveMariaRAT)", "value": "46164785ec56851876619f6c1f1cfe756cba7200", "object_relation": "sha1", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "WarzoneRAT", "colour": "#835220", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647932254, "uuid": "56ccdc2d-0e14-4090-81b1-09cc575e42f4", "comment": "Malware payload (AveMariaRAT)", "value": "4e0b9df6cb8eaa84011452d497ca4bc01c40670c29fcf5e1504be5a7936b63b6a9b9f3cb2ab1262dd72db46ba2a7e52e", "object_relation": "sha3-384", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "WarzoneRAT", "colour": "#835220", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647932254, "uuid": "4756de94-a3ba-4e5c-8254-9b3cd4f6c3bb", "value": "T16D25D5AD711071AFC83FC0718A643DA4FA506DAB670B4947A26337D9CD7E487EF480A6", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647932254, "uuid": "da11b2f4-0fb1-4bc6-8495-45b21445389a", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647932254, "uuid": "42ccafc3-b9a8-43fb-b4fd-1f2d8fd58da6", "value": "12288:+wqKNv20P3UZiEIGa54RAhwEs2F6+CyTYLqcfpcur63p9EWIZDUaQg6h1xJ8nwEl:+wLRXhHCnwnYP4IHwk+jo+dm0Zvq7UK", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647932254, "uuid": "df3192a3-ca2d-450d-92a4-875e008ec91f", "value": 980480, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647932254, "uuid": "986e6270-ece2-44f2-b785-f5fdc4dce350", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647932254, "uuid": "046fc769-1145-4059-a466-820057b5e2a3", "value": "MV MAXTAN - VESSEL PARTICULARS.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a59bc1b5-aa10-11ec-9275-42010a9c0029", "comment": "Malware payload (Loki)", "timestamp": 1647974901, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647974901, "uuid": "0a269401-32a3-4b88-bc92-fb9d5b94ac50", "comment": "Malware payload (Loki)", "value": "b7ea71df5cc54556220158ce0080156b", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647974901, "uuid": "d32efbad-5748-43db-9bb9-5dc461d7c4e3", "comment": "Malware payload (Loki)", "value": "2a68a6e1dfba11f47c7544b88a28f275f90ad200a0bd5856e4717445435c3adb", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647974901, "uuid": "98a1b706-878f-4bac-9812-0bb6d2ea3a9a", "comment": "Malware payload (Loki)", "value": "34f6de6e2715a093a9213d7d1d8873db8276b900", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647974901, "uuid": "8d5b62ff-bc4f-4c29-89cd-c8a8b97491a2", "comment": "Malware payload (Loki)", "value": "9eb72e9931a040a115c43d68e70915017b97ac9217e7d678b34b71035c3ab5631e99ca66d6971e161d74e7806069b8c3", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647974901, "uuid": "514f267b-b9f0-4229-852d-5e091350a34e", "value": "T1C2152363669C81BBC52D11FA47C3561953B1AC6B7816F39DE84C80B3A08F3CB9B621D7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647974901, "uuid": "33a1246f-d7c3-4fc7-bee8-2397c8fb999d", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647974901, "uuid": "649b3adc-b78e-4130-abaf-ff83d2580368", "value": "24576:Yqvohzfx03qowCc3wP3gWDIrAw+DTERqVbeD:Y4ohtAqWAmni+DIR", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647974901, "uuid": "e55756b2-f597-4da1-8cd0-068e64c3145d", "value": 937472, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647974901, "uuid": "501f1483-3466-4693-a94d-354df2f0ffe6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647974901, "uuid": "f5e8ec9b-2aa6-4f23-856b-0f1603f7c95e", "value": "b7ea71df5cc54556220158ce0080156b.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f59cf155-a9e8-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647957855, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957855, "uuid": "2a597616-2e1b-40ca-a970-9eda2d61f425", "comment": "Malware payload (Heodo)", "value": "b19cbf46ea6759e7a64a63a01422a981", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957855, "uuid": "24c5947e-bf5b-4e4a-96f1-cfcefa2b017f", "comment": "Malware payload (Heodo)", "value": "2a7ed3f2d778a1ac9eb716e1ce41d920d6e20faae005beab2730c927b43df33b", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957855, "uuid": "f9231880-8a7f-439e-b2cc-0d736e2312f0", "comment": "Malware payload (Heodo)", "value": "77f25d1fa7f4feb267ed760557f8fcc4b40b840e", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957855, "uuid": "db2b81a2-d012-414e-9112-da3d25f92a1e", "comment": "Malware payload (Heodo)", "value": "e6e7ebd44e9e360d9e912f25174a1895678366f03bc7be731c97e453cff1abf43a2eeda92ef8ddc5fb7a40b2ed8b9d91", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957855, "uuid": "f9ff580b-1a1c-4805-9db2-8a27eaa5b210", "value": "T149059C596B46C0F2C3B53CF0182A42B11D9AFAF2C7B7023B9E84167D9A70DC17768D5A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957855, "uuid": "17bf273c-f884-427f-a5ee-8eb323cab522", "value": "cd97bd977cef263c697f451ae2c47380", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957855, "uuid": "e76c7fd6-5ef9-498c-a772-1707b0a74351", "value": "12288:V20BXOMcVzpWfmmnDDIX5P8fMYsvFE6NKGfLjx8QvbxafqNPOd4jy:V9XOMc1KmmDsX6svFEDGloyNPOO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647957855, "uuid": "fef1d7d7-a5db-41fe-9aca-570049ef6346", "value": 799232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647957855, "uuid": "2b3a4dae-4d00-4613-9e1d-bad58a673582", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957855, "uuid": "e7573e72-74b0-4441-9d0f-61f2919e73d3", "value": "2a7ed3f2d778a1ac9eb716e1ce41d920d6e20faae005beab2730c927b43df33b", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f42d3908-a9e3-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647955706, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955706, "uuid": "3057f596-1ec5-411d-b8d7-1ca2f1296ee8", "comment": "Malware payload (Heodo)", "value": "0f81282ee01517d0efdc7073233d0748", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955706, "uuid": "501944dd-307b-4d91-b068-e7656b8fda22", "comment": "Malware payload (Heodo)", "value": "2a8ad443566739017762b3e0b26ac28fe29446d983d170c854d24bd421a239e1", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955706, "uuid": "d127f285-e43e-4051-9db5-34b01902b17e", "comment": "Malware payload (Heodo)", "value": "85052df0fa5caec772a0c9b0f88714e686a35601", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955706, "uuid": "474321eb-4b81-4f81-a9d9-d137ff4801b7", "comment": "Malware payload (Heodo)", "value": "e821c47baa262f02392f7660594c382c21dcb57b8f8150ae771e6f0f11c822386d77a509e67fe15a9e4b715eddbea0a3", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955706, "uuid": "39222f74-714b-4355-bdbd-df5bb3ca08e4", "value": "T196D41A30BD5BF0F8C48A1BF46A05CA59620B7EA05625B0A372EE774D6F321334D39796", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955706, "uuid": "e1a55c4a-90a8-4f1b-956b-8108868c37ad", "value": "b193e4975b360aaa9ff34a6f93823ae8", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955706, "uuid": "83f72e6e-fc46-4fd9-8949-19788d112014", "value": "12288:ZxpNJJJ2NHPoczJiOtIhxf3foRXIa5EPwvA:Zx2gczJiFf3fnaFvA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647955706, "uuid": "62e8b328-b8fd-495a-9ead-d66a9cccbc00", "value": 618496, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647955706, "uuid": "93134514-db5c-4be1-9400-ab359d70a02a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955706, "uuid": "0f867bcf-4743-48bf-8b53-6bded01c1ed6", "value": "2a8ad443566739017762b3e0b26ac28fe29446d983d170c854d24bd421a239e1", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "336c2532-aa15-11ec-9275-42010a9c0029", "comment": "Malware payload (RedLineStealer)", "timestamp": 1647976857, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647976857, "uuid": "3e9eafa8-a51e-48f2-bed6-aa884ec57871", "comment": "Malware payload (RedLineStealer)", "value": "a0c8869f66b6021d37a0e500cc262dd1", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647976857, "uuid": "6421d165-13bb-41d0-b92e-954f8519b04c", "comment": "Malware payload (RedLineStealer)", "value": "2a98816f520a56accb555f8a862d8ec67c9529cb70a135ae57149e0af073da37", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647976857, "uuid": "d34a5ee7-af5e-4d6b-809a-b67f65dc74ee", "comment": "Malware payload (RedLineStealer)", "value": "0baf3f7a58d1df6194e443f64aa23bd01cd28f0f", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647976857, "uuid": "14c04fb0-df23-4779-a22c-fcc3a5c50a43", "comment": "Malware payload (RedLineStealer)", "value": "929ce930940a81a55d96df4698ce9e959fd68fa12db560ada8539e137c4626272c4d2fcd9e14dbeda6eeb0031f257260", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647976857, "uuid": "5b8b731f-8071-4e7a-8373-3cea38ec0666", "value": "T18FC423D13ACAB458C64D027823927FFF15532DBAE4F02199B1EB4417D62E5C3AB051EA", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647976857, "uuid": "cef05c86-688a-4411-9594-c35c098ce927", "value": "445554923421947cbff896012e27345a", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647976857, "uuid": "0be594bd-fa25-4ff4-b584-3aa6a68298be", "value": "12288:3194+uto7LwqQHIO50pbwQS03ULaHNqrxlKIQNoHEKj0rD4H8t:319qo7LwduZwkEaHNYK3QEKjg4H8t", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647976857, "uuid": "18ff07cf-1252-4887-ac93-1b9482343920", "value": 568320, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647976857, "uuid": "cf0edf73-c5ac-4860-a1a6-9c779ce2ede9", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647976857, "uuid": "99b71b29-5689-4396-a0b9-4d277bd43be6", "value": "54841672.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f819d829-a9e8-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647957860, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957860, "uuid": "df5e72c0-a0aa-490a-b523-8e114418b50c", "comment": "Malware payload (Heodo)", "value": "134734f186364b62835c340c8b2ac7cf", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957860, "uuid": "0286a959-54ac-4b93-885f-60a642e58585", "comment": "Malware payload (Heodo)", "value": "2afdad3c9da03ba7c3884960473b3fb901e55dc07cdda99b1b67d8354b9edddc", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957860, "uuid": "bb952c7a-f5be-4920-ad37-2f2745970cfd", "comment": "Malware payload (Heodo)", "value": "0f0e2822d247b80592ffc3d2e25196e60b7fe203", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957860, "uuid": "d677990c-bc77-4ed4-b9b2-200059705366", "comment": "Malware payload (Heodo)", "value": "2f67bd10ccbe8f437ff9d6ed3a73177d01f1b8f72d4d0d7e20b9ff6ab043df995008bb929301e66fe13390e984affe40", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957860, "uuid": "a8b01afa-81e3-41f7-859f-5c6575318c13", "value": "T165059C596B46C0F2C3B53CF0182A42B11D9AFAF2C7B7023B9E84167D9A70DC17768D5A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957860, "uuid": "f4342474-a80e-42b1-b643-3d18d695e8ea", "value": "cd97bd977cef263c697f451ae2c47380", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957860, "uuid": "21a97984-9a26-455c-80d7-48a875aed265", "value": "12288:V20BXOMcVzpWfmmnDDCX5P8fMYsvFE6NKGfLjx8QvbxafqNPOd4jy:V9XOMc1KmmDmX6svFEDGloyNPOO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647957860, "uuid": "424d979d-cd15-4511-9c66-90f5ef57d06c", "value": 799232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647957860, "uuid": "459c7661-be5f-49d1-8a79-116812d27697", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957860, "uuid": "abfd4a1d-a5bd-4a60-864d-ca10eed60475", "value": "2afdad3c9da03ba7c3884960473b3fb901e55dc07cdda99b1b67d8354b9edddc", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "258422b7-a9e0-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647954070, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954070, "uuid": "553590a2-aa44-435a-a59d-511e82a2100b", "comment": "Malware payload (Heodo)", "value": "49147380b82ef4d6fe29902433b38380", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954070, "uuid": "a56ab4a9-00b6-4fb9-a697-4c06e75862b0", "comment": "Malware payload (Heodo)", "value": "2b27a520301f1feb462db861e78b0d865368f513cb808c7cc2f55a3c12ffa992", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954070, "uuid": "6c0f8e1d-9002-4027-8cd9-f140ae97cfd6", "comment": "Malware payload (Heodo)", "value": "176b47b12988fee0c898d4967e27460a04127eab", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954070, "uuid": "c59eed73-69fd-43e1-9eba-5c0256f328d8", "comment": "Malware payload (Heodo)", "value": "b5cea951cee25dfee7c46a3a31dae8f8ae10a42113fc63bc5fb4ed5fcb59c0a2e0011f6c75900d0852c762a8a5491ad6", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954070, "uuid": "f27e1ffa-e5a9-4f53-a3ce-c1f626e06d25", "value": "T18025AE223AD5C07BE2AF16760506E76E62F5FD304B2586C36FD11BAE6E345C29739302", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954070, "uuid": "715085b4-ad74-44d5-8e32-0cb401ad3bbd", "value": "c43d7d6aae03def404d4e73d7d3f62eb", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954070, "uuid": "a75f7e4d-036a-48ca-be2b-a5994b24d4cd", "value": "12288:+LDlVD0Fj+g1dEJgcIzQHBKeWZlQ35tFjNRLU:Ci6fgcIcHB8Z8bLU", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647954070, "uuid": "f3ef312e-c384-4934-aac3-c8ed501b0441", "value": 1028096, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647954070, "uuid": "1198c7da-5b11-4017-82c7-f2151747cebc", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954070, "uuid": "db7da8ad-8422-49ac-aa26-475fdba1f0e9", "value": "2b27a520301f1feb462db861e78b0d865368f513cb808c7cc2f55a3c12ffa992", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fa5abfaa-a9e8-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647957863, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957863, "uuid": "fde7d4ec-1522-489c-a7b5-3a1f9c908c4e", "comment": "Malware payload (Heodo)", "value": "5bd608ebe98981e85dbf8672c4631363", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957863, "uuid": "03241ec5-6220-4cd1-93e0-c2958591425c", "comment": "Malware payload (Heodo)", "value": "2b620bcb455305dcf7182531528b1d177376de24916919f64b8aecb244a6d789", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957863, "uuid": "e059d60c-c843-46b3-a9ef-ec19a4f92ed4", "comment": "Malware payload (Heodo)", "value": "63dfd1326ec9f109f43bc4d6f0ef9fa0bcc21f0b", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957863, "uuid": "e645d3e0-9f6e-4f74-88c1-8ef4dfd76104", "comment": "Malware payload (Heodo)", "value": "ac90597de54f35aa619a83996e7681f2b181c12a172ae5c03843dedb0c5a3e5f7c802a87519a10504ff5cc3fe6a71d83", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957863, "uuid": "44b3ec63-52ea-429d-8b17-a1d79987c26d", "value": "T16D059C596B46C0F2C3B53CF0182A42B11D9AFAF2C7B7023B9E84167D9A70DC17768D5A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957863, "uuid": "7aa4cece-b802-4f95-8024-9f562b174687", "value": "cd97bd977cef263c697f451ae2c47380", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957863, "uuid": "2dea8f4e-0293-4820-a52b-f2307d9913fc", "value": "12288:V20BXOMcVzpWfmmnDDtX5P8fMYsvFE6NKGfLjx8QvbxafqNPOd4jy:V9XOMc1KmmDZX6svFEDGloyNPOO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647957863, "uuid": "e43d0cff-8e4d-4111-b5a8-8fcb4a6d21b3", "value": 799232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647957863, "uuid": "301accbf-8009-4b29-b967-085098a3a305", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957863, "uuid": "d106c7b8-899e-4154-b328-e1266bef180a", "value": "2b620bcb455305dcf7182531528b1d177376de24916919f64b8aecb244a6d789", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "514fccf5-a9ed-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647959727, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959727, "uuid": "3b43ecd0-050f-4034-8b10-5384ec1e738f", "comment": "Malware payload (Heodo)", "value": "70c3605b191b068a8e5198f7e8ab8cc0", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959727, "uuid": "848f30b4-80b4-407f-a0f9-b63fe5bdac9c", "comment": "Malware payload (Heodo)", "value": "2b796ceab37b1584066b38e3afe5e37094920d457d2ce129eff00469a32a0ecd", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959727, "uuid": "b0222fc8-52df-4675-a2d2-8a1206942ad9", "comment": "Malware payload (Heodo)", "value": "dc50af833e8813ac25216ebf5dfdec61a39d6c0d", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959727, "uuid": "fc5bc18e-e2ae-4968-87b1-4e0c6df08366", "comment": "Malware payload (Heodo)", "value": "617e1de4599237c58192f7f7add8ded011ec4c14e7004495e9a3e9a948702d2e521727e98e1cb02442084be60fbce9a3", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959727, "uuid": "6f3c60af-5eba-46c9-92bc-0086f41360a5", "value": "T178B4194F1E989172F0CF28776C22FB65F1EBB8009319B8116EA81B4CFB25B715961D4E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959727, "uuid": "b5771f60-5641-4f21-9355-66973a201595", "value": "ea66334e3c2bfce2838f2a75dde8dc63", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959727, "uuid": "e199725c-2fc3-4a29-9031-fba218a512ef", "value": "6144:8JZToYE666spbEgoZhZO1tVI+rB7FNXtwN2B5mq8dbSNQ7dqNThMx:8v/goZodlF/wN2PmBzdqNTWx", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647959727, "uuid": "1746c051-c2b4-47b7-b82a-5e141d8bb481", "value": 516096, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647959727, "uuid": "7fbf5ea6-ee02-467e-af3f-c211f1de16b7", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959727, "uuid": "e2ae2024-2a17-4421-a7d9-354da25d2f1a", "value": "2b796ceab37b1584066b38e3afe5e37094920d457d2ce129eff00469a32a0ecd", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fd50d620-a9e8-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647957868, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957868, "uuid": "bc86fc34-3953-4e78-a733-1564d8724c0b", "comment": "Malware payload (Heodo)", "value": "cab728d71e9163115cef68ad2c68532c", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957868, "uuid": "01d54fea-e227-49cc-a0c8-69be8d7d7e7f", "comment": "Malware payload (Heodo)", "value": "2c477f5be0a5336ba549efaacadf4613e52b15b1bb6eb9233570f476160e8772", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957868, "uuid": "fd672c9f-f956-45fa-b4be-5b292a2e0938", "comment": "Malware payload (Heodo)", "value": "70ce98171b121fa5d76f909d30dce6277012ce5e", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957868, "uuid": "ce9fd40a-d8c4-4eb6-a5bf-1db151476aa4", "comment": "Malware payload (Heodo)", "value": "7f9e0faad2a27f331707998ef88e6a4964b8fe872004fc1d7c3bb81c9138c1f92b5612a632f6a24c0ee88c6760391f1a", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957868, "uuid": "29cb616e-47ba-46a0-a6a5-385c9df1911d", "value": "T177059C596B46C0F2C3B53CF0182A42B11D9AFAF2C7B7023B9E84167D9A70DC17768D5A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957868, "uuid": "c8cafb29-1c0c-4bdb-b897-dfc91c9f430e", "value": "cd97bd977cef263c697f451ae2c47380", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957868, "uuid": "9982cc5b-dafa-4cd4-a7fe-dc9be919f25a", "value": "12288:V20BXOMcVzpWfmmnDD/X5P8fMYsvFE6NKGfLjx8QvbxafqNPOd4jy:V9XOMc1KmmDrX6svFEDGloyNPOO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647957868, "uuid": "e53619fc-faeb-4b46-b243-8995dc238a77", "value": 799232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647957868, "uuid": "208c4e16-e506-440f-9054-e773fa916e6f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957868, "uuid": "034c4464-f553-4229-9bfe-a57e40f567af", "value": "2c477f5be0a5336ba549efaacadf4613e52b15b1bb6eb9233570f476160e8772", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f9ca50b5-a9e1-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647954856, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954856, "uuid": "c93a5a5c-2bcb-4ebb-8e07-4c274a71b8d2", "comment": "Malware payload (Heodo)", "value": "4f2ad31079632ba917978bf431eca3dc", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954856, "uuid": "196f6fc3-50c7-4881-958b-d29c87590b94", "comment": "Malware payload (Heodo)", "value": "2c73820100cb1b77423e6c4753cf6ce8fa6060cdd450c0e745c3e856978ea10b", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954856, "uuid": "323ee9f6-0fa5-4f31-86d1-2ebc1257eb57", "comment": "Malware payload (Heodo)", "value": "268854a1770ea7aec939af86896707b39cdd431a", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954856, "uuid": "45ab4f0d-15cf-4a08-aadd-e565f2fa14ff", "comment": "Malware payload (Heodo)", "value": "97b76b3cb7bd32cc35851b0ce12318afa20c5bfe5f121ff4dc8ee2a3fc2fa4f149611a9678f6c60cccb05363a61e9425", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954856, "uuid": "b683e602-d8ee-44e2-bd14-ee32e4682583", "value": "T135C47D1173C390F0C6576578840FE615AC7BB83C6B18857EB14B62AF4BF78909A346FA", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954856, "uuid": "4a2d11b7-7117-43eb-8cc0-a548dcd7ccba", "value": "c7be10fff3b5624b64714e5733abbf40", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954856, "uuid": "8a82f466-cc5a-4d93-85e2-c94a59721d7d", "value": "12288:S54yM33d3q3Z7Bog8reNmF+U/9JckIAGfUeb:SKh3831BoeN6+ADckbeb", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647954856, "uuid": "ccdecafe-1289-42fc-aa62-9d6e019242a9", "value": 580608, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647954856, "uuid": "52581702-be98-4edc-9290-d3c8f9d6c8fb", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954856, "uuid": "3e84cf01-74fe-41a0-8d58-d3869a6f8ff5", "value": "2c73820100cb1b77423e6c4753cf6ce8fa6060cdd450c0e745c3e856978ea10b", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2c536be8-a9dd-11ec-9275-42010a9c0029", "comment": "Malware payload (Formbook)", "timestamp": 1647952793, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647952793, "uuid": "1e72cea2-a1b3-4126-b312-f90898b3733e", "comment": "Malware payload (Formbook)", "value": "9dcd69d5183d9ecc880c393364171ee7", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647952793, "uuid": "dfa0cd8e-5e94-4fd6-97d9-a3923d469077", "comment": "Malware payload (Formbook)", "value": "2c81b04d9509cf29e05309b84972fa9bf47b34bdf64032ade464fcc55a54a1b8", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647952793, "uuid": "a380ebf4-43df-4018-af2b-e415568ef70f", "comment": "Malware payload (Formbook)", "value": "05edd6c8ac9fa48b730d17fee7968da8045ae5b9", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647952793, "uuid": "5d2cf5a3-20a4-4939-a467-f45c3e9d41c4", "comment": "Malware payload (Formbook)", "value": "fab977a33eaa495971fd1fd7c56808f23a0fef0322033a3423e5dab6dba55ff9a2c36ebd730bda8f17e5408b4deeae59", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647952793, "uuid": "46aa638f-db00-4813-8ee0-d78f0fe2c499", "value": "T11945E0A121FF5EB6C13B97F1F491FABA0EE17F08D601D1BA497368C591E2728743410A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647952793, "uuid": "66a354a0-516e-4af6-b30f-ea88718e68ef", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647952793, "uuid": "3f92119f-72c9-4647-b35c-c724f573ae1f", "value": "24576:299YGbW0lSVe9v/hhLlHfUDpiiIjq+iJvAI08TZut3bOdF:S6GbW0lSVe9v3Ll/U0tuJZ08x", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647952793, "uuid": "ada81be0-2378-4d59-87eb-8673730092ca", "value": 1187840, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647952793, "uuid": "57078adc-f7ca-434d-ac58-73c69aebcb88", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647952793, "uuid": "145cb58b-22dd-4876-a305-316754d017ea", "value": "triage_dropped_file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "86a06751-a9e2-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647955092, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955092, "uuid": "787e34c5-ed50-46c5-ab46-ed18d244d5e9", "comment": "Malware payload (Heodo)", "value": "06d281fa34b3b588fd9db7f7becd6d42", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955092, "uuid": "85683768-d118-409f-a526-45ba86e102b6", "comment": "Malware payload (Heodo)", "value": "2caab3fc398badaf136e1c4f6eca52e882fadd6c8ffd515b1b274bb730d69a8b", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955092, "uuid": "ea470ca9-5483-4264-99cb-a528d1dc30a0", "comment": "Malware payload (Heodo)", "value": "41e45dee930871dc325a888962eebef533251f19", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955092, "uuid": "e273310c-6a6d-4540-b187-581e25c190b7", "comment": "Malware payload (Heodo)", "value": "39e7b876b2b1e4cfe75c4b8845821cafb59be123154cc8a0f8c2b50e8458b09a5e295260c31fedaebcc6131194a6917c", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955092, "uuid": "80e352ba-b3bc-4b71-a092-cdf5d9f1c088", "value": "T17FD41950735AE1B7D0429CB58D1A82B5A90F6CA14A2471F3BBDE371DEB789B017213CB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955092, "uuid": "7dee25de-b479-4842-9ea0-1320b976008b", "value": "463401f61c44b0d918f1e23374db995b", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955092, "uuid": "49fd2822-a468-4c38-8825-999542c18b52", "value": "12288:DjN/Z2wkRrA9CRDCaElAjHDsndSyHOrNvEP0Oua:dEHR+CRayfsMyHOpJL", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647955092, "uuid": "201ecd4d-ae08-485c-8605-9092c491d3b8", "value": 613888, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647955092, "uuid": "89192be7-8cb4-4d7c-9619-94a857bd8a3b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955092, "uuid": "b9a9597c-3ca2-46b4-89fd-984ec4836132", "value": "2caab3fc398badaf136e1c4f6eca52e882fadd6c8ffd515b1b274bb730d69a8b", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ffc36f2b-a9e8-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647957873, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957873, "uuid": "a29075d0-af0e-478e-a5f7-6cf375036c30", "comment": "Malware payload (Heodo)", "value": "72343b12f9689df68c914e04342c24aa", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957873, "uuid": "bb6fc344-12e7-4572-907c-6a94e4eb1f41", "comment": "Malware payload (Heodo)", "value": "2caeac8d57a356ca1977d8bf61ee21bffac6c2563d16d5746c6fba14c7a50fe3", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957873, "uuid": "b6000c06-d678-4c4e-b4f7-3e1993a22cd6", "comment": "Malware payload (Heodo)", "value": "fe68f406c0a97c8c2f399cefeb338b7d5a9434a7", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957873, "uuid": "9cca3108-8e33-4fc2-a044-d2017425875d", "comment": "Malware payload (Heodo)", "value": "deb8799fa0513accfbe4e442644fd6b0383b33f2ae0d9176b65d1af8a2951ad7fa22c376fab283c7f51cdcc391f48ace", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957873, "uuid": "d6bad2e8-c389-44f2-bf7f-f95cd87d73b3", "value": "T154059C596B46C0F2C3B53CF0182A42B11D9AFAF2C7B7023B9E84167D9A70DC17768D5A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957873, "uuid": "8f0c3260-050e-4ea5-bfbc-1e21f53dd0eb", "value": "cd97bd977cef263c697f451ae2c47380", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957873, "uuid": "8fb6309f-450b-4f49-a38e-e4a3c945198c", "value": "12288:V20BXOMcVzpWfmmnDD6X5P8fMYsvFE6NKGfLjx8QvbxafqNPOd4jy:V9XOMc1KmmDGX6svFEDGloyNPOO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647957873, "uuid": "43d6082e-c083-401a-ac7a-0aca35aab0c8", "value": 799232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647957873, "uuid": "9cee8231-c0f7-4a2f-a237-322a27e17468", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957873, "uuid": "b078eced-4b22-445d-aab4-fc92b06e7d7d", "value": "2caeac8d57a356ca1977d8bf61ee21bffac6c2563d16d5746c6fba14c7a50fe3", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "02c6e7e0-a9e9-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647957878, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957878, "uuid": "7e110c55-6ba8-406b-8779-d50285360a52", "comment": "Malware payload (Heodo)", "value": "0288d6cdd3f646952c72b32b8b8a2cdd", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957878, "uuid": "d7b20475-d36d-4431-adbf-157a417ad3f2", "comment": "Malware payload (Heodo)", "value": "2cb79c375346cc99ec73de6ff4707ae1d2049fb6bdc0e24acc018c98f275aa58", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957878, "uuid": "e51d4da9-cd5e-4f7d-a07a-73f5cf5b8b9c", "comment": "Malware payload (Heodo)", "value": "aafa7f0ba1cdd592533fc94b069438abd856428f", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957878, "uuid": "f6f3fcf0-0c78-4151-9b7a-0524ebc9cd0c", "comment": "Malware payload (Heodo)", "value": "1eea13b207113be5b884a9f7bf97a54213d7127bc1c82c38caceff2e386b13e40fab5938a7590da3a1864a3f87b4aabc", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957878, "uuid": "9fe80a1c-2530-494e-a184-8512cea47ade", "value": "T1D4059C596B46C0F2C3B53CF0182A42B11D9AFAF2C7B7023B9E84167D9A70DC17768D5A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957878, "uuid": "ebc5388a-f14a-44fb-a11e-3f83aae3b1fe", "value": "cd97bd977cef263c697f451ae2c47380", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957878, "uuid": "f869baec-c1a1-454b-b1d3-41186e719d71", "value": "12288:V20BXOMcVzpWfmmnDDpX5P8fMYsvFE6NKGfLjx8QvbxafqNPOd4jy:V9XOMc1KmmD9X6svFEDGloyNPOO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647957878, "uuid": "ee3df830-c6aa-46fd-9a51-8bc930e2009d", "value": 799232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647957878, "uuid": "f0cad89a-b099-4caa-b73b-44c518660083", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957878, "uuid": "7e88fba6-1778-46cc-a21f-2a191d42a450", "value": "2cb79c375346cc99ec73de6ff4707ae1d2049fb6bdc0e24acc018c98f275aa58", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a0c36090-a9a0-11ec-9275-42010a9c0029", "comment": "Malware payload (RedLineStealer)", "timestamp": 1647926789, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647926789, "uuid": "8ef8ca41-e5dc-46d2-a3ec-faf09f08aeaf", "comment": "Malware payload (RedLineStealer)", "value": "c7d281ad64fd924cfc7dce992aaab47f", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647926789, "uuid": "8846ee9e-1b56-460d-ab91-c4f28cedae3a", "comment": "Malware payload (RedLineStealer)", "value": "2cc8d95e8f6a456c2eb9726f66cd29f7a1399bf272c3b6d50e97008eb00bef5f", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647926789, "uuid": "f2795c4e-de3d-49b7-9d53-dbe7f7a5c542", "comment": "Malware payload (RedLineStealer)", "value": "acc74d80712cc140d4944f799ad394a681bc49c2", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647926789, "uuid": "615063eb-34c9-4671-9a0a-f74eeb4a7ef3", "comment": "Malware payload (RedLineStealer)", "value": "f28a3037c174b9696a7ef6c22fd22db423bb8ce1f55466ec85e121fdee8540b614dad9d0261bff2e4d9c2948399c7c8d", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647926789, "uuid": "57f1eb0c-e29d-4cb4-a765-e462c1edd56e", "value": "T13B3633DE60F0B20CDFB9DBB0F951DE8A6525481E2BAF456E9D8C0E552B8812173FD1B0", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647926789, "uuid": "0eca3785-ccac-42cb-9cd4-a7f37be76a03", "value": "fddc083fa31a17c938d0a17ec7cd3025", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647926789, "uuid": "2ea1e5db-8a5b-4cfe-863b-01e6810347f4", "value": "98304:iMvJMkR+SG2tjqtbMQYCPOrg+R0oBYYj23zUX6gH5DszndcZcXQ4Vkh+:1Jix218MQN2M+GDoxWxWR4g+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647926789, "uuid": "c054b2fe-33cb-4bc8-8143-beab78bf59ba", "value": 4895232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647926789, "uuid": "45ec4938-9445-42f4-9dcc-9bb6858f70fa", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647926789, "uuid": "959e9d1d-2735-40c4-9c09-eb4218e867be", "value": "73962550.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "41894936-aa0e-11ec-9275-42010a9c0029", "comment": "Malware payload (Vjw0rm)", "timestamp": 1647973874, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647973874, "uuid": "750dfd3f-8d76-4fd2-a82b-77325de91339", "comment": "Malware payload (Vjw0rm)", "value": "4a86c0250f53d61920c72434e80ac836", "object_relation": "md5", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "vjw0rm", "colour": "#EEC0AE", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647973874, "uuid": "9a458f28-6da7-4f08-abff-84a801dd9e06", "comment": "Malware payload (Vjw0rm)", "value": "2cf7cf0ac77b25eccc61fea38629e1a2de4547aa1d4eaae4f7885fdc0e2194a4", "object_relation": "sha256", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "vjw0rm", "colour": "#EEC0AE", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647973874, "uuid": "c88e6497-9e95-4bf0-8ba2-498033970cb6", "comment": "Malware payload (Vjw0rm)", "value": "52d5178d979640301456d353bb1d3a4cd9fe56c8", "object_relation": "sha1", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "vjw0rm", "colour": "#EEC0AE", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647973874, "uuid": "6dd9e6ae-304a-4872-a0f5-b002ee72134b", "comment": "Malware payload (Vjw0rm)", "value": "cdd263b430db304040db784e9a02522c3a6fd596d03ca8e2986b3f61c83e46ffbb5cd18509e8820317d9fa547dbd6988", "object_relation": "sha3-384", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "vjw0rm", "colour": "#EEC0AE", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647973874, "uuid": "c9ad7e0c-fa1a-48d9-9b62-18c0de32182b", "value": "T1683219ED5C18BD8EDB00A112297CACC86FED23974541AA4F382DB5415770691E2EE37C", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647973874, "uuid": "729e2e94-7a0d-4db9-be91-9e6bbd09577c", "value": "192:V3q7lcDeRgaxr2g9IIKy7n8sgGlwgou2emGiTCsyJKtwB7XmypKYV5VFWzSsnuEc:VJ2RIETDhszUBCZIvgWAu9vh", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647973874, "uuid": "e43159eb-286c-4bdd-a382-9d4c6407d277", "value": 11236, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647973874, "uuid": "65836141-754e-4396-b47a-e4b9cb786063", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647973874, "uuid": "c6348fd9-d7ed-4546-aaf3-c661bdd25e66", "value": "eVoucher.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6f3bc949-a9e3-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647955483, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955483, "uuid": "af827a75-aaa8-4339-ae2c-96d06a371b94", "comment": "Malware payload (Heodo)", "value": "1c8480ee1918bcf8f430142beef55bce", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955483, "uuid": "76446fcf-a915-482e-a90d-977a9ec23682", "comment": "Malware payload (Heodo)", "value": "2d2dd85da70daca3d92f7151ce40bd35048e311394fdb55612e848abdca9246f", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955483, "uuid": "b37a0efb-8816-4261-8701-3ef20c33553f", "comment": "Malware payload (Heodo)", "value": "9174a8e71cb41da8a4a1d295d2e63639efb64ab8", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955483, "uuid": "3b2a87a5-e9d9-4916-832e-3fa5255ea199", "comment": "Malware payload (Heodo)", "value": "7900e3411cef2c5fc3ed34fb239182f0ef1ded69f0792dd530e0a198e89be63e65110b36f874a7f2abecae20e329c819", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955483, "uuid": "9d8be93b-a7b6-48eb-95ff-c7e31c5b0c5d", "value": "T162D46B03BFD3F0F6C12F0F394505D608989A7EC6A62A45A3539C6B9FED670138D36652", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955483, "uuid": "1fe4a8af-125c-44a8-bc74-9db2afd4b278", "value": "987fe31a9a4cd6eac4ce656a05c3724c", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955483, "uuid": "46265893-8f41-4503-af36-7aa35a4c6af0", "value": "12288:QXvRLpX4HMAus65rwxMxWXb6Sw5BxfmRgnI:Q/Rt4HMA+rwx2BlmeI", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647955483, "uuid": "f09ae5bb-234d-43e9-9f93-54c9bf114f62", "value": 614400, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647955483, "uuid": "f1dd8d4c-f31a-4c97-93ba-239432e6ca2f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955483, "uuid": "e906cef6-6680-4215-9a14-85f07197c923", "value": "2d2dd85da70daca3d92f7151ce40bd35048e311394fdb55612e848abdca9246f", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "19d3f121-a9e8-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647957487, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957487, "uuid": "9f001064-5e70-474f-9c4e-8700980771f8", "comment": "Malware payload (Heodo)", "value": "51274c718eb275e46c343f72c60e176c", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957487, "uuid": "b357980f-510e-486f-b9f3-c40bcc2d199a", "comment": "Malware payload (Heodo)", "value": "2d3a71d50646df87dc58382baf74bbee499d817b47458ae172b2853d0ca35ce9", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957487, "uuid": "524b3311-43c1-4464-90da-7ae1a5b65dae", "comment": "Malware payload (Heodo)", "value": "4f1acf6f8d8b9963ba5895e18a69ed096e76e0a2", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957487, "uuid": "7e7aa6e2-8f61-45c4-9a9e-500709b7aaeb", "comment": "Malware payload (Heodo)", "value": "260b385144b4eaa87704e1b65bfd88813dbb4adfea38a6842118bc016bce3f8705b8d2837375b433d50b2831d06d94d8", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957487, "uuid": "444df7dd-2dd2-4cc7-9c60-8d5b9f0b8dc2", "value": "T1ED158D02BE81D0BDC12F3230131E9779A9AFA9200EB5D6CF56847EFE9E354D39D24256", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957487, "uuid": "b4441249-14bf-49f5-aec7-bf7edd5de914", "value": "e6ba0d569e98f2690f5b8dd064d4502d", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957487, "uuid": "e87cdb02-3349-45e9-ba52-52bb7fbf3630", "value": "24576:8IWcqyvEuhzRHQjK1M1Xfu0vjfrNt1UxY:8IWLyvEuhzRGu0rRt", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647957487, "uuid": "63844d64-48f5-4014-b58c-a83bf37f8461", "value": 926208, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647957487, "uuid": "7d271aa9-1bdb-4d1f-8bbb-c5a455003c04", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957487, "uuid": "6666bfad-7682-4305-899e-41adaeee72da", "value": "2d3a71d50646df87dc58382baf74bbee499d817b47458ae172b2853d0ca35ce9", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1b06da42-a979-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647909815, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647909815, "uuid": "7eca7987-7222-489b-9ba0-0f835530ca8f", "comment": "Malware payload (Heodo)", "value": "3b195319c77280d112fcff1dca0c95e5", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647909815, "uuid": "898da928-1ba6-4142-8c87-3ad4d6a160b4", "comment": "Malware payload (Heodo)", "value": "2d48527e1e3d5164cb853ebdac618f6c2d743f360cb4351bdf39a6ed5a311bc0", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647909815, "uuid": "b4199e2b-a677-4a9c-8a40-05661b688e18", "comment": "Malware payload (Heodo)", "value": "22aed24957f00e5ac067a8ae3c8c7a4d30504f31", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647909815, "uuid": "34f9c259-b83e-47bf-9e9e-0c58e658e55d", "comment": "Malware payload (Heodo)", "value": "807ae5796804b16219d83b11ee0b4c4efd8da7f026b94933acbff8155a12832bf58879dca2ecf832b45081e138b700d0", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647909815, "uuid": "b937d1d5-7bb8-4d4e-9329-f70f7153cd6f", "value": "T14E940A06EF22B1F0C06B03B00555415AD2EB7BD0A72EDA93825DEB3FDD239977A34625", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647909815, "uuid": "ab542be3-b4d5-4b0a-8b25-a41c6332b1cd", "value": "066d4e2c6288c042d958ddc93cfa07f1", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647909815, "uuid": "bce240b8-3968-4e41-91f6-aec72c04f810", "value": "6144:Ymckn99Xki2PXVKB0G6XjMqMM2stJKEOfkifOAorwVPeDArPxgzrIl:jc899XKPmN4WMkoV6l", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647909815, "uuid": "708288c9-be12-459a-ac34-baccff03865f", "value": 425984, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647909815, "uuid": "1bf3b785-ff3e-4699-9c54-a60a94e72d0f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647909815, "uuid": "ace68907-a05d-46ef-90cc-9475f56216a9", "value": "emotet_exe_e4_2d48527e1e3d5164cb853ebdac618f6c2d743f360cb4351bdf39a6ed5a311bc0_2022-03-22__004330.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8f5dc5fe-aa12-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1647975723, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647975723, "uuid": "650f889a-c3f3-4084-bb70-ba7de9887898", "comment": "Malware payload", "value": "d1743dffa263523a78e3eb55e9638ef6", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647975723, "uuid": "236c323b-6ed6-4da5-b03b-b6ec116916e6", "comment": "Malware payload", "value": "2d7290489c4933d69839e2de866825052ea0507c168f6504c525ae31e91c31ed", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647975723, "uuid": "f1c62710-9035-4308-be39-ec8ad4057bdd", "comment": "Malware payload", "value": "e27357c48c92566f0d1ac9fea52ad53c96b121d3", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647975723, "uuid": "2f709e4a-33ad-429d-8940-b300f51d9977", "comment": "Malware payload", "value": "f7635a8597d66f69bc15dd25354d83211fccebc98f0d8da909cec25cdfadc822d1e0f021b9fca6c3ea7e3532c2021b75", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647975723, "uuid": "c4e139e5-4f3c-4947-ba39-43ac3159343a", "value": "T1F7E5331A1E4C87E6CFE475F960134E1182F82E9CA7C3FA16F09899AF4E743D1179681B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647975723, "uuid": "8334f93c-bb2d-453f-a79c-61ec8d2af53c", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647975723, "uuid": "5a29a33e-18b6-4b5f-b111-8a8c945a8b77", "value": "49152:kA9u/v/awI4PcxL6sdytoU7yWH84cz1FCXLZvGcF0X6jTR54QMeoCK:/I/v/awnPyDEtoU7yWc4c8LZyKfba", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647975723, "uuid": "60ddd1d0-cc1b-4527-8202-1d3cb432a552", "value": 3209728, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647975723, "uuid": "b8a5b6ff-2dae-4eab-8793-3cfd5bc4001f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647975723, "uuid": "6b3c2589-9a98-4867-929f-b7ee51d52855", "value": "d1743dffa263523a78e3eb55e9638ef6.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b0aa2d19-a9f5-11ec-9275-42010a9c0029", "comment": "Malware payload (RedLineStealer)", "timestamp": 1647963323, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647963323, "uuid": "f9a32fb2-b3c6-48e9-a736-f952077c484b", "comment": "Malware payload (RedLineStealer)", "value": "ef6e7e96b7ad27e6ac27e9344d3daa62", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647963323, "uuid": "0326a9ad-3712-4b01-9b94-6de1f9ff364a", "comment": "Malware payload (RedLineStealer)", "value": "2e25502ca4773f01c4107ded29379fdcebc4cdeab711e0624cdddd527449e3cd", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647963323, "uuid": "75c36971-77ad-4d37-8d0a-acdd9c0c4aec", "comment": "Malware payload (RedLineStealer)", "value": "9a36b92a39fd9d28c9a234a710018ec5e1ff6d81", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647963323, "uuid": "ec3dffcc-eb9a-46bd-8752-7480a01399a2", "comment": "Malware payload (RedLineStealer)", "value": "d9314df0fee516135e7689d27d1b475e0648b9d823607747ce2a572682844958676d943e6d04d36911a735af27db4189", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647963323, "uuid": "d732b156-5bca-4c1e-81b7-676191ce145a", "value": "T16B74F1103551C432C1A12174792DC7B22B3FBD323EB55A537B562B3A2E703D266B6B8A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647963323, "uuid": "e328ca8a-e58e-4334-8ae0-327fec6da97b", "value": "07ae87ae47994a6afdafb79937e0a5e9", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647963323, "uuid": "688c95da-f225-4e66-8ec7-a77536b83324", "value": "6144:0/zvJJr5sj95N8BDGGMxotNcSToZQ6iIR/:07vJJrOHEaGMGFTMl", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647963323, "uuid": "97005ba6-41ba-4bd8-8ab3-393d78fc697a", "value": 369152, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647963323, "uuid": "84447675-e537-4644-9c8a-f96fe79a292d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647963323, "uuid": "e9f477c7-5dc4-4e59-baec-31080d8185c5", "value": "ef6e7e96b7ad27e6ac27e9344d3daa62.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f6c83dd1-a9e3-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647955710, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955710, "uuid": "c84f9b4a-15a8-499c-9728-1e1ddb49a927", "comment": "Malware payload (Heodo)", "value": "040dc8220adb16689828bdacb9c8285c", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955710, "uuid": "8e17e2d6-d1d2-4002-925f-ea2722bda4f2", "comment": "Malware payload (Heodo)", "value": "2e2ca58c195735be41e0b8226fc076c3c44999fb1fb00ec2046f16fc6d7c5bbb", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955710, "uuid": "fcf949bd-50a3-4866-8362-4c6ac372c213", "comment": "Malware payload (Heodo)", "value": "2d131f062ce4bda62c5ac3c0d444b84393905e08", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955710, "uuid": "187d2cff-cd62-4e35-9f1b-62d2a5b9e4b1", "comment": "Malware payload (Heodo)", "value": "170a462468896fee9c3a261a8050dc82d66bcc5436ef85d3c7e0d96bbacdef7ee132072b90210716746b6b215080ab07", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955710, "uuid": "2cebda53-1401-4bbc-becb-210efe3e8022", "value": "T188D41A30BD5BF0F8C48A1BF46A05CA59620B7EA05625B0A372EE774D6F321334D39796", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955710, "uuid": "8c38b078-149c-4e8c-8b56-1bd4ae829378", "value": "b193e4975b360aaa9ff34a6f93823ae8", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955710, "uuid": "32f55534-2f67-470d-8a48-d977e3acfd25", "value": "12288:ZxpNJJJ2NHPoczJbOtIhxf3foRXIa5EPwvA:Zx2gczJbFf3fnaFvA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647955710, "uuid": "3fa6241e-55ef-4719-bf72-d2076cc735cf", "value": 618496, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647955710, "uuid": "5890b8dd-5af9-4375-aee3-0e0cf222d4d8", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955710, "uuid": "2b3c2e3e-5e47-4054-b912-fbdcc4102697", "value": "2e2ca58c195735be41e0b8226fc076c3c44999fb1fb00ec2046f16fc6d7c5bbb", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b836defd-aa14-11ec-9275-42010a9c0029", "comment": "Malware payload (RedLineStealer)", "timestamp": 1647976650, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647976650, "uuid": "73285cd9-4f27-43ef-baa7-88e51a9b4825", "comment": "Malware payload (RedLineStealer)", "value": "e175a3e80764c4da8d17d9a8161fdc69", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647976650, "uuid": "2524c433-a4a6-4c9c-9ee4-b1c28dd8e468", "comment": "Malware payload (RedLineStealer)", "value": "2e63e24550755b48cc2dee5b294825c1e6bbe5c943801226219cf0fa90fe49b5", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647976650, "uuid": "07a98df2-1a3b-45bb-a591-39ba66b08b3f", "comment": "Malware payload (RedLineStealer)", "value": "62e97cb24de9b14d6b59ff57fe244d27eeafba4a", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647976650, "uuid": "0b848dc5-9301-4214-8a35-d9f3585296ef", "comment": "Malware payload (RedLineStealer)", "value": "b08eba61866375563333fb4e1e3a54cf59444daa25a7c4d05b319a49cb13c8f8373622055e8d3ca81867cc4e0fc3c7e8", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647976650, "uuid": "38df7ff1-70ef-48d9-b877-e4f90f148d28", "value": "T1761633CB22891C02C6E75EBC9475E3F3A249E97CFA83C5FCD34756A9098C0DA5D4942B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647976650, "uuid": "a12b5c35-4aaf-4d28-8f2d-c1f9b483b0d6", "value": "445554923421947cbff896012e27345a", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647976650, "uuid": "c3edfcc6-0319-456f-a884-8545548f18dd", "value": "98304:mY5YU/428+vRENCxsB5kghOdw5FStZEO+aasffW1BpspQvOtr9equXEmXM:mXU/428aVxsEtdw5FOt+DgfWiQkequi", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647976650, "uuid": "f392252c-6f76-44ef-b57f-dd8811186f5e", "value": 4152984, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647976650, "uuid": "0831f802-e3df-4561-b19a-5e1e61efc7db", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647976650, "uuid": "235c39e5-d3c7-4ef0-b5f4-6ffc52e85df1", "value": "51574777.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9b0329d5-a9e1-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647954697, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954697, "uuid": "94b0a83e-17b9-455b-af79-a7af9726890e", "comment": "Malware payload (Heodo)", "value": "42bbffa1cbc53bc6fbcbc109530dae8e", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954697, "uuid": "e1dee457-6737-4790-85db-9277cc3e2f36", "comment": "Malware payload (Heodo)", "value": "2e667f2124c417c5afb82e6712f6e735305bc5080d7e203bfad206e388c40485", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954697, "uuid": "2f138f81-e33e-4236-b558-b796b977f179", "comment": "Malware payload (Heodo)", "value": "328c0514973564961c6e6f3f2f4c69813164a200", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954697, "uuid": "8acaad85-69f6-4e32-90a5-4a436a30f23c", "comment": "Malware payload (Heodo)", "value": "c96f41fe8ce613f67dc257fb258d629bbaf6a1cbb8410edd07aa180991f19656cb329d667f461db82217b6c7441284c4", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954697, "uuid": "c92c982c-ea0c-445d-9f48-6642de5532ab", "value": "T150B40706B152B13DC24BD0B96E0167A951AED9FD0BB137A3AFA813CC06A34D5735DBC2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954697, "uuid": "85bb8202-4e58-4600-9298-d0bdc9c4214c", "value": "42fe0d732d1bb90c6a7a1bcfb8ef88aa", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954697, "uuid": "f9abd81d-e904-479f-ad40-287d1fdc004f", "value": "12288:AASStHx1vVHO+1Hx54dg0p9n4WNL7XE0UdX:ecHfv4qx8np9l7XE0", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647954697, "uuid": "b8199e4e-02da-40ac-a9c6-40f0a1dd7a6d", "value": 532480, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647954697, "uuid": "93ae3d32-6884-4eeb-855c-1629a66f36bb", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954697, "uuid": "1571de4c-a6f3-4056-8286-f43b0fd830c1", "value": "2e667f2124c417c5afb82e6712f6e735305bc5080d7e203bfad206e388c40485", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0559b00e-a9e9-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647957882, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957882, "uuid": "44069ea9-abbd-41ed-89d5-623692bca1d5", "comment": "Malware payload (Heodo)", "value": "606000f5fef73b60b35a2f3cf437e2d1", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957882, "uuid": "16cd1ca5-6dc4-49e7-a58f-1bcb502c4ba0", "comment": "Malware payload (Heodo)", "value": "2e7740a8c20fb88c54b4a209a6a4fdac6e910ac426eb7d638f9784b90be25858", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957882, "uuid": "d3fa5c27-b567-4929-b8dc-dfdda9d691e2", "comment": "Malware payload (Heodo)", "value": "ea07a134378dad6fd933c60fe1ee0e62df53e07d", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957882, "uuid": "4984803a-c3f3-4d15-a17b-cbf8cfdc55c5", "comment": "Malware payload (Heodo)", "value": "c8a221178bcc9037278057945f4bb977d1b3598f313d403df3c02de204faaa0633f00cbb62bd0da91e1f6db736e46df1", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957882, "uuid": "e15bd354-d924-46af-bce1-166c87b880e0", "value": "T173059C596B46C0F2C3B53CF0182A42B11D9AFAF2C7B7023B9E84167D9A70DC17768D5A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957882, "uuid": "238f7a8e-db02-4024-898b-99000aa1a4c0", "value": "cd97bd977cef263c697f451ae2c47380", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957882, "uuid": "57e80e6e-9e83-47c5-87ef-8a063b482669", "value": "12288:V20BXOMcVzpWfmmnDDbX5P8fMYsvFE6NKGfLjx8QvbxafqNPOd4jy:V9XOMc1KmmDnX6svFEDGloyNPOO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647957882, "uuid": "80bc2837-d32a-4800-b098-2b604dcfd117", "value": 799232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647957882, "uuid": "4f9ef6ff-ba60-4c06-83f9-c90b19735974", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957882, "uuid": "74df0980-5d67-48b0-b652-60fec1948c58", "value": "2e7740a8c20fb88c54b4a209a6a4fdac6e910ac426eb7d638f9784b90be25858", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c1bc318e-aa14-11ec-9275-42010a9c0029", "comment": "Malware payload (RedLineStealer)", "timestamp": 1647976666, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647976666, "uuid": "285c2fb4-161f-4003-be05-074fe85b30fd", "comment": "Malware payload (RedLineStealer)", "value": "521329a48194395bc4e4996d7e72cc7d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647976666, "uuid": "088ad972-117a-40c2-9483-659767b3bba5", "comment": "Malware payload (RedLineStealer)", "value": "2e796a20a4ad603f480b4640d119e26885bd27109fb7835b7ea99a7b24e435ba", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647976666, "uuid": "70c0e16d-ce40-4656-9b99-37cdab74f1aa", "comment": "Malware payload (RedLineStealer)", "value": "8946321a13d1783d3bf110c6ba6065125a2a6dde", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647976666, "uuid": "c8d2fa5b-ffef-443c-a58d-0033c679cc63", "comment": "Malware payload (RedLineStealer)", "value": "2aa758f73b58a8f62ea6c496e264635ff7dc510b4cdfc3d73a655af18ad664529abbeecba0ad29c0e0d5e2db60903b67", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647976666, "uuid": "24628492-461d-40d2-95d5-8803c06679af", "value": "T1013633E55784988CC76D19FE262F6E9C5B7D3EC1B2C42A4586F18B02FAF2BCE112501D", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647976666, "uuid": "824cc0ed-394b-4e02-ad13-7cfd88c7ae0a", "value": "fddc083fa31a17c938d0a17ec7cd3025", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647976666, "uuid": "8c79c436-6fe6-4dd0-9b91-3f3372ef89d9", "value": "98304:etwQ7YutE8ooyPlSV2BnE3rQ7p3pypYTAbQgyD/mXUnE6fPQsM:e/7YKE8ojtSsu3r8p3UpRcreafPZM", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647976666, "uuid": "42badce9-338e-4600-a0fd-e9644ab69179", "value": 4874392, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647976666, "uuid": "82cfbf5a-e405-498c-85db-589b38e09f75", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647976666, "uuid": "3d7ec950-2747-407f-ac75-de657e7fddab", "value": "51729572.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f573adac-aa10-11ec-9275-42010a9c0029", "comment": "Malware payload (AgentTesla)", "timestamp": 1647975035, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647975035, "uuid": "3dd814c5-2853-4cb5-886e-aac98d172fcd", "comment": "Malware payload (AgentTesla)", "value": "e51980e4442293932c45ecec9839bac0", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647975035, "uuid": "f5460a0e-8f38-4697-bb6a-ef2959199ce7", "comment": "Malware payload (AgentTesla)", "value": "2e8205a8e39f86f270acec82fa8c714a3561ca6fa581a8ad5b7f59ad46fb50af", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647975035, "uuid": "44bdafea-00be-438a-97bc-d7e0b31d6830", "comment": "Malware payload (AgentTesla)", "value": "c35abc897f2c5fcc9113ea17adeaaef707334ce9", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647975035, "uuid": "b5f87e32-7df8-4a30-8892-f47ae41b6a28", "comment": "Malware payload (AgentTesla)", "value": "42381316fda5a4a1cbfdecc42f041495979c5c5f6473da536f10f4dd1cecbe6e7f7830366be76fed9196def06a9c3a67", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647975035, "uuid": "57a20c95-653a-49a2-ad6b-003c8c05b864", "value": "T1D9352336B72AC636C5CCF27681E6A0C607359B977163EB8C6CC8E25C0A47341775B19B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647975035, "uuid": "e9b04f4e-79c4-467e-b88b-5b2e2a620aea", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647975035, "uuid": "44eb1951-8716-4944-9a54-7964aa131a08", "value": "24576:UbCo9G8aCYWAz1/rZR/cbydZDFEKhms3UXOOHKCxIQH2C+vQ1UsU:UbCAG8aCrAxrbcedxFrmHACx9WC+vQ1u", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647975035, "uuid": "bf99b590-6342-4c39-a222-b31bd5fa9d8a", "value": 1093120, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647975035, "uuid": "48481f53-03fd-4ebe-bc1d-b00f9b05e82d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647975035, "uuid": "ff73d575-585e-4889-a3a2-8a0244f9a874", "value": "e51980e4442293932c45ecec9839bac0.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9d59649e-a9e1-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647954701, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954701, "uuid": "b14d7d95-c393-46b6-a72d-6ee5742e2cbc", "comment": "Malware payload (Heodo)", "value": "846bcee7adcb6e2c01a1de7d59287225", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954701, "uuid": "484326de-ce14-4391-b87d-44a520d0b47f", "comment": "Malware payload (Heodo)", "value": "2ea95eb0ce634fb10b9677e3637b504f28b09175f57c9bcda7e35c5a56750831", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954701, "uuid": "00ce95db-a2ca-4a27-9c07-5d40a5bcce5b", "comment": "Malware payload (Heodo)", "value": "0c0adf545136dcd3f35ed4129bc9d2243cb54fda", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954701, "uuid": "229dbf82-415e-4529-a4c6-2d0e27551f32", "comment": "Malware payload (Heodo)", "value": "a41dbf56c49a5b438e5c2d9e62f5743359ee36d61f13bf678e222c106fb05080fcdba3d35d2e0c8af5a1f090a02a56e1", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954701, "uuid": "705f229e-1fa1-4ae6-8448-71490688b906", "value": "T194B40706B152B13DC24BD0B96E0167A951AED9FD0BB137A3AFA813CC06A34D5735DBC2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954701, "uuid": "d483d294-ed97-4af2-84e2-1c17a97a2e67", "value": "42fe0d732d1bb90c6a7a1bcfb8ef88aa", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954701, "uuid": "77bac789-1431-4aba-af3d-e5a0167be574", "value": "12288:AASStHx1vVHO+1Hx54Lg0p9n4WNL7XE0UdX:ecHfv4qxSnp9l7XE0", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647954701, "uuid": "76397935-6539-43e1-8c2b-995eb0c32338", "value": 532480, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647954701, "uuid": "dfc85dd8-ef37-4b8a-be39-e53d167e36fd", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954701, "uuid": "d314bc0a-281a-4ea4-b30b-d63c66d365b6", "value": "2ea95eb0ce634fb10b9677e3637b504f28b09175f57c9bcda7e35c5a56750831", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "88f53f36-a9e2-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647955096, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955096, "uuid": "ab5282cb-ef73-41af-af9a-30d2d8b59ae6", "comment": "Malware payload (Heodo)", "value": "68bcf24dcbff8ca9700890bddd2a18db", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955096, "uuid": "c4eff6a2-18db-46f0-b1e4-be968ffc0902", "comment": "Malware payload (Heodo)", "value": "2ed1bf7d3247acb06b835c8f27a760f4cabf1951bc6f6a4279eafdc8fce0f1b3", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955096, "uuid": "021e2714-823c-404e-bbb2-f18f19f5f8d1", "comment": "Malware payload (Heodo)", "value": "f479f04d35164351213f522e00f83d2e47ff6bda", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955096, "uuid": "e754545f-d41a-4411-b1cf-479338aa26f9", "comment": "Malware payload (Heodo)", "value": "aa837024154a90f7fd4e88357e3680452c900974018ad9ca77e657bc0bef1bb99d143791b18ce244b98030953d864105", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955096, "uuid": "e8a9fac4-6e0f-4810-9e85-297e2fd837ea", "value": "T13ED41950735AE1B7D0429CB58D1A82B5A90F6CA14A2471F3BBDE371DEB789B017213CB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955096, "uuid": "dd8d7eac-d45d-4a51-99ef-6fdd2bf38179", "value": "463401f61c44b0d918f1e23374db995b", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955096, "uuid": "f70636a2-09ec-4482-9bf0-fbe778e168aa", "value": "12288:DjN/Z2wkRrA9CRDC5ElAjHDsndSyHOrNvEP0Oua:dEHR+CR/yfsMyHOpJL", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647955096, "uuid": "355795b3-a29f-45c2-9bc1-045b88faeef3", "value": 613888, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647955096, "uuid": "b2a071dd-dc6d-4ffb-adb5-a8e66fd14878", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955096, "uuid": "2b26e691-86c3-418c-a300-37cd08537330", "value": "2ed1bf7d3247acb06b835c8f27a760f4cabf1951bc6f6a4279eafdc8fce0f1b3", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7260746d-a9e3-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647955488, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955488, "uuid": "f1398c19-e38c-447f-a945-95d502c45ab5", "comment": "Malware payload (Heodo)", "value": "4c704972a8fb1f9a88317c1a9c2b3adf", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955488, "uuid": "8a2af801-b66b-4037-a918-51b936fe60ec", "comment": "Malware payload (Heodo)", "value": "2f27fdc9ecbc08500729ac6055b0c9cd37f6014a1f0b690cc16f2c24130f6c65", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955488, "uuid": "f483c35d-bf68-498b-b1b3-112e5bab8948", "comment": "Malware payload (Heodo)", "value": "f25698ee00770df8063cfe4361e0eca87ec773c5", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955488, "uuid": "959e2744-3e0f-42ce-bb3c-9464733f1a04", "comment": "Malware payload (Heodo)", "value": "d57fe0d48b2752b6c251641c741e1553035d24c8d2bd0645757fe00597366c355b7957d8e9e77bdd3c4c62f920390f3a", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955488, "uuid": "cc9e8cb0-db13-49db-94fe-84dc417a1996", "value": "T103D46B03BFD3F0F6C12F0F394505D608989A7EC6A62A45A3539C6B9FED670138D36652", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955488, "uuid": "cf790856-3db0-45e0-9814-aaaad433bb9d", "value": "987fe31a9a4cd6eac4ce656a05c3724c", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955488, "uuid": "7aef0177-f880-4221-87b6-5d56ddfb2e87", "value": "12288:QXvRLpX4HMAus65rnxMxWXb6Sw5BxfmRgnI:Q/Rt4HMA+rnx2BlmeI", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647955488, "uuid": "c5dfa218-e18e-4326-b7fd-dbf2a594ab32", "value": 614400, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647955488, "uuid": "92732c70-7ecc-4ab3-a12b-027bc9bf022a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955488, "uuid": "04d5e8ac-f214-4356-91f0-7df69efb760d", "value": "2f27fdc9ecbc08500729ac6055b0c9cd37f6014a1f0b690cc16f2c24130f6c65", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cd73f932-aa05-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1647970244, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647970244, "uuid": "fd1997bb-ae33-400c-a3c5-fcce27c7deb0", "comment": "Malware payload", "value": "d137187d576f4358eb1964685d39d545", "object_relation": "md5", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647970244, "uuid": "ff6c1b5c-7539-483f-804c-9d9aae2c8f81", "comment": "Malware payload", "value": "2f2e6abb6e3f4f86677555aab7a9ea4c6bb71797832d81623e9c2f59a7710a35", "object_relation": "sha256", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647970244, "uuid": "e8ebd7ea-be3d-4c4e-940c-dae4e30f772c", "comment": "Malware payload", "value": "94a3e67075fb4f098dace01ef582f3680832cc9d", "object_relation": "sha1", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647970244, "uuid": "33c9be3d-3448-463b-a349-791350f46d50", "comment": "Malware payload", "value": "43eb883433b5e48c33f635802a2a561613f9ecb45a5aabec00bc27425ce1b8300afcb9c9a2efde5bff3a35708ee925c4", "object_relation": "sha3-384", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647970244, "uuid": "fc26e456-703e-4b1c-aa29-45f04d9610c7", "value": "T12453A0F027D46CD1EE9E6687A1789E9C233121B7E98A15CC205DFFD81B67341CA0E887", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647970244, "uuid": "5ff9d551-c3a3-476d-942e-a7e5a1f216bb", "value": "1536:C+RATwRAxr/TB0vzB0fRuBIrNCL1HWjS6hoNg//0zlqmZNU/Z:tmxu02MYl9NU/Z", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647970244, "uuid": "596efa71-116d-4c2f-96a3-f0f1a7fcd5ed", "value": 62383, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647970244, "uuid": "a874582d-22b0-4637-97ae-5ed503ae1235", "value": "text/rtf", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647970244, "uuid": "6cc750fb-9fd8-4d49-86de-890ebc9b0794", "value": "Purchase Order - 13485508.doc", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bba287bf-aa10-11ec-9275-42010a9c0029", "comment": "Malware payload (Formbook)", "timestamp": 1647974938, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647974938, "uuid": "a09b1f0b-5e72-422c-8e98-06c3510426ce", "comment": "Malware payload (Formbook)", "value": "4b5652391f647d57a6e592ac5319e8de", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647974938, "uuid": "8a7a8b8c-6619-49cc-a999-7acd374c968f", "comment": "Malware payload (Formbook)", "value": "2f47cecb0ac0c17ad38f1e8b65e4bbb7180d87d750ed7e93ce9fc5db11e5cae5", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647974938, "uuid": "b911258f-f663-45bf-b09d-537f8bd18072", "comment": "Malware payload (Formbook)", "value": "10293fa919e4ee560d1d075fe5c68b2dade96552", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647974938, "uuid": "ecd363e4-c49c-4ce4-a223-8156c7e0a7e7", "comment": "Malware payload (Formbook)", "value": "4ef44719313e9ac20dce46c3fe1a69ab84eec1331ac97e77c8ddb0fa6fd88e885b08fe5843912b2a3a40d62ad166daf2", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647974938, "uuid": "6a40e341-d60d-4242-aa58-6777cf130d84", "value": "T14D341283A395CEF7D6521832B4FA66B7C77BE10C42989F2307B0926A6E671F70601177", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647974938, "uuid": "518d05a7-518e-40fd-a1f6-6b33f97ac276", "value": "7fa974366048f9c551ef45714595665e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647974938, "uuid": "d3d6310e-5532-4f09-ae63-0fa85f1d615a", "value": "3072:rS17XJiDxmJJ7kK26axD5ma04mso1puiVwdijTTACjxtzBwKoEsmAEzMdNb8Uu6q:rGiGBYy4K/u0g2TPpSUsmFzWDDofXzD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647974938, "uuid": "a359f30f-0b9f-4afa-9e64-871bb04d8899", "value": 248962, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647974938, "uuid": "76050b77-aca5-4f64-9f61-7adb7a80bd9e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647974938, "uuid": "ee739ebd-fbc4-4877-9c9d-7aa2818d9e5a", "value": "4b5652391f647d57a6e592ac5319e8de.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e50a1132-aa1c-11ec-9275-42010a9c0029", "comment": "Malware payload (RaccoonStealer)", "timestamp": 1647980162, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647980162, "uuid": "b47c719c-5587-4a5d-aa89-297acb93241d", "comment": "Malware payload (RaccoonStealer)", "value": "d9d7cb2bcca00426ffc3c4b6172e0e1c", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647980162, "uuid": "b045d7a1-a179-4832-a0cd-76d4a691dfb9", "comment": "Malware payload (RaccoonStealer)", "value": "2f4d23f1d9f7cc7f090eeb0c6a9c459cdf94db5739cff072f848f9bc9f7358f7", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647980162, "uuid": "86aff664-bcb6-4a84-b8bb-96fa9065c61e", "comment": "Malware payload (RaccoonStealer)", "value": "80f7632865e062ea711d81c4f80ab8fca19a63aa", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647980162, "uuid": "cea738cc-7be6-433e-8a87-8b9003a4ef64", "comment": "Malware payload (RaccoonStealer)", "value": "5fd39238e1bb7e2595af1cac85ae018f28a117cb2b5623c76c87476a2a10b8592ebd4b07cdbd1d93bca2e6d8af5b9660", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647980162, "uuid": "fc0931bc-a3d5-4ac4-bdf9-42585b7a6769", "value": "T132B412A07B21C277C5913431361A86B2553EFC7162E1F9477B621B6E2F702C2B676B43", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647980162, "uuid": "12af8160-04aa-4ea4-9529-c9a98f12a98e", "value": "9b5dd8ae6c49e5fbd407dc1f346434cc", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647980162, "uuid": "07a0368c-6bae-416e-a66c-bdb93d802d2b", "value": "6144:LxVKXHqcatK7FPa4RX0R6vGPWWrdbBfxNnVTbDVQSWYgwkw17:LxoXJatK7FPasXsjuid1fRTbDVhUVw1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647980162, "uuid": "feece705-5489-4088-954d-862e654e417d", "value": 525312, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647980162, "uuid": "a956aafb-5a7c-4122-a39c-f125829b33cf", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647980162, "uuid": "2fc44066-812a-42f9-83ed-ed70f17b8edf", "value": "d9d7cb2bcca00426ffc3c4b6172e0e1c.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5f32f210-aa04-11ec-9275-42010a9c0029", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1647969629, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647969629, "uuid": "aa1cc96b-d5d8-4969-857f-4a42fabcae09", "comment": "Malware payload (SnakeKeylogger)", "value": "898bfe39da386b8883aad8a5d50fdc36", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647969629, "uuid": "3452c59f-44d4-4dd2-ad6f-8953d25ca99d", "comment": "Malware payload (SnakeKeylogger)", "value": "2f6494f24666fb1ab5fb211ee4b41d0fd370535a111fa1f81878371b96a98c80", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647969629, "uuid": "2774c5b0-55f4-402c-8178-2883eb459650", "comment": "Malware payload (SnakeKeylogger)", "value": "21cb8e4dadc44eff4938f7daf67de8afd5fc0c31", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647969629, "uuid": "c199c767-d52a-48d0-a7da-12395586dd37", "comment": "Malware payload (SnakeKeylogger)", "value": "f55efeec33668b506d614bf782a8f9a9eb0e3c633462d53ad9bd0d384af5a4f730820c1aa4b69f36525d736d8d9ec821", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647969629, "uuid": "0078592f-85da-4f3c-8c1a-6f7ee50a69ac", "value": "T1B22523E6766CEFA1C27E17B012B0254147F915890C16F39E8D4B25FF86ABB80B772247", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647969629, "uuid": "e2281ab7-8855-4603-aa54-c54e1df4625f", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647969629, "uuid": "92c22f78-8b54-4ac0-ac8f-5a67cd175d45", "value": "24576:IohvKc6GLfwZlOA9VlYv2DrBiATx7crKo:IohySNcVKvCT9crx", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647969629, "uuid": "366fc0f8-10d3-4e72-8c8b-0168ec19e80c", "value": 1046528, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647969629, "uuid": "fc83d660-74e0-4fab-b802-cfd49f9592d2", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647969629, "uuid": "d700c814-2109-48ac-876a-eade3b466a56", "value": "OC 502918374.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ab1c16c7-a9a0-11ec-9275-42010a9c0029", "comment": "Malware payload (Formbook)", "timestamp": 1647926807, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647926807, "uuid": "c9123e0b-73a8-435f-9587-3dada387fe68", "comment": "Malware payload (Formbook)", "value": "f5bbbcb1e8ab3c4aaff2c85992ba5d1b", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647926807, "uuid": "2a23d298-c540-4852-b262-61d442a221ed", "comment": "Malware payload (Formbook)", "value": "2f769789848c3e7e7492ad889d72f0087633418aa8368fcbfa63bf2dc31bfd1a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647926807, "uuid": "807c8649-2e2d-411b-bc5a-0e249ab3207c", "comment": "Malware payload (Formbook)", "value": "f776923488d99b5bb6c9ba473f00475e84934d0b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647926807, "uuid": "812cbe5c-14a2-4be9-adae-11b96da993ec", "comment": "Malware payload (Formbook)", "value": "e199a7863fcb3fca69ae3dbfb5a3237c1157bef2a2a26fd7f28c98583fe86c1a87226b01b801712fcb24f4ad2f867ac0", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647926807, "uuid": "7cc939eb-1053-4d55-bc9c-2a0300759569", "value": "T11534DA07B94485D8CE7945FEB1078190B7C9DCBED288B60CBBC973A34EE16A11D26B17", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647926807, "uuid": "34924783-6d24-4d75-8ac6-a2e5c17faa9d", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647926807, "uuid": "8101f543-ef6d-46df-adbc-06a85ec836b3", "value": "3072:FbV7uvfL1Qdtk5KGzBivpf0AdlLCv8UEKhwaqKnoVEfr:FbK1QdtzV0qGqKoVK", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647926807, "uuid": "fd567773-f2e8-4caf-81a3-2b937dfbdb68", "value": 230400, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647926807, "uuid": "db3ce31d-cfd9-43c1-9675-400bd1db90fb", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647926807, "uuid": "b984c086-49d4-4252-8d13-d5fa5bacc0e0", "value": "TMB-CI2006-003 MB-CI2009-003.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9ffb681b-a9e1-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647954705, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954705, "uuid": "df7ef5fe-53f4-4455-bf68-1c45720c5049", "comment": "Malware payload (Heodo)", "value": "76d42ceae51ed1f641b4281c4c11ef6b", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954705, "uuid": "5e74c449-9e75-4197-ad89-bfe5f2b7a0fa", "comment": "Malware payload (Heodo)", "value": "2f9164f82cc77733037910d4189409080da142773595b6b385a5b90ca8ae88ae", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954705, "uuid": "35e356b5-e20b-4dc8-8200-25fe3eccb209", "comment": "Malware payload (Heodo)", "value": "2729dc7d15961750bc43719e63b13f75cc2daefd", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954705, "uuid": "6bf80b84-ffdc-4317-b398-4447ae71584e", "comment": "Malware payload (Heodo)", "value": "34022d8d7d48a6268f00804377c02da321d121e32732e00f756b489a8743ae7917113b2ef8cfdbba46ba7bb3da286d92", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954705, "uuid": "d44d1589-e469-4f40-8601-45a8015902b2", "value": "T1A3B40706B152B13DC24BD0B96E0167A951AED9FD0BB137A3AFA813CC06A34D5735DBC2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954705, "uuid": "0249c2f9-f72f-4653-a1a9-559450f2c539", "value": "42fe0d732d1bb90c6a7a1bcfb8ef88aa", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954705, "uuid": "46fa33f0-e478-4009-8b88-bd1bd9e2a6d7", "value": "12288:AASStHx1vVHO+1Hx54Ug0p9n4WNL7XE0UdX:ecHfv4qxBnp9l7XE0", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647954705, "uuid": "1eb268ff-f2bc-4b7b-9895-a9f571f272fc", "value": 532480, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647954705, "uuid": "1b2e536a-7fe8-4fab-b392-8fb185c09ac5", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954705, "uuid": "4489fdcf-38d8-4eae-a5b1-21d54b9eb86c", "value": "2f9164f82cc77733037910d4189409080da142773595b6b385a5b90ca8ae88ae", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8f73de07-a9e2-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647955107, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955107, "uuid": "29463df3-aa94-448f-aa6a-f0bd184c9bc7", "comment": "Malware payload (Heodo)", "value": "48bba8b26c6903e65ec0159ad619a337", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955107, "uuid": "cea12c18-7f40-4fbb-bead-1fabc67e7e31", "comment": "Malware payload (Heodo)", "value": "2fc242cca75154bc68e6c8815f2f2a5e6d102113c25698fe8a6425b89094dd69", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955107, "uuid": "14910bc8-90e4-4574-b76e-5a5ed06408eb", "comment": "Malware payload (Heodo)", "value": "a250eb855bcaaed639e1d4ce447746c89867bbe3", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955107, "uuid": "a2f96d38-c021-42bd-89b0-a7ea508cb1a1", "comment": "Malware payload (Heodo)", "value": "0e021d1d8347754773a1825017322ee7f1ad2de96536e2e0f87f20f2b5378720bbec6d6c20079397a8bfe8646e1bae0d", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955107, "uuid": "929132b7-330c-425c-9aa4-c7f4c351aa75", "value": "T1C2D41950735AE1B7D0429CB58D1A82B5A90F6CA14A2471F3BBDE371DEB789B017213CB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955107, "uuid": "1c4d23ab-0f2d-4cff-8b55-0898026da3ea", "value": "463401f61c44b0d918f1e23374db995b", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955107, "uuid": "b5344953-e4c6-496c-b17c-4ef6bb6eab20", "value": "12288:DjN/Z2wkRrA9CRDCqElAjHDsndSyHOrNvEP0Oua:dEHR+CRuyfsMyHOpJL", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647955107, "uuid": "d0577110-36ac-433d-ba95-57a587aaec80", "value": 613888, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647955107, "uuid": "af078619-bfb7-4c3e-b7f1-74e31c6a2ca4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955107, "uuid": "65374378-72a2-4ab3-a016-b6155ccefcc0", "value": "2fc242cca75154bc68e6c8815f2f2a5e6d102113c25698fe8a6425b89094dd69", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5a350add-a98d-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647918511, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647918511, "uuid": "fc8a6cf3-9912-4d12-a3a1-42eebd738acd", "comment": "Malware payload (Heodo)", "value": "3f0e6201527cda231fe9fe7f9691c77a", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647918511, "uuid": "346f88f3-9448-426d-9359-a0b4dd064652", "comment": "Malware payload (Heodo)", "value": "3001708e0cdf2f0989a0754510c24250aa9c02e7a74310add33adb4699c1d61c", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647918511, "uuid": "1c90a60c-21a1-4ff2-8b67-0fd4d481cdb2", "comment": "Malware payload (Heodo)", "value": "20a7f7b56051bf426dcdda09db41adb28d6b4297", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647918511, "uuid": "09751b6c-b99f-48ef-a991-6ccfc87114d2", "comment": "Malware payload (Heodo)", "value": "130a2f62b43a9eb565ab110c314b80f8041e821d3c04752db24d922a08a5f5d39731f222c57671783a9b68ee18c21f75", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647918511, "uuid": "956edf7c-fa26-452d-9794-94547c2626cb", "value": "T16CD45A3073A2AD35C3E6627A4FED939509EBAD604B3241BB727D756D49334C20F70A29", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647918511, "uuid": "39cec9a7-219f-4541-bde4-1ce503247a6c", "value": "bb2e319682f72745317e92a26483f973", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647918511, "uuid": "5221651f-e853-47c5-a708-466b7c29ddca", "value": "12288:J1U8sNY8/z0rYebzwdoCoGEAbcVBLku8w:oq6z0rYcMdoVGEZBLkuF", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647918511, "uuid": "a316deba-70b4-4cea-9aa9-028214b2073d", "value": 622592, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647918511, "uuid": "075241c0-56d8-49d0-951a-2dde7140e65f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647918511, "uuid": "f52721ff-cd31-45a2-986c-2ac52fe51b50", "value": "emotet_exe_e5_3001708e0cdf2f0989a0754510c24250aa9c02e7a74310add33adb4699c1d61c_2022-03-22__030819.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "dc2a92cc-a9ea-11ec-9275-42010a9c0029", "comment": "Malware payload (AZORult)", "timestamp": 1647958672, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958672, "uuid": "a547d16d-694d-40d9-b4be-9911806555ad", "comment": "Malware payload (AZORult)", "value": "170f2f204584c4037c240c06ef116644", "object_relation": "md5", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958672, "uuid": "bc3b8a64-d10f-4ad0-b647-6864aa23d723", "comment": "Malware payload (AZORult)", "value": "3032fe1f3ccba6331c1f3efd27b12672be276656e86435942874dc41f17ef0dd", "object_relation": "sha256", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958672, "uuid": "02c15bec-0777-40d4-b8c4-0121d1e1c885", "comment": "Malware payload (AZORult)", "value": "4b83b83a819273ba2bd875b022fb6632b5042f61", "object_relation": "sha1", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958672, "uuid": "804a2637-3fe0-4f2a-8a62-731381b15719", "comment": "Malware payload (AZORult)", "value": "18b86611f542e58570c3e4758ce38a903ff2ca02f3c30a241838d48b82a76356e7d0520d95c50d5ce572560da0574323", "object_relation": "sha3-384", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958672, "uuid": "6f0bd973-4eae-4146-adc7-2feda543d870", "value": "T11044DF62BB71D836C47608353826C3B15A3EB43205B5C947BB59EB6D4F313D2A6BA307", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958672, "uuid": "644b6e4d-3221-4b6e-92a1-0d1e2ff58e4b", "value": "9961a441bd45a012df9cb046f9dfd5d8", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958672, "uuid": "eb9a47c3-1abb-4a39-938f-03cf8f975540", "value": "3072:LZWRXo9357AORP09jPd0hqUy33VuE/T0QXyZ50GYr8C2B:dA493S6hqR335VXDr8N", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647958672, "uuid": "34cb6be9-2d58-4b74-84ca-d5f742e9280b", "value": 267264, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647958672, "uuid": "933b3b69-b914-49d8-84db-440f77382f25", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958672, "uuid": "cfad3cab-a640-4419-be95-60bbd6bb76cb", "value": "open_2022-03-22_08-08.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8312d252-aa3b-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1647993312, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647993312, "uuid": "dca7ac26-1f94-4f5e-ae00-023fe608192d", "comment": "Malware payload (Mirai)", "value": "b98dc931c4fc4d0f4bc10d8a92fe523f", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647993312, "uuid": "ea8da219-1730-42dc-ab50-dc3801678e1b", "comment": "Malware payload (Mirai)", "value": "306034702c85e03da711580125b2582f5e98062992a9e355ee4d88028384ae60", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647993312, "uuid": "d4b0e036-cfc2-4b45-bb65-3f71b8ba4c32", "comment": "Malware payload (Mirai)", "value": "3f6842ff8c5b660bad46a63bb1d5629016016e90", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647993312, "uuid": "bf53934e-b672-45d0-aaf2-e2001b006e7d", "comment": "Malware payload (Mirai)", "value": "526a6acf4aeec12da8cac3cf0eacd18fbd75eb3c701dc72658b829062f98816374d5cc3b4c02dd3dc89cad5a83167b13", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647993312, "uuid": "012c7bf4-8a72-4eb3-8133-8d36f440e4b2", "value": "T14CB2D01AC0AE2E70FEEB7D755D41E2817BA19ADF7A61CDC026C15B010322D681F98AD8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647993312, "uuid": "c1f7135c-796c-4366-807b-cd60059a6d78", "value": "384:2OA0AeimAzNCdvw1PwIWWtKfz9VuBFoeIoA8FXw2t7tTmojIoBhVM4uVcqgw05Vs:2AApCdvwJr69VJoA8FZtxCo8KM4uVcqf", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647993312, "uuid": "b7c10986-8668-4cd1-b6f7-a7ed0f0fc928", "value": 23936, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647993312, "uuid": "36ef9045-e49a-4781-8c78-fa18d597ccee", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647993312, "uuid": "627c8024-db40-4e72-a030-3c68c295ff87", "value": "b98dc931c4fc4d0f4bc10d8a92fe523f", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f210bd90-a9d9-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1647951407, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647951407, "uuid": "e2173aa8-4e3d-4865-9391-f3b2cc56e6e6", "comment": "Malware payload", "value": "b4f0ca61ab0c55a542f32bd4e66a7dc2", "object_relation": "md5", "Tag": [ { "name": "DoubleZero", "colour": "#331A25", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Wiper", "colour": "#614E92", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647951407, "uuid": "c0236c88-7e18-43ae-8f89-6f0fbec0796c", "comment": "Malware payload", "value": "30b3cbe8817ed75d8221059e4be35d5624bd6b5dc921d4991a7adc4c3eb5de4a", "object_relation": "sha256", "Tag": [ { "name": "DoubleZero", "colour": "#331A25", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Wiper", "colour": "#614E92", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647951407, "uuid": "e35cde0f-adaf-4080-bf2e-260ad48f3500", "comment": "Malware payload", "value": "43b3d5ffae55116c68c504339c5d953ca25c0e3f", "object_relation": "sha1", "Tag": [ { "name": "DoubleZero", "colour": "#331A25", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Wiper", "colour": "#614E92", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647951407, "uuid": "b58542c6-17ed-4583-ab42-c38be5221ae4", "comment": "Malware payload", "value": "42bca649b08e8f8f7233477fb0b110d58dbd8c0f6552e7f19967bba8dbd397f5fc104d0672fdc0105f578bb3b7fc30fb", "object_relation": "sha3-384", "Tag": [ { "name": "DoubleZero", "colour": "#331A25", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Wiper", "colour": "#614E92", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647951407, "uuid": "a8d15088-668b-4696-ab4e-fc42a8755f0e", "value": "T14E94547FFB5DA58FD8ED1EB5238813F133E9548281122E899F81CB672BAD540E58D483", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647951407, "uuid": "830ec08c-9a04-430f-870f-065d64659df3", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647951407, "uuid": "1986ef95-b97e-4911-9e4a-fa8aef290627", "value": "3072:RqhHlNQo9u9FcvhdvQTqA0UM/++NkggFUpBSAno4jWNYgt5o0S2tG3:Mt9u3YhYJPM2EkFyphCJy", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647951407, "uuid": "8685ccfe-33eb-4567-afe0-6f9df57f350b", "value": 422400, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647951407, "uuid": "b9448fc6-493a-4859-8f31-0e2cd95ad509", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647951407, "uuid": "b0ac4cd9-279c-4c68-a8ec-e5a7201e9f46", "value": "30b3cbe8817ed75d8221059e4be35d5624bd6b5dc921d4991a7adc4c3eb5de4a.bin", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8bcc7b98-aa21-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1647982159, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647982159, "uuid": "a73d1613-0baa-4442-b880-0602dce0e464", "comment": "Malware payload (Mirai)", "value": "ad37dee2106aeee7d7b4fe0156e3cff3", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647982159, "uuid": "1ed444e5-4870-45a8-b863-471f7598cb6e", "comment": "Malware payload (Mirai)", "value": "31291e4cd1878375333e0cf54ba82e37389845cc7874dccaa3fb4258695ba822", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647982159, "uuid": "51f2c28a-5b68-40a2-a31c-e4ef068ad4ff", "comment": "Malware payload (Mirai)", "value": "3d8024a6647547484a5d9f6b025e4b7c22ee60fc", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647982159, "uuid": "96c664e9-89e2-4c9c-a944-978cc912d7d4", "comment": "Malware payload (Mirai)", "value": "640bf28fc2df33f1e581ac3ee1c4eadb7eb2a958c607485cbd8fd7c8bde4a4f701f50125d33e41e3f5fa3b45cd6d61e9", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647982159, "uuid": "dd028562-55c9-44d4-a664-02554ce0988c", "value": "T1CB64D08AEE01AF21E9C126BAFE5F034973634B6CD3EBB111E920972537CA54B4F36045", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647982159, "uuid": "2064ceac-43e9-45db-b178-e567c2d06695", "value": "6144:p3lOYoaja8xzx/0wsxzSi1abE5wKSDP99zBa77oNsKqqfPqOJ:p1CG/jsxzX1abEDSDP99zBa/HKqoPqOJ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647982159, "uuid": "827e0211-0d5b-4f95-ba57-e9352d739402", "value": 307960, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647982159, "uuid": "b689a716-5325-4fcd-8ec5-84cdf0dce17a", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647982159, "uuid": "3f5d9172-9000-4536-8fb2-4e61b79ea9f2", "value": "ad37dee2106aeee7d7b4fe0156e3cff3", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e42eb1bf-a9ed-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647959974, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959974, "uuid": "6ee73a81-2534-4eb6-8f3d-cd257211d025", "comment": "Malware payload (Heodo)", "value": "182b2fe3283d48e91e240ab4eecf3be2", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959974, "uuid": "fcec8b8d-efb8-4485-81ca-5b778c87dca3", "comment": "Malware payload (Heodo)", "value": "3141258f4a84a3a41d6816bbb6ddbf08a7a3304b199e058c1beb6ae0e8985bce", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959974, "uuid": "1445d94e-0db2-40ca-9645-e97ed561d3cd", "comment": "Malware payload (Heodo)", "value": "2af57cfd0adf3d1253375602fc44fffe6dcbd364", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959974, "uuid": "b1c73a46-8064-46f3-893c-85ed800b3518", "comment": "Malware payload (Heodo)", "value": "f6409c09ebec716fc88598e28eb1b82478d3c512f011c06183400f3428749417ed8370a7a704b9c0ef38e3a7ac3ee1f7", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959974, "uuid": "f4757697-960f-48a8-8389-aa9a0b5cf8c9", "value": "T17BB4194F1E989172F0CF28776C22FB65F1EBB8009319B8116EA81B4CFB25B715961D4E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959974, "uuid": "92ce8fdf-54f4-47d0-b011-21b03a17a7f9", "value": "ea66334e3c2bfce2838f2a75dde8dc63", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959974, "uuid": "ff506c3a-f0ca-4409-b685-6c97d84d288e", "value": "6144:8JZToYE666spbEgoZhZO1tMI+rB7FNXtwN2B5mq8dbSNQ7dqNThMx:8v/goZoElF/wN2PmBzdqNTWx", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647959974, "uuid": "60fe29b2-0be6-44af-bd9b-3c7a54525895", "value": 516096, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647959974, "uuid": "2ed825ce-fbd7-48e3-9cf4-e21205bd0f26", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959974, "uuid": "7b30bf71-0174-4038-bc1d-25a420a8ea55", "value": "3141258f4a84a3a41d6816bbb6ddbf08a7a3304b199e058c1beb6ae0e8985bce", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0589f9ff-a9e3-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647955305, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955305, "uuid": "6f94da40-8f9c-459c-b708-fb52cdcc5f9c", "comment": "Malware payload (Heodo)", "value": "c556eb56ee6b3af5d7d511f3839a65cf", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955305, "uuid": "4ce23257-a33a-47c4-93b7-72694703b5e7", "comment": "Malware payload (Heodo)", "value": "31486401673c029aa610fc1bea856e9f80c58b29d5f182482b6c92eeed4f5684", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955305, "uuid": "62ff1e6d-3ceb-4d10-b626-9cbc641b3a0e", "comment": "Malware payload (Heodo)", "value": "460fd0881c4ac75c1fbc6aa8e6167af846e0f2db", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955305, "uuid": "54c3ab5b-05cb-487c-b314-a1dcb8a8fa53", "comment": "Malware payload (Heodo)", "value": "a9f75a63029c3175e4a18aca91a09b627dec746e79ddcc205d7aa3b41e4a5920210fa81e46e29223b7dcdd2f2a69a215", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955305, "uuid": "ed3861a4-e955-49a0-9109-b66e31930771", "value": "T1ECD41950735AE1B7D0429CB58D1A82B5A90F6CA14A2471F3BBDE371DEB789B017213CB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955305, "uuid": "03e7a958-584b-41f8-a2d6-40e7bb557327", "value": "463401f61c44b0d918f1e23374db995b", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955305, "uuid": "c5758aa8-3d78-4084-922f-4e57f86e4c24", "value": "12288:DjN/Z2wkRrA9CRDCaElAjHDsndSyHOrNvEP0Oua:dEHR+CRayfsMyHOpJL", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647955305, "uuid": "a1b4d222-f955-4792-b895-ac8c4122ba70", "value": 613888, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647955305, "uuid": "8603fe9e-5ffa-4dd9-ac4a-7a7bd4ae8260", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955305, "uuid": "2389807d-a7b1-4974-b43e-778ac57a4684", "value": "31486401673c029aa610fc1bea856e9f80c58b29d5f182482b6c92eeed4f5684", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "98669379-a993-11ec-9275-42010a9c0029", "comment": "Malware payload (RaccoonStealer)", "timestamp": 1647921192, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647921192, "uuid": "2db5130b-68b9-46ea-94a6-ba90811a7fe8", "comment": "Malware payload (RaccoonStealer)", "value": "33b57800cfdb2cf4fb90b12b7e6ddf00", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647921192, "uuid": "3453d1f3-0276-4369-9aec-e495066057ae", "comment": "Malware payload (RaccoonStealer)", "value": "31581bd5462402b881d915d8675facdaf35dd855834b05923e45bdc098284c78", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647921192, "uuid": "d80876c6-7744-437e-b2e6-5ce3468a5768", "comment": "Malware payload (RaccoonStealer)", "value": "bfb4b4cd84c50f81ca5b1a7928e8885b0310e009", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647921192, "uuid": "7e21b643-c8ca-4ff8-8030-63ee914294df", "comment": "Malware payload (RaccoonStealer)", "value": "e51d1655d3394b1379823dad4f2f18f46d73c5fd6fb18bb8ddc2ad07d4b3160d3103a78b5f3fcbe72760cf93e52f7c6b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647921192, "uuid": "50d383e9-fc2b-41b0-ab2d-5a902cd227d2", "value": "T145D4E040B7A0C03DE1B716F4797583AD692E7EA15F3491CB62C62AEE16346E0ECB1317", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647921192, "uuid": "bf8d03ce-25ee-42ee-a6bc-906ef8aa3466", "value": "0a6800fa47feb9ea5997b6bae2deac8d", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647921192, "uuid": "ed35653d-bc23-4131-90bd-0a6a4125816b", "value": "12288:PkZ8wyFUXYgLqTMOhSlRR8QGCzSehsjOVFCO8x7VoaFKiNdW05MDQHX:P+ogL6MAS18QGCthDWpoUKiHWmMDa", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647921192, "uuid": "ccdb3f55-5344-4d2b-8c9c-5404984aeb10", "value": 600064, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647921192, "uuid": "2807f898-bb02-4d99-8cc0-6e11d1e62b39", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647921192, "uuid": "514a231a-e1fb-4756-8240-f37cc6ed554d", "value": "31581BD5462402B881D915D8675FACDAF35DD855834B0.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ccc60fe2-a9ea-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647958646, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958646, "uuid": "512cdee6-9638-4310-9661-4a027ee0037b", "comment": "Malware payload (Heodo)", "value": "caffe752620df141c40b29a887df619c", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958646, "uuid": "941b8e7c-6c5d-4306-ab8e-7bffa889178c", "comment": "Malware payload (Heodo)", "value": "3172089994e0e7ffcd68eec176e2940534cb2a57e0bb17f0b83e3966e558ea25", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958646, "uuid": "074e6013-f0cb-42f0-ab15-c3b8ee5edb6c", "comment": "Malware payload (Heodo)", "value": "6eb80368b5bbc4f268dbcf7b9b68d43271e92adf", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958646, "uuid": "362a7bbf-6d61-43ff-9c9b-5fa8ea714b8b", "comment": "Malware payload (Heodo)", "value": "67472fbc7a571a9a87250a7dfe7ba113e8e5a5fbde3af9e13ede9f95152b238931f532b9f88fcc7b2f5c0fcd3913c97c", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958646, "uuid": "12b967cb-0e28-46b2-9cdd-b91bdfe137aa", "value": "T171059C596B46C0F2C3B53CF0182A42B11D9AFAF2C7B7023B9E84167D9A70DC17768D5A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958646, "uuid": "4a75f43f-5ccc-4c36-b581-c5e183fd749e", "value": "cd97bd977cef263c697f451ae2c47380", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958646, "uuid": "e541e3b4-4809-4b81-a11a-133a3da20fe6", "value": "12288:V20BXOMcVzpWfmmnDDaX5P8fMYsvFE6NKGfLjx8QvbxafqNPOd4jy:V9XOMc1KmmD+X6svFEDGloyNPOO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647958646, "uuid": "b8f98bd0-3085-412a-9db5-542fed1e8966", "value": 799232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647958646, "uuid": "3ea9af44-75de-4529-9538-8fd009675ffa", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958646, "uuid": "9db8936b-cb2b-47f3-b5cf-b5ffd79431cb", "value": "3172089994e0e7ffcd68eec176e2940534cb2a57e0bb17f0b83e3966e558ea25", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ab8d7200-a9ed-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647959879, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959879, "uuid": "1f53b103-23e0-41b8-aa7b-6338c45d45f6", "comment": "Malware payload (Heodo)", "value": "0b1ebfc0508dee3910a9c025bac8925c", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959879, "uuid": "c331e673-0d74-4278-af38-4eab2e786960", "comment": "Malware payload (Heodo)", "value": "317e9f3bb0ba5b0d3a18341935f406b1dcd04dd091b8cd7cbf6ca8f7d5dbf413", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959879, "uuid": "ca37f1b0-3a7a-49b6-afa0-686024624ca8", "comment": "Malware payload (Heodo)", "value": "f79709ae4a3d179cb264475a80cc32a0859622ac", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959879, "uuid": "aec5851d-21a1-40e7-be77-7932c4029d46", "comment": "Malware payload (Heodo)", "value": "2bf9d238fd72577fa3892264822c679ab1a8a90dd5b6c28fc019498a556655e5194fbb37e7f41d28f5d793c6294229b1", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959879, "uuid": "567bb7fb-180b-4f31-876f-ee86b9c76ddc", "value": "T134B4194F1E989172F0CF28776C22FB65F1EBB8009319B8116EA81B4CFB25B715961D4E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959879, "uuid": "2d32d08c-ca24-40a1-b2fe-5d4ae5c00665", "value": "ea66334e3c2bfce2838f2a75dde8dc63", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959879, "uuid": "22bc2a18-73ad-46bf-b0bd-96c880ac5b5e", "value": "6144:8JZToYE666spbEgoZhZO1tqI+rB7FNXtwN2B5mq8dbSNQ7dqNThMx:8v/goZoOlF/wN2PmBzdqNTWx", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647959879, "uuid": "95b037f4-db39-48e4-a4cb-693045ac8e81", "value": 516096, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647959879, "uuid": "2e38de68-5374-4b6f-97fe-0cb89f5d9010", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959879, "uuid": "9b58c4e0-b5a1-4293-a42b-db801d773057", "value": "317e9f3bb0ba5b0d3a18341935f406b1dcd04dd091b8cd7cbf6ca8f7d5dbf413", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8e26c26e-a9e3-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647955534, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955534, "uuid": "d1b383e5-41b5-4a33-972c-c76bab0143f4", "comment": "Malware payload (Heodo)", "value": "4b7d8dd6ba3d44f6d3cd69f778dc616a", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955534, "uuid": "10899737-4088-465b-af99-167e24675b65", "comment": "Malware payload (Heodo)", "value": "31e79684019b159098cc9a92951282490d88e5d2ea45de4bc1e20ae4e6c10d58", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955534, "uuid": "8e6166e6-ae5f-4cb3-b0b9-4167ed37c547", "comment": "Malware payload (Heodo)", "value": "371293e5dee7a31455d1bd5998691269f759d8d4", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955534, "uuid": "df41a9af-491f-4c72-9713-bb0e997e1d41", "comment": "Malware payload (Heodo)", "value": "3dd89b0bcfb4484d32198d3a6317f68287c31f660c7e5466a8ec1736ea2a3a4b9c94e1cfe39f9fff6011b02a2ab103aa", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955534, "uuid": "3dadc9d1-dba3-4104-9e9c-8282ba380a6b", "value": "T144D46B03BFD3F0F6C12F0F394505D608989A7EC6A62A45A3539C6B9FED670138D36652", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955534, "uuid": "48c0cf15-2e5d-474c-87e9-061efc9427db", "value": "987fe31a9a4cd6eac4ce656a05c3724c", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955534, "uuid": "0bb92ffb-3056-4b4a-b541-070e1e220d51", "value": "12288:QXvRLpX4HMAus65rYxMxWXb6Sw5BxfmRgnI:Q/Rt4HMA+rYx2BlmeI", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647955534, "uuid": "e56a30d3-c9b8-47b3-8f5f-4743dc474aab", "value": 614400, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647955534, "uuid": "178d98ff-186b-4d83-b395-2136fb16390e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955534, "uuid": "f47ec40f-f5af-42d6-bf0c-a8cbe7d1f138", "value": "31e79684019b159098cc9a92951282490d88e5d2ea45de4bc1e20ae4e6c10d58", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "afabeb0c-a9e9-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647958168, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958168, "uuid": "65a6fa2f-92d9-4aff-abb1-914bf64a3bef", "comment": "Malware payload (Heodo)", "value": "1e005497643a252ffe16181f4e3d2a50", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958168, "uuid": "bdd60db6-e279-426f-bade-5093a8db5e42", "comment": "Malware payload (Heodo)", "value": "31ff9f3e285dc35531faacc0b9b0b648f63561e7b5d19f19590013bbc802c64a", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958168, "uuid": "bf54c0bc-0ef2-412c-af46-893333877b69", "comment": "Malware payload (Heodo)", "value": "f72cc1594c71a7e926e91af2739360ea65a3aa6e", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958168, "uuid": "cd0627dd-bb56-45e6-9723-af29383d09a9", "comment": "Malware payload (Heodo)", "value": "7eeb1ee85b8f7d92a77aab9f4fe95e718de15b9dcbb41ed329b433cf2dff233fd190c2269f8032bd345621aec3e2d9f9", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958168, "uuid": "a10d5970-aa08-4166-bd5f-cef7a2e26a39", "value": "T1C8059C596B46C0F2C3B53CF0182A42B11D9AFAF2C7B7023B9E84167D9A70DC17768D5A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958168, "uuid": "f630dcae-f850-4948-a296-eaff379040cf", "value": "cd97bd977cef263c697f451ae2c47380", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958168, "uuid": "b294cbf1-a6b4-4fb0-b653-7ed66cde07f8", "value": "12288:V20BXOMcVzpWfmmnDDJX5P8fMYsvFE6NKGfLjx8QvbxafqNPOd4jy:V9XOMc1KmmDdX6svFEDGloyNPOO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647958168, "uuid": "2bf5053f-4faa-494f-ac60-ee3d1909672e", "value": 799232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647958168, "uuid": "ff9f1626-e83f-445f-af3f-a5f5d96f7fa6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958168, "uuid": "4fee5aed-d7f8-498c-9e88-0708db5afe0b", "value": "31ff9f3e285dc35531faacc0b9b0b648f63561e7b5d19f19590013bbc802c64a", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1edadb37-a9a0-11ec-9275-42010a9c0029", "comment": "Malware payload (RedLineStealer)", "timestamp": 1647926571, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647926571, "uuid": "04cd565f-4a52-4c87-9a37-fb927b4bd5d4", "comment": "Malware payload (RedLineStealer)", "value": "89bb26b87c1c65e85f9a9023986ca290", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647926571, "uuid": "4ad74d28-d2fa-4e2a-8e78-3f4c589e851c", "comment": "Malware payload (RedLineStealer)", "value": "322b32f8d82ef741cea7c4c6e837e543050d259739d82f8dab40efb861cc4cbd", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647926571, "uuid": "7958304c-4ad9-44a4-b128-79d74090e00d", "comment": "Malware payload (RedLineStealer)", "value": "4eebe24209513b09130068863cae08982d005f33", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647926571, "uuid": "4e07ea45-5a9b-4f56-b96b-8da1e7b36267", "comment": "Malware payload (RedLineStealer)", "value": "e580c7284d16b0298e17cd13bcc52cdb924332598aa97ac5d3522ff20e5e88543340d35486b300b80f4d140db87a48a2", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647926571, "uuid": "f05dbc60-7a3e-49bd-be73-30cf530b683b", "value": "T186363316666C3C14C582D7FDF629EA4D2EE23E4A7CA424316EAD10E26D9C77F52020DF", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647926571, "uuid": "220ac878-ce6a-4068-a66a-f09b99c25af3", "value": "fddc083fa31a17c938d0a17ec7cd3025", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647926571, "uuid": "27c5c4cf-69e8-46cc-925b-2e65fcaaaa06", "value": "98304:8j4Hd9vS8rxZ9spTCq+tv5d6U/9YqeY/3CFostwbZg4E6Pkeq8kXdrjPgrd:NrrP9sr+v+eY1YfCFbwbS4hzkpjPk", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647926571, "uuid": "39e6f13e-da20-49e5-9616-dd69a74b37ed", "value": 4897280, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647926571, "uuid": "2d2bbbcf-5b96-4cef-9ddf-22237b033920", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647926571, "uuid": "ed7abcaa-b40d-4264-878f-c0f1d60d1d8a", "value": "57246543.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "79b21bca-a9bc-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1647938750, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647938750, "uuid": "20c5fb6a-56ad-4cb1-b9a1-884d08337208", "comment": "Malware payload", "value": "1759c49708a9c0a999f95f0f6ea75b18", "object_relation": "md5", "Tag": [ { "name": "powershell", "colour": "#FE0F82", "exportable": true, "hide_tag": false }, { "name": "ps1", "colour": "#BE684A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647938750, "uuid": "6083f8e0-e002-46ce-9c86-3cd64bfd7164", "comment": "Malware payload", "value": "323637d61bdfba8c59e562bb63278ae8a9284409e67ae380954d811c3b6ab662", "object_relation": "sha256", "Tag": [ { "name": "powershell", "colour": "#FE0F82", "exportable": true, "hide_tag": false }, { "name": "ps1", "colour": "#BE684A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647938750, "uuid": "b967ff35-65ad-4271-964e-03fd4715f166", "comment": "Malware payload", "value": "5cd1f86e719c390f82b53775b442c59216e098d0", "object_relation": "sha1", "Tag": [ { "name": "powershell", "colour": "#FE0F82", "exportable": true, "hide_tag": false }, { "name": "ps1", "colour": "#BE684A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647938750, "uuid": "f7fe6361-1c6b-45a9-9605-ecad40588e7e", "comment": "Malware payload", "value": "9a93e77a9216e010a9e494db8671669517da28c6ef3b29dfdb04ed3b5d11c4931ab2239a2ca900644d31b80738caf921", "object_relation": "sha3-384", "Tag": [ { "name": "powershell", "colour": "#FE0F82", "exportable": true, "hide_tag": false }, { "name": "ps1", "colour": "#BE684A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647938750, "uuid": "4eaeae01-d1ce-425f-90e8-ebd12c31e83f", "value": "T17BF30ED0AC9898F9B4BC767236BBD6B490B2F59396F41025F21771AE1E92D7D2C00C4B", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647938750, "uuid": "94581a32-5fd5-4724-b8fa-d322316c59e9", "value": "3072:fkZN6gwOo+J8DcC4Wsoe6n3sIXisl8h8E4SWGE7cWzOeHbnKmQgU5z/U4GzOFKrv:iFgNDcroX3wsl82ErWGCTQgqlA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647938750, "uuid": "970fb66e-1378-4f47-ba36-8af4b394cfda", "value": 165166, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647938750, "uuid": "47c19bb6-b6b6-469d-a2fe-98825e81bc97", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647938750, "uuid": "bb616d68-127f-4fac-a967-18cf4aa66f8a", "value": "479nI.PS1", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "45be433d-a9ea-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647958419, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958419, "uuid": "c0c30d44-0578-4f5e-a88e-538bd0247476", "comment": "Malware payload (Heodo)", "value": "291cd4f6d649f88e4d12180fbf0b5db5", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958419, "uuid": "47232f34-ec36-4aa9-8e8b-335e99fc77ef", "comment": "Malware payload (Heodo)", "value": "3238a3200840493db24d8e5026d157a78ad812e115197cc20d08b0d74fbcc025", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958419, "uuid": "d0758640-adf4-4243-8684-9de7d001d487", "comment": "Malware payload (Heodo)", "value": "88ada18f2f187c8556e80e7fc3b6864162b4d777", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958419, "uuid": "f95cae7d-e28e-40e6-b3da-426281aaa9ee", "comment": "Malware payload (Heodo)", "value": "6dcc0c379c0cd1c56d8d15ee20b867fc2a7f0797be9638c1f82acc169869916b8547920a72d88c3500eee180390647c3", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958419, "uuid": "0a2e4436-a348-47fb-ab80-da8a910ac851", "value": "T169059C596B46C0F2C3B53CF0182A42B11D9AFAF2C7B7023B9E84167D9A70DC17768D5A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958419, "uuid": "59460d61-c8a2-4cdb-bdb8-587fb0ab5b3b", "value": "cd97bd977cef263c697f451ae2c47380", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958419, "uuid": "8200edd8-4d74-4a88-bd62-d6de70e321a8", "value": "12288:V20BXOMcVzpWfmmnDDRX5P8fMYsvFE6NKGfLjx8QvbxafqNPOd4jy:V9XOMc1KmmDVX6svFEDGloyNPOO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647958419, "uuid": "fec8bcc1-0c25-4be1-be73-e50aeaaec548", "value": 799232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647958419, "uuid": "5f44312c-fd14-49e9-b5cd-117e38bc2615", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958419, "uuid": "ea0f190f-46ab-4b3e-a4c3-d6747a54de10", "value": "3238a3200840493db24d8e5026d157a78ad812e115197cc20d08b0d74fbcc025", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7070440a-a9e4-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647955914, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955914, "uuid": "c5b0abad-7519-48af-b8eb-a13ab1a69797", "comment": "Malware payload (Heodo)", "value": "66f4eecf91d1e07140f7eaa2c1a114f5", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955914, "uuid": "289c8b27-d302-4bb7-a713-dad54d33c70a", "comment": "Malware payload (Heodo)", "value": "32cdab1d8fde126f4e1850bd947ebe983c51b23b4c0add3f9412c70b9ac7d030", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955914, "uuid": "b506f116-508f-4f62-a790-9c982bcf5a7c", "comment": "Malware payload (Heodo)", "value": "44e7d51d63db8adc064e0239d761d7a2eb57f0a0", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955914, "uuid": "ae317edf-0c54-4990-a8b0-782dde6386ea", "comment": "Malware payload (Heodo)", "value": "2b1a5c2648471f6254fe8fdd8a14043fdb28c392d184bb81ed31c565aa1dbdccd742c3ddac897bf58a13df60aaaad672", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955914, "uuid": "31444c9d-0ed2-4d2b-bf45-d184ca4b566c", "value": "T180D41B017498F0B3E38918B04A858AFB724B5DB296117073F2ED378CA7725F15CE766A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955914, "uuid": "8699dde3-5944-4621-a0dc-0437ae572598", "value": "b193e4975b360aaa9ff34a6f93823ae8", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955914, "uuid": "1eb7c33d-8b92-4cd1-9750-4836b93435cb", "value": "12288:pao0Se86lloPxHHVVIjqxEqRVoQmiIII999tLLLdAkkJoFLZZWbClgluPcRBATfQ:AqxETMJ777u3OmONFqNJtN1v96TOAni2", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647955914, "uuid": "4b0ef646-ce67-4c1c-9d72-4317b380dbb5", "value": 638976, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647955914, "uuid": "9c064675-422d-4fcf-b0c4-777c97c98ef0", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955914, "uuid": "77c88ae9-4a9c-44b3-9d02-ba7692646135", "value": "32cdab1d8fde126f4e1850bd947ebe983c51b23b4c0add3f9412c70b9ac7d030", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e0397a6a-a9e2-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647955243, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955243, "uuid": "dd9e58d5-020d-4ffb-97f1-d5023d2a3e6d", "comment": "Malware payload (Heodo)", "value": "087922c1d5b081cd73f8726af57c74c1", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955243, "uuid": "020d0ccf-664d-4e4d-9795-6354e9178163", "comment": "Malware payload (Heodo)", "value": "332dd6daacc3a42d6796f1c4a1746f2590bbb330924347a471b2b81d69dd6020", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955243, "uuid": "deb3ac61-9008-4415-aba7-394600145507", "comment": "Malware payload (Heodo)", "value": "771f66f0b8e9b315d31fcfb8dcf25b8f7dd2d8ea", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955243, "uuid": "8e8ec11b-d15f-46c7-8301-2294e4d12be6", "comment": "Malware payload (Heodo)", "value": "5376735e4aa9ab57ec3eb5a877d54f205855cf21e4535ae92db32fc19b9d3b5acb11fa64f2a0f5ae2bafc5c6cf89de6f", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955243, "uuid": "2d5fe5d1-a7ef-40b3-9743-76de549e2d9b", "value": "T18BD41840B259D1F9C4CA3CF83C1A9299625D6CBC7B8960F377BE36AD6B74D70132121A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955243, "uuid": "8bee8153-d6c4-49cf-94df-058ceac73f41", "value": "463401f61c44b0d918f1e23374db995b", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955243, "uuid": "c4ca4b9e-60b8-4132-8152-be020ad938bd", "value": "12288:C2Y7Kg+5zhHHq9xT+VDWIGUcItvhFDuEPF:g2nHIxT+VDWucItvR", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647955243, "uuid": "49e48199-59c0-499b-b569-dcdb0b29e1e3", "value": 613888, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647955243, "uuid": "bf06e878-a8ba-4062-9762-579e1bcda79f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955243, "uuid": "2269950b-c1df-47e6-8d22-c29bf40e8216", "value": "332dd6daacc3a42d6796f1c4a1746f2590bbb330924347a471b2b81d69dd6020", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "256c425f-aa06-11ec-9275-42010a9c0029", "comment": "Malware payload (AgentTesla)", "timestamp": 1647970391, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647970391, "uuid": "d789989d-121b-406d-9b60-d892adb0f60c", "comment": "Malware payload (AgentTesla)", "value": "fb9790b8a36ddb83289b6970a7fc746a", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647970391, "uuid": "2c7e60ec-ac0e-4d3f-80b3-25b262a62bae", "comment": "Malware payload (AgentTesla)", "value": "333449d5e8eb557113b0a57e5f1a11aa3d78c4283ac85234a1850c4b66924814", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647970391, "uuid": "37641768-8197-4e9b-8298-2aa7a48717bd", "comment": "Malware payload (AgentTesla)", "value": "debf588576aafd5248865251656542c607ca3584", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647970391, "uuid": "b2984301-8b67-45e1-8579-9978df0f2906", "comment": "Malware payload (AgentTesla)", "value": "4fe704d2b3e13c8970a2e76a5774a3897ed688f0c134629ce5b4a11909211cfbcbde3b023be91d060b70a17e4aa93478", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647970391, "uuid": "f0a24b58-617e-4241-ba45-943a8d9fe231", "value": "T17C4523C6352C9A7BFAEF2AF9085165CD47F200515022F7D58EA7A4CB98CD3807B23657", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647970391, "uuid": "64c286a3-d95c-49ab-a5cf-9e6e9ae5350b", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647970391, "uuid": "d40ee0a6-a4ca-4346-991e-240a3a0cd6ea", "value": "24576:bohvKc6AY86HEo+wOo057riBS9bFENg0tWYxlOFkPgsud:bohyiYFiv57riBSjENgGWIlOFkPgpd", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647970391, "uuid": "2d6d876a-969b-4d69-90ea-4768405ed1df", "value": 1184256, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647970391, "uuid": "000d0ae7-5d2d-4a43-b8c9-3c30a082a1f0", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647970391, "uuid": "945a93f5-f381-4860-9faf-75a8fbec53c7", "value": "MBL-HBL SHIPPING INVOICE.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d89b28b4-a9ed-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647959954, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959954, "uuid": "5d973bc8-f12b-4dd9-a88b-fdff5ee9b523", "comment": "Malware payload (Heodo)", "value": "e05d9e95ab647a36fca2d9f478af7b4d", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959954, "uuid": "019e5ae5-ce0d-497c-9ae3-ae93e0879f07", "comment": "Malware payload (Heodo)", "value": "338642ab42ca26cda3c999a84761772a23d5a8b4000597b0da16b0fb6d1f51c1", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959954, "uuid": "618b6b82-1c33-4cad-a9ab-e26ba740decd", "comment": "Malware payload (Heodo)", "value": "6353c79a2ed6b8e27de33a2b5ddd3499758a1fea", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959954, "uuid": "e54ffda0-8f15-4a32-8137-a86170cf5a51", "comment": "Malware payload (Heodo)", "value": "dc486f34ce1a065dda6d23efddc5692f6d69466e278196d62818459d958f8ab102ffe50c264427077e398faa142966e4", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959954, "uuid": "bce4c44d-17bf-47af-9249-e54367d6d958", "value": "T116B4194F1E989172F0CF28776C22FB65F1EBB8009319B8116EA81B4CFB25B715961D4E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959954, "uuid": "70a7e075-95da-4d22-9176-3af82e7ee3ca", "value": "ea66334e3c2bfce2838f2a75dde8dc63", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959954, "uuid": "7835f29d-e488-4ffc-9153-7312d8b8c893", "value": "6144:8JZToYE666spbEgoZhZO1taI+rB7FNXtwN2B5mq8dbSNQ7dqNThMx:8v/goZoelF/wN2PmBzdqNTWx", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647959954, "uuid": "d867779f-126c-4b10-a346-8c5f51c9210f", "value": 516096, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647959954, "uuid": "3490e406-84e9-4962-a839-ce666fe07fa0", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959954, "uuid": "2528b0fb-8abe-4d94-b3f7-e0696a178eb1", "value": "338642ab42ca26cda3c999a84761772a23d5a8b4000597b0da16b0fb6d1f51c1", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "83350760-a9ed-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647959811, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959811, "uuid": "77b071a4-2a89-43e0-b1cb-6aac02020af1", "comment": "Malware payload (Heodo)", "value": "76da9b0b785de417758677ebe95c79fb", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959811, "uuid": "df875e9b-bf77-4466-a47f-6346e737b481", "comment": "Malware payload (Heodo)", "value": "33e9a60e4c55300c03532ab09ec66ca22c260644233f28c9e6ea8e936db12133", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959811, "uuid": "9815c986-ffad-4d41-b878-cdd3a85d5945", "comment": "Malware payload (Heodo)", "value": "3d333d421c8ed00031265b4a318e4ccf30d836ba", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959811, "uuid": "bceab6af-d680-4b1c-b783-8da4f7570233", "comment": "Malware payload (Heodo)", "value": "d2b76862e152401530ee4de383a72ca651d1c978c88d5b3b9b80b8008245a81e971c2c3bc71f2247f16a8e20c247625e", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959811, "uuid": "0783d1d1-70d7-4e26-9136-c689e73fbcaa", "value": "T1BCB4194F1E989172F0CF28776C22FB65F1EBB8009319B8116EA81B4CFB25B715961D4E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959811, "uuid": "25bb2c5e-872f-4c7b-b0b5-b9c7c12e7b45", "value": "ea66334e3c2bfce2838f2a75dde8dc63", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959811, "uuid": "ddcc2430-d3f0-49ec-99b2-f131b65c2429", "value": "6144:8JZToYE666spbEgoZhZO1tjmI+rB7FNXtwN2B5mq8dbSNQ7dqNThMx:8v/goZoN4lF/wN2PmBzdqNTWx", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647959811, "uuid": "8cb93669-fc8e-4081-b5f0-1aecc64894da", "value": 516096, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647959811, "uuid": "d4f85015-4312-4347-862c-1045b9ec312e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959811, "uuid": "4ceab9fa-4141-40c0-9196-4b283fdbf24e", "value": "33e9a60e4c55300c03532ab09ec66ca22c260644233f28c9e6ea8e936db12133", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a1dd3102-aa12-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1647975754, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647975754, "uuid": "e200464d-5676-474c-8819-74df6a5ef6b9", "comment": "Malware payload", "value": "04d2c17a55649ef62dde06770e4808b0", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647975754, "uuid": "b620b892-6718-4f5b-9559-069c620deaba", "comment": "Malware payload", "value": "343848a3b3b6339888a3b2610a13b3c2c6b9bf96e4099db6a53f580f7c8ae3b5", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647975754, "uuid": "7f19b84f-dcbf-4fa5-8c2b-9a6f6ce36eeb", "comment": "Malware payload", "value": "2ea09068c50497bb20f69325fb09e33bc94ac3d6", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647975754, "uuid": "f3736b81-e5db-422a-a60a-a6ceafe7805e", "comment": "Malware payload", "value": "2a9e628d0010d37c8c08e7a117ca2dcaf7476f816a21775e26bdb99c1e5495fe3df4bdaf79123d45ce7a374a8c181beb", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647975754, "uuid": "a81e79dc-2f4b-4629-81fa-cb2cad42448d", "value": "T15B0639F320C6779DC056C53E8363FD6FDA9FB03A4A26A4F7D054A622AD16C413A48F19", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647975754, "uuid": "945ee491-8698-4cc6-871a-42f89eee69bf", "value": "a56f115ee5ef2625bd949acaeec66b76", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647975754, "uuid": "142751d8-5822-492a-a51a-8f4d51ede8ae", "value": "98304:nI5xrmcv2GEzvH5jk27ZZql+gmOtxz6CY7N:nYxEGEzP5jk27Za+Kttnu", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647975754, "uuid": "04c1fa6f-40b0-408f-ad3f-0ebdb4da4215", "value": 3771777, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647975754, "uuid": "aa0bdb8a-4257-42c4-bd7e-9725f02a61a9", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647975754, "uuid": "3e506b75-86d6-4c03-931b-3c30a58c96bd", "value": "04d2c17a55649ef62dde06770e4808b0.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8adff42d-a9a0-11ec-9275-42010a9c0029", "comment": "Malware payload (RedLineStealer)", "timestamp": 1647926753, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647926753, "uuid": "c2444af5-5396-46bc-88a8-98333b0a34c1", "comment": "Malware payload (RedLineStealer)", "value": "b02011922b58e5e171dcad87da3bd5c2", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647926753, "uuid": "6b7989a9-8704-4372-b611-10a90b536943", "comment": "Malware payload (RedLineStealer)", "value": "3487dff9ece566943c57c01c9fb5c7fcd4b8206159e575ccc05121d573fcae45", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647926753, "uuid": "757c1b40-18c7-4b8b-876c-ffa108e94042", "comment": "Malware payload (RedLineStealer)", "value": "3098490208ab03e82c21e81cc42e59debb3223af", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647926753, "uuid": "9766c421-f70a-4dae-acda-70746eb1d14b", "comment": "Malware payload (RedLineStealer)", "value": "f52ff4e553d24f955196bf06045e35e505d67555247248179060f4483d2c25a6f27d6f6823537bdbfbad74fe692d1c04", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647926753, "uuid": "916873d5-1d63-4c64-95ef-3b4aa3651f3a", "value": "T1A33633CBE6E7A368EE0F09B5A9849F27CDFF0741845F821BB3566A642D71D37A102704", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647926753, "uuid": "2c381e2c-e724-40dc-93d8-49542cd1ea02", "value": "fddc083fa31a17c938d0a17ec7cd3025", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647926753, "uuid": "a6b278cb-0811-4935-ab5b-5931d84a1b45", "value": "98304:qoElhusxPRy9RBy9m/+jj1QfaA105LcxGSReRFVAb5q3Q8W0aF/:qzusxJEByu+mi5AxVAnqbk3eF/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647926753, "uuid": "1a3d16e4-1af0-4cf1-8703-05a8d3fba7bd", "value": 4895232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647926753, "uuid": "4987c75a-3ddc-4885-9e4b-754127a7c517", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647926753, "uuid": "8537a78f-f3f4-4bba-8462-07cf989fce90", "value": "83958462.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "46c7cfc0-a9f0-11ec-9275-42010a9c0029", "comment": "Malware payload (NanoCore)", "timestamp": 1647960998, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647960998, "uuid": "9e69c1fb-9b74-4a06-aea4-3b4a9911af29", "comment": "Malware payload (NanoCore)", "value": "6467b5fafcdcde091985bb479862f34b", "object_relation": "md5", "Tag": [ { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647960998, "uuid": "ec143161-f6db-4642-8279-7672fe4534c4", "comment": "Malware payload (NanoCore)", "value": "34cc27237a032387408e915e65119a1097bebc5bfe8091be7a17dbf9a475d11e", "object_relation": "sha256", "Tag": [ { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647960998, "uuid": "f0743037-d17a-41dc-a202-1de81a0e62ca", "comment": "Malware payload (NanoCore)", "value": "43e224ba27547ed205720a3410c88970842a77b4", "object_relation": "sha1", "Tag": [ { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647960998, "uuid": "d862b28a-3432-4420-a26a-0033ee1fee92", "comment": "Malware payload (NanoCore)", "value": "b608e003933ba215ce9ad26143752b782853e974ec0cf80131572f9d968fd1f3868bb4b88eb08265267228b1b9bcaf78", "object_relation": "sha3-384", "Tag": [ { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647960998, "uuid": "4590e2b3-5c00-45cd-bf99-3538e732bd2b", "value": "T1CB020B78558A08D6F3DB8852742B7F1103B3F28B9ADE1D84A35DEDB41877F734906051", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647960998, "uuid": "345ff6f4-e5ac-4948-9581-5d7819df3b47", "value": "96:RBzvct2V7XEWNVPpSdcht3uGXH32mtGPCMoRCkg2XKafVroWonE1K:7bcsX9NX3uGXHlM6MokcfeWUEo", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647960998, "uuid": "6c7f4f24-6863-409e-9b4d-8fc514749649", "value": 8393, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647960998, "uuid": "9773d530-fc7c-47d9-80fa-bad6d5551f13", "value": "text/rtf", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647960998, "uuid": "589441b8-4914-4827-a0b1-835357b49cae", "value": "WBK.wbk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b2a5a783-a9e9-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647958173, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958173, "uuid": "4898edcc-571c-49b6-9c2a-5a46b5905568", "comment": "Malware payload (Heodo)", "value": "9b3b562e5df274f6079215d8c997cdc7", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958173, "uuid": "6617fcfe-7fcc-4291-be07-30ef9bc600a3", "comment": "Malware payload (Heodo)", "value": "34f00f39f1b375d88b518bb4ec92f8be9c071ad2c0008e22c1275d290e39a139", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958173, "uuid": "e8ef2f3c-0e8b-42ab-b8c7-291de3b931ff", "comment": "Malware payload (Heodo)", "value": "d6e7c28b294fed892c1677178cdb64e9bb87d015", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958173, "uuid": "7b17106c-68db-46b5-9a57-8e171d1e517e", "comment": "Malware payload (Heodo)", "value": "448430898ab94836116b2f5bc409e700c7546686ba4df68cb74cc7f211a7493f1b38cce8e60faeb1264d2d255d9bc8e4", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958173, "uuid": "566370d9-6cdd-4f40-9cb5-aa2e5ab0b829", "value": "T166059C596B46C0F2C3B53CF0182A42B11D9AFAF2C7B7023B9E84167D9A70DC17768D5A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958173, "uuid": "e048cebf-9aac-454d-afc9-df26c44534d1", "value": "cd97bd977cef263c697f451ae2c47380", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958173, "uuid": "b8ab74cc-d87c-4dec-a18d-0c5aa17ee036", "value": "12288:V20BXOMcVzpWfmmnDD/X5P8fMYsvFE6NKGfLjx8QvbxafqNPOd4jy:V9XOMc1KmmDrX6svFEDGloyNPOO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647958173, "uuid": "eb56d1e5-f238-472c-aa5b-383dc8cf0d00", "value": 799232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647958173, "uuid": "2e8a8c2c-be28-4f71-b951-ea0782020a37", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958173, "uuid": "0fb47bbe-b66b-4570-8ede-72999c3c3dbd", "value": "34f00f39f1b375d88b518bb4ec92f8be9c071ad2c0008e22c1275d290e39a139", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0df7e1ed-a9e8-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1647957467, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957467, "uuid": "e7ad105a-2f61-4fa4-a66e-c829ce12173b", "comment": "Malware payload", "value": "1e98c95eedf0ab213a3a92e9f15343ce", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957467, "uuid": "170f7a9d-d8ea-45e0-b7b4-575eb5dfaee6", "comment": "Malware payload", "value": "36561a5b4fb1c724bd417626accf13436bb7c2d75599615768c29b177c58bbc9", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957467, "uuid": "a184a954-7c99-4912-b956-eba481720e80", "comment": "Malware payload", "value": "e1f1c2068b9c35bcb24798761b9c9dadd3507028", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957467, "uuid": "6a27747f-f864-4c82-beb6-2986a28e1a07", "comment": "Malware payload", "value": "48d55c4e780b9e815f7de11f2731c8c9236d8f4e3e82b891cad28160afeeae6326d016780ebc6bc76312e3e0bfaef200", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957467, "uuid": "fb07146c-bc67-4eee-997d-0b7d87c72eed", "value": "T16245F9996D0E18A8EBB22A7B355C8593B2F42F75DE3CEB7B4CE3017580FAC445984D12", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957467, "uuid": "04189477-c73b-40c9-b646-859c408a30ac", "value": "514c554c4eccf8b5d18d8453867113c6", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957467, "uuid": "78e96409-8fb7-4823-b4af-95d4ed659ac5", "value": "6144:PFKiOzC8VEXAouuoSwFwsuCEe4EJI8IkfWwgiSe93xoAyoVbRqtTA5xBChLOvDuE:PHkVE/oSwfuCq9r5c9bRma4cg42K", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647957467, "uuid": "1faa64a5-f54e-4a74-b832-91662f445e4d", "value": 1169523, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647957467, "uuid": "cf259d21-854e-40a7-ab27-6331c5499052", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957467, "uuid": "f46bad65-2f99-4ee7-a26a-1b5ca98805fd", "value": "36561a5b4fb1c724bd417626accf13436bb7c2d75599615768c29b177c58bbc9", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "900d2d9e-a9e4-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647955967, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955967, "uuid": "d6203f57-c77a-4ada-80ef-547e3cd6e95c", "comment": "Malware payload (Heodo)", "value": "1640f0b0532567abef6937fbc4b8074e", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955967, "uuid": "5963d133-04a0-4fbd-939e-006672374ff4", "comment": "Malware payload (Heodo)", "value": "36658fe70f79a8127f3c0be2c5826393187807b530772f581f786fa872766ea7", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955967, "uuid": "86a9398f-1bd2-47a1-845a-949594f1ab8c", "comment": "Malware payload (Heodo)", "value": "43511f5508d0e565fbb529a976a6acdb2b967ce5", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955967, "uuid": "fe40f333-ea80-4d10-8b9a-17bbc04a1222", "comment": "Malware payload (Heodo)", "value": "7ad5d0cd12d6a578d5ed9d9a9f44352d76603de567faa3243857a56020213b0a3c6ce7e0b7930331826f41068617c988", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955967, "uuid": "03f91a74-ad00-463a-b69f-fe3a22839d57", "value": "T1DED41B017498F0B3E38918B04A858AFB724B5DB296117073F2ED378CA7725F15CE766A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955967, "uuid": "989bde68-d88b-4f95-8e8a-40bd2c236216", "value": "b193e4975b360aaa9ff34a6f93823ae8", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955967, "uuid": "e8e2d800-5ed4-4d59-8446-4aaebe938577", "value": "12288:pao0Se86lloPxHHVVIjqxEqRVoQmiIII999tLLLdAkkJoFLZZWbClgluPcRBATfy:AqxETMJ777u3OmONFqNJtN1v96TOAnU2", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647955967, "uuid": "def6e9b4-6092-4fb8-aad9-67ed3edeb937", "value": 638976, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647955967, "uuid": "0b3147a0-9db0-4fa4-9911-134fc87ad4ba", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955967, "uuid": "bfc48c67-8cc2-4df6-add3-d9f71d4bbf16", "value": "36658fe70f79a8127f3c0be2c5826393187807b530772f581f786fa872766ea7", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "171ca015-a9d6-11ec-9275-42010a9c0029", "comment": "Malware payload (NanoCore)", "timestamp": 1647949751, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647949751, "uuid": "9f87202b-bb6c-461f-8898-1f6d92edb54a", "comment": "Malware payload (NanoCore)", "value": "e0ff9b74bd3cc20dcca8b12b985b0601", "object_relation": "md5", "Tag": [ { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647949751, "uuid": "37451a32-b95e-483a-bafb-df416d65fc00", "comment": "Malware payload (NanoCore)", "value": "36731e2892a540d3c2c7c8e8121c3f0d9e607dd96c58b7a0ea5b61404647e63a", "object_relation": "sha256", "Tag": [ { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647949751, "uuid": "f73ff935-7738-4ca9-896d-7704b06f5eba", "comment": "Malware payload (NanoCore)", "value": "15e3fa4cfb9a42e602e7588d71caefc2158e4d03", "object_relation": "sha1", "Tag": [ { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647949751, "uuid": "919510ec-104c-4524-832d-cc88c0c07813", "comment": "Malware payload (NanoCore)", "value": "ea44451ff69d667130e71268684bd5fb73ed92e93c9b300c8efbfcb166ef1e3299d923e492e973059dfcbfa6d4ef5667", "object_relation": "sha3-384", "Tag": [ { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647949751, "uuid": "8b4a299f-c0fd-4cd7-89ab-58c44b618f24", "value": "T1B3020BB864E904D6E39B8892786BBF1203B3F1578ED52985A31CEDB52472F734E4A150", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647949751, "uuid": "0d002f5e-f0b6-4353-afad-1e7e4fab8c65", "value": "96:eBfv+22mSdcht3uGXH32mtGPCMoRCkg2XKafVroWonE8:mH+de3uGXHlM6MokcfeWUE8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647949751, "uuid": "4a68ccdb-f776-45f1-96ca-f90980c769ea", "value": 8361, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647949751, "uuid": "9716a30b-c5ba-4af9-b416-529c41529071", "value": "text/rtf", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647949751, "uuid": "c31f444f-d088-4598-9b37-c9f6b86a77d8", "value": "rt (1).rtf", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e2df6f2f-a9e2-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647955247, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955247, "uuid": "663df226-6bdb-4d0c-8eb5-e30163a14177", "comment": "Malware payload (Heodo)", "value": "8cd9fd94ce63cd55b1f67655e9ba0427", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955247, "uuid": "e40c00ae-99da-4c0c-b25a-7fe4d41f96cb", "comment": "Malware payload (Heodo)", "value": "367b6ce334d68aad2c01ffd4800354320ed268d974a3dc51bd1aa366fb688458", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955247, "uuid": "1b8357bf-cb7b-47d6-a2b0-3602f8ee7a76", "comment": "Malware payload (Heodo)", "value": "7522eea72a7f4cdcc9bf3bec1716bb560fa7a02c", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955247, "uuid": "cca022ac-c5a8-47f6-9369-57017b30c9fa", "comment": "Malware payload (Heodo)", "value": "0feea51b15a1b4d7e4151c07693b6732ab706e8c6efa6cea1a5dc363532293b314c2a4be534ae51413deaf4cc7d170a4", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955247, "uuid": "25726a66-fde1-4560-8656-351b496de42e", "value": "T1D1D41950735AE1B7D0429CB58D1A82B5A90F6CA14A2471F3BBDE371DEB789B017213CB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955247, "uuid": "7e1262dd-9787-4ad0-b7a4-afafeb2bd413", "value": "463401f61c44b0d918f1e23374db995b", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955247, "uuid": "b3fd8451-9f20-4e21-9230-4ca0e43dca36", "value": "12288:DjN/Z2wkRrA9CRDCgElAjHDsndSyHOrNvEP0Oua:dEHR+CRAyfsMyHOpJL", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647955247, "uuid": "1e5f0e2b-e5ee-46f7-8ee8-05852bfd7aed", "value": 613888, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647955247, "uuid": "210b2c02-bf84-4d86-b1e7-67d2a1cc6473", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955247, "uuid": "a3948dea-1d2f-4cbf-9375-ff7bafc0934f", "value": "367b6ce334d68aad2c01ffd4800354320ed268d974a3dc51bd1aa366fb688458", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c6502513-a9cc-11ec-9275-42010a9c0029", "comment": "Malware payload (AgentTesla)", "timestamp": 1647945750, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647945750, "uuid": "ea6f0679-b44f-4797-a2d2-305fd657d431", "comment": "Malware payload (AgentTesla)", "value": "04fe85216275699806bec479b14ff6f6", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647945750, "uuid": "0170a227-7430-41ae-9528-48bcc7353e6c", "comment": "Malware payload (AgentTesla)", "value": "368e63d738e82c15421487a4594f42bb3b74308e344dc69c7d072920b3141697", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647945750, "uuid": "63426986-bead-4cb3-9514-69080b03822f", "comment": "Malware payload (AgentTesla)", "value": "36c5bbf54ad208143163a2d9d6ca9727b5a8589b", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647945750, "uuid": "f19ecf4f-4183-4b97-9090-d4bf1c422d57", "comment": "Malware payload (AgentTesla)", "value": "4ba9f7dff5021bf945e4cdc17c3c1f17f2cc23a456f08828cdcfb19ba1522eaa8c5e5698d3ee4a9b81ffd044af1a574d", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647945750, "uuid": "24585d16-22fd-40c9-882a-cfab45b04fca", "value": "T1543512C6EA8442A1ED3E1B3064366D28136BBD75BCB5F69D8A0C71A067B73C3413394B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647945750, "uuid": "b4fa367b-59a2-41e6-9eca-2995bd8c3a7e", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647945750, "uuid": "b51347e3-41d0-4b4f-bd53-6faefa18de50", "value": "24576:4MohRUA5h/YBdLpKGY0pM6Jk8E0wk/ccs2ZXqFjgjG2wsrog/WM:4MohRUZdwupM78E0wk/rqFsi2waoDM", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647945750, "uuid": "d6a3c68a-3f67-4fe9-aa3a-31787f9badf1", "value": 1158656, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647945750, "uuid": "5e4b0a24-9962-4414-8eb8-ed4e23e5ead0", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647945750, "uuid": "3af4636c-bdc6-4c7a-80b2-463225f97014", "value": "REQ HU234UD.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e5512de7-aa06-11ec-9275-42010a9c0029", "comment": "Malware payload (AgentTesla)", "timestamp": 1647970713, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647970713, "uuid": "071c6ac9-76bf-4943-87f1-ab9e2a403b58", "comment": "Malware payload (AgentTesla)", "value": "1e495ea081797340badf53b833130e71", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "r15", "colour": "#8E01A9", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647970713, "uuid": "2ec02cc0-3f07-4269-a0bb-1ff0ed2171be", "comment": "Malware payload (AgentTesla)", "value": "368ebeba0e75b09e80d4dce43bec42b42aa2c3275e32c346ea6d66e8f7b1bdb5", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "r15", "colour": "#8E01A9", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647970713, "uuid": "fbd510ad-35be-4196-8f23-d378934b8635", "comment": "Malware payload (AgentTesla)", "value": "f2aac79b497df249fee2b19edeef7e1a107113aa", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "r15", "colour": "#8E01A9", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647970713, "uuid": "482fd5f7-69cd-409f-9ffc-5a5f63adebf3", "comment": "Malware payload (AgentTesla)", "value": "538306f3f186a2579a42918c5ba0f71d649d1d565c6704d96fe7041968713bac3357c3ee78db3cbc9db127650a25b66b", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "r15", "colour": "#8E01A9", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647970713, "uuid": "382d7afe-d949-47ba-a993-23486e104764", "value": "T14C9423945721329257EEBDFDAEC679B6583E19433187B813FE9C31ACE18D0E429C14E2", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647970713, "uuid": "8995e5e1-0fcd-45a7-9ef1-a4f62051c20a", "value": "6144:mUgoP6WR5b6vaSc+PiT4Mlf6LT6O7CXYYmnD6wjdSqH9jbrTdZFhGhMOJhNBV:LTzXb/SPismfmOLXYYmFEqHJPZhqMCNr", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647970713, "uuid": "a3b91e45-09ff-419a-b318-841066e30f85", "value": 436966, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647970713, "uuid": "9dadb86f-8d84-4be3-9361-5a265bb5202f", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647970713, "uuid": "f3409f35-b9d4-4443-89e6-e5cdfbb5d77e", "value": "purchase order.r15", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "16012d89-aa0b-11ec-9275-42010a9c0029", "comment": "Malware payload (Loki)", "timestamp": 1647972513, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647972513, "uuid": "70d75a00-cd75-4607-b23b-23c00ca6459e", "comment": "Malware payload (Loki)", "value": "04d4cf6e5dd78062985cd50b3783d62d", "object_relation": "md5", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "Maersk", "colour": "#38D08C", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647972513, "uuid": "b89e9eb1-1f80-4817-9a92-e8e1981c86cd", "comment": "Malware payload (Loki)", "value": "36cf839c833c3dbfa257fa117da4b40120757c8c58faabf9dfa0ed6a864df2bb", "object_relation": "sha256", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "Maersk", "colour": "#38D08C", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647972513, "uuid": "80d33317-251d-4f3a-9bd5-7722b6038cc3", "comment": "Malware payload (Loki)", "value": "a7651a6c404cdefeee10f3da2a414527a1d92a52", "object_relation": "sha1", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "Maersk", "colour": "#38D08C", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647972513, "uuid": "67e85ca9-b5f7-4084-a304-03b449280325", "comment": "Malware payload (Loki)", "value": "8096ba569ed2bb572e54d1ab05649dcea43db4333fc9530d7ab460a9f72fbde5fface2b8391037eebb102571fe2a75d5", "object_relation": "sha3-384", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "Maersk", "colour": "#38D08C", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647972513, "uuid": "eeae2de5-e315-4acf-8b59-f2b95d9b3783", "value": "T11E04023BF5318761C9D12AFB17045164B025BDBEAE00ED55F0D8779A4D703809D2AAFB", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647972513, "uuid": "c5a996a9-d60a-463f-b887-d9585f2806e0", "value": "3072:lZ6luFzuDxpgYqpc3yjpm4jfSR/EZbsaoeoSKXzL2fJya7OV15rJLO:dFzuDtCoCmQlPloL32fJyagO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647972513, "uuid": "7ddcc22e-0d5b-4905-b15c-9eda2d403917", "value": 186760, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647972513, "uuid": "0cfd89d0-be32-4b9b-975a-0b58592c5148", "value": "application/encrypted", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647972513, "uuid": "760095a8-67ca-4ddf-bb0c-a683f57bd5c6", "value": "MAERSK DOC 261786.xlsx", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6f49ffa6-a9e0-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647954194, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954194, "uuid": "70e4506e-3b3b-47fc-afd5-9179136c8029", "comment": "Malware payload (Heodo)", "value": "0f69f1e57d4d70460f328e61f385af90", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954194, "uuid": "dd986a76-ed00-47cb-b050-3b3af838e2c8", "comment": "Malware payload (Heodo)", "value": "36e145895d28fbe0c96fca50de043a81198bbb52bafec42c89a5dc8351ef1dcd", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954194, "uuid": "3cb6f0be-4fd2-46fb-bba4-c55cb06f16d2", "comment": "Malware payload (Heodo)", "value": "b57f60c2f8de393c644631117319bb5d50f1dd1b", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954194, "uuid": "afb42383-39a3-4458-8806-6094b1a4b3fc", "comment": "Malware payload (Heodo)", "value": "a43816fd9f0c5502e9e3e9ebefee19a89a3376a6c0cf5b0b6d526b72b670a5ccbd31330d0384168c8f7fd2db8dd52291", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954194, "uuid": "db6c9798-2897-408b-b29c-3635c99e3070", "value": "T11525AE223AD5C07BE2AF16760506E76E62F5FD304B2586C36FD11BAE6E345C29739302", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954194, "uuid": "a70576f8-509b-44e3-b395-9b712f22c024", "value": "c43d7d6aae03def404d4e73d7d3f62eb", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954194, "uuid": "79913f51-2ecc-46c6-ad98-f0d23cd4dcd1", "value": "12288:+LDlVD0Fj+g1dEJgcIzQHBKeWZlQV5tFjNRLU:Ci6fgcIcHB8ZKbLU", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647954194, "uuid": "8e2d3bb5-6fc2-4a90-80af-9c41496d47c8", "value": 1028096, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647954194, "uuid": "16c8b177-bd7d-4e1f-ac82-0fadb0ca5b03", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954194, "uuid": "3a864542-6cc9-44ef-945b-1fcce37934ae", "value": "36e145895d28fbe0c96fca50de043a81198bbb52bafec42c89a5dc8351ef1dcd", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "29202ef7-aa15-11ec-9275-42010a9c0029", "comment": "Malware payload (RedLineStealer)", "timestamp": 1647976840, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647976840, "uuid": "b61c0e1f-262c-44a5-9d11-a5681994ef8b", "comment": "Malware payload (RedLineStealer)", "value": "80b5dfe17be5550481159d541ec1f61a", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647976840, "uuid": "502a6aff-7775-4ce1-942b-f563a02fdbae", "comment": "Malware payload (RedLineStealer)", "value": "36ee4fbc9c01f112929fdcb601c68a96a1b2e16bef985ebe0b9799e30baadcc7", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647976840, "uuid": "f474059a-2413-4489-be37-44a8cb7f8cc3", "comment": "Malware payload (RedLineStealer)", "value": "3ac2dfc85864b31ae6930170ef03968939c8d4d7", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647976840, "uuid": "b7dd8427-a61c-4187-b193-680f0805e9f4", "comment": "Malware payload (RedLineStealer)", "value": "71698566cdd12dcef59f64cba9fd971bc58285008c01d3ab84e5c5a3831422a1f2941ac0947e6913691101802b449069", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647976840, "uuid": "6c628b89-6849-4b8f-b544-7ee0d6025231", "value": "T18EC42387A0C1EB1CC14FE7F51423B50E0E6EA46616A4E5477EFDBB918BB847B014D1B8", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647976840, "uuid": "85a9ac9b-1697-45d8-a56e-6899f690227d", "value": "445554923421947cbff896012e27345a", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647976840, "uuid": "ea68cf3c-2425-4598-8157-fc0e4de8aa2b", "value": "12288:KeSJUoRtF+dhJ6QS03ULaHNqrxlKIQNofE8zOmO+MP:2F2AkEaHNYK3mE8TOT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647976840, "uuid": "c3c71479-4e37-493e-99cd-f944be918b40", "value": 566784, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647976840, "uuid": "e37e4652-44fb-4153-aa82-6665fed38c8d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647976840, "uuid": "c3ea3f57-9839-4ac8-ad78-34f5af1c3a19", "value": "80b5dfe17be5550481159d541ec1f61a.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "79578fbe-a9a8-11ec-9275-42010a9c0029", "comment": "Malware payload (Formbook)", "timestamp": 1647930159, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647930159, "uuid": "3ecf4b99-7db5-4d3d-a29e-61cb675a0f24", "comment": "Malware payload (Formbook)", "value": "cb7b3e73b0f2137a8fdd380f0099c6ff", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647930159, "uuid": "20d13c6d-25c3-41a6-ab8c-22a54fd10e2d", "comment": "Malware payload (Formbook)", "value": "36fab6d728571d3da4184d3335a8263dd47f1bfa573ca762360958eb11c4c874", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647930159, "uuid": "8142ce2c-9ba4-4eb9-a66c-68e63526e622", "comment": "Malware payload (Formbook)", "value": "ea9171e1ac865d12613d89ff7ee996d7e697f50a", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647930159, "uuid": "64b14a4c-1e2c-4941-8bd4-2e8d4e8fb74f", "comment": "Malware payload (Formbook)", "value": "31f125449570c5cfbe5eb3aebbf3efc5a5f50bb810b02435d1913b93eaf5cd82cf75d53fc5f80e209ba2811c1c7e7156", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647930159, "uuid": "5e60e1a1-835a-452d-bfc6-941f4cc2b582", "value": "T1CF3408607E0524C7E68F88F2398E41A6DA51B938F351AC0F62D0BD2DC56B6F04E5E5EC", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647930159, "uuid": "0fa96fe1-9a68-4966-a8fa-2932da28ebed", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647930159, "uuid": "cdf8e61b-0d81-44b9-bf24-92a341705c50", "value": "3072:KoWb05y1i+cIZQ80OE9cxzB2FI5EAblfv2KL8QR69u5RjPwj2bIDh8:KoWb05Ci+cIWY5BYZGlWsqJ2", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647930159, "uuid": "970299a2-5908-4e82-b9e4-1a7fe1fd1b8a", "value": 238080, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647930159, "uuid": "4f87a680-c9ec-486a-b264-00e365c60516", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647930159, "uuid": "527c5f56-249b-4dc2-b8a8-1ef1b6215c1e", "value": "INQUIRY DOCUMENTS & PHOTO.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4a1416ed-a9ea-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647958427, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958427, "uuid": "52e67a31-98f8-4f07-b908-1b1169e4188f", "comment": "Malware payload (Heodo)", "value": "59778ad4da34058325ac7d278f4f1594", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958427, "uuid": "9484b38d-b569-472c-a2a5-59533ce763b6", "comment": "Malware payload (Heodo)", "value": "3721d992f05836ba66d3a73ec97b1f1307b0404fa775d5b4279e32a460791ad3", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958427, "uuid": "5890fede-2afc-41c6-85d1-7d45d2f9cf19", "comment": "Malware payload (Heodo)", "value": "615a52117e6f26da2360348822885c6717d33b33", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958427, "uuid": "1010feac-5ba7-4365-a63b-594ae53a00c2", "comment": "Malware payload (Heodo)", "value": "a515fea357c730f441203d48b4433761f02e3991e48fe221a41492d33c96f56ddeee88a71c6cbfb6ef9f2c3607fe18dc", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958427, "uuid": "bd7e9c6b-9c9d-4a72-9bd3-4457b4580353", "value": "T136059C596B46C0F2C3B53CF0182A42B11D9AFAF2C7B7023B9E84167D9A70DC17768D5A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958427, "uuid": "7129c249-a199-49aa-8742-43b016b9f7f2", "value": "cd97bd977cef263c697f451ae2c47380", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958427, "uuid": "4802894b-9f1d-4077-9834-f76330ae7269", "value": "12288:V20BXOMcVzpWfmmnDDzX5P8fMYsvFE6NKGfLjx8QvbxafqNPOd4jy:V9XOMc1KmmD/X6svFEDGloyNPOO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647958427, "uuid": "6dec5f13-d2ab-4c12-9449-40850916eb51", "value": 799232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647958427, "uuid": "fe01b772-12eb-4077-8440-ed474fc0820d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958427, "uuid": "db1ef5f6-8c64-49d2-bc35-f5261102bf2b", "value": "3721d992f05836ba66d3a73ec97b1f1307b0404fa775d5b4279e32a460791ad3", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c390fb84-a9ed-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647959919, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959919, "uuid": "eabd564e-1939-4ef4-8895-44349050820a", "comment": "Malware payload (Heodo)", "value": "6234dc5f84361004aef28f5ca6585897", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959919, "uuid": "14708a1f-31a8-44b1-bdc8-c6a301bdb9f3", "comment": "Malware payload (Heodo)", "value": "3765e93c181c1ad68b2301f87998390c88ea3387f8fc401e7bc7060aa5b1d591", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959919, "uuid": "2003eac1-c80e-43f1-a146-c9e2a878cb93", "comment": "Malware payload (Heodo)", "value": "40674f4674ad964ffb5a3b987be4742a562ebff6", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959919, "uuid": "3ae40658-0b4a-4c3a-9a13-50d39a904314", "comment": "Malware payload (Heodo)", "value": "3fb90e609514d9239b44e5a3af2965b7014d13bc1f12df07821d676ddd9dabce506599fd686b8b85edca462304bc11ba", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959919, "uuid": "6fd749d8-3126-4847-b26d-b813ab44c108", "value": "T148B4194F1E989172F0CF28776C22FB65F1EBB8009319B8116EA81B4CFB25B715961D4E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959919, "uuid": "66029acb-81ac-4afb-b73e-f9775afb2782", "value": "ea66334e3c2bfce2838f2a75dde8dc63", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959919, "uuid": "669bfc4d-7492-4f89-a0b0-c6c52f9e8dde", "value": "6144:8JZToYE666spbEgoZhZO1tqI+rB7FNXtwN2B5mq8dbSNQ7dqNThMx:8v/goZo+lF/wN2PmBzdqNTWx", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647959919, "uuid": "305fbf86-ce28-49e6-b8ca-719098295386", "value": 516096, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647959919, "uuid": "ae3c0064-a0db-4506-9516-be580d195942", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959919, "uuid": "cda7d148-7abe-4309-b108-e7d7064adcf3", "value": "3765e93c181c1ad68b2301f87998390c88ea3387f8fc401e7bc7060aa5b1d591", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d767c50e-aa0a-11ec-9275-42010a9c0029", "comment": "Malware payload (Loki)", "timestamp": 1647972408, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647972408, "uuid": "02f06b4f-30fe-45ca-8739-959adfe78fbb", "comment": "Malware payload (Loki)", "value": "4f822564bf39f1476d2a206f2687b2a2", "object_relation": "md5", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647972408, "uuid": "82fe7385-38be-40a8-bc52-ae2f5ac4345e", "comment": "Malware payload (Loki)", "value": "3784042ba5d4653614c8dd6af839ff255209f6d80d115af472126c8f68ab80d4", "object_relation": "sha256", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647972408, "uuid": "ba18a951-1a4b-4cdd-9a19-48c962716826", "comment": "Malware payload (Loki)", "value": "f3e3995efaf8b6abbef6303b5b5905d3be4b5eb3", "object_relation": "sha1", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647972408, "uuid": "217290a5-8183-4785-ad8e-ad322b1f8032", "comment": "Malware payload (Loki)", "value": "554c661e969623073b1961e93ffd5b2149ca57d7b4d7bd433ce5c33d06f76008313a6b17b0c112e644736572d6561724", "object_relation": "sha3-384", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647972408, "uuid": "6f63c10d-3c1f-4962-975a-67aa850f51cb", "value": "T1721402133342E4CED6871A7C83E8327A4D56ED419C5AE79229B9FC4816F2DC0464AF6F", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647972408, "uuid": "dd5b9075-7fa4-451a-867d-3b0685b72452", "value": "3072:f96OvH0WLzA/cjyg29GUPqliAOUQpe22XFlcNKmbfF47NlCkX8YmAMmWHvNaPN:BvH07cV6qliAiQzfmbfF4TCkXM7HlaPN", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647972408, "uuid": "3726cfb9-1b7e-4e40-87c4-417edbea1bd5", "value": 191288, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647972408, "uuid": "b750121a-6f17-44a5-89c1-f6564a8087d2", "value": "application/encrypted", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647972408, "uuid": "ea9de865-ab4d-4e8d-a5a3-bde0cdcba11c", "value": "Payment_Advice.xlsx", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8744f3d6-a97d-11ec-9275-42010a9c0029", "comment": "Malware payload (RedLineStealer)", "timestamp": 1647911714, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647911714, "uuid": "fcf78149-71f0-40ba-9241-47366b15d2e9", "comment": "Malware payload (RedLineStealer)", "value": "cd34a56a5aa17d7fd5f9438f9980e012", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647911714, "uuid": "799336c6-5fc9-41a6-97e2-29cd84156158", "comment": "Malware payload (RedLineStealer)", "value": "378aef536e9167355f1026771ff7dab710d6525fd261262d940a6edfeda7dab4", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647911714, "uuid": "be08cc77-0c84-48b8-bf1f-c2ae072a1d81", "comment": "Malware payload (RedLineStealer)", "value": "015f25e32f470a1f9a3568c3020a220ff959c81f", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647911714, "uuid": "8a5a7654-787e-422a-8e4f-90f59844500c", "comment": "Malware payload (RedLineStealer)", "value": "9decea1c590b08f0fc9bd17bb11f0623e92de51e16893be7515619dcc4a794dd17a7cb0663e636e0a92c13faddaddd84", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647911714, "uuid": "ce9bc864-80ee-4b99-a261-fecb475ddcd9", "value": "T1122623631276014FE0E2CC3986377EE4B2F6035E5A43AC7899A6ADC535395E5FA03B43", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647911714, "uuid": "06399b7e-c1df-4d38-b37a-c7bf01657f6c", "value": "b2ec5e305a410e6442f3911ef61575a5", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647911714, "uuid": "defac690-6712-49cc-a00b-7552d7d2e2de", "value": "98304:0wWMQ9ovebb0PaGP1wnsGvCePriq2ImZzVabEzw4Ls1:0w698eMPKCePGqqB4Ezbs1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647911714, "uuid": "246b498e-3dfe-4a5e-b00e-608e4d79d7b4", "value": 4736152, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647911714, "uuid": "80a8fb91-5cd3-4bef-8d8a-c9362d6a4a5d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647911714, "uuid": "b67b41b6-9091-4957-bf3f-1d98380e5f88", "value": "40905558.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7647d9eb-a99f-11ec-9275-42010a9c0029", "comment": "Malware payload (RedLineStealer)", "timestamp": 1647926289, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647926289, "uuid": "44fb3ff1-96c8-498a-9e09-b59e8efb228e", "comment": "Malware payload (RedLineStealer)", "value": "5310612c4dcaaedb878d38685b97f3db", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647926289, "uuid": "766bd627-3195-47f2-8c2a-c50ac00c4721", "comment": "Malware payload (RedLineStealer)", "value": "37cbbc2455358dcd6884309a16814422a2f1e4f9b1d20a473c1e52f8ac6e67c6", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647926289, "uuid": "419b867d-a263-4ae0-a3b0-42c33533844c", "comment": "Malware payload (RedLineStealer)", "value": "25d71b527a95447af900814d28d2665710aab003", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647926289, "uuid": "fae71099-b530-44be-ae57-2e0fb775deb6", "comment": "Malware payload (RedLineStealer)", "value": "ed596bd542c539c41ec6bca811ec3ae66708739d63dfbed645fb7df17962c03bc5ef254ed258a51fa2239140a627c709", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647926289, "uuid": "8efcf0e2-1e52-4fbd-b672-28fc53a695ef", "value": "T12A367D5D8C4D71CC942EE7C81E62C6D4A31FD73735169A3AB1DFA370294BD69EBA2800", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647926289, "uuid": "4575e7c7-e7fd-4180-9d92-fa6b045db29a", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647926289, "uuid": "38ae11a3-067e-4c1d-b222-1ca967fa5ff0", "value": "24576:dq9fWsVILQkgy0auYWpnaz8gddEW6ktY:o", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647926289, "uuid": "d4d727e3-eced-43ca-ae3a-edb8deed9f94", "value": 5221376, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647926289, "uuid": "039bc4a9-f2cf-4ad7-8193-8050549f086e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647926289, "uuid": "4a2610f7-4f51-4c5e-bae6-afd8e2aed8ae", "value": "37CBBC2455358DCD6884309A16814422A2F1E4F9B1D20.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "85c03a6b-a9ed-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647959815, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959815, "uuid": "3a3019c1-8b36-447a-9cb4-fed1358c00e4", "comment": "Malware payload (Heodo)", "value": "15ff678d55e595452a142daa410d928b", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959815, "uuid": "62bb4f4e-7871-4f1f-9d1e-569a5c11d4f9", "comment": "Malware payload (Heodo)", "value": "37cc3b20e2db4120564130b09f5865b8a9cbbeb11dadb73e84469baab5536968", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959815, "uuid": "cdb2abf9-37d0-48ee-acb8-e9c5c878a9a9", "comment": "Malware payload (Heodo)", "value": "71e42fc1eebd843256289bdb01e0e5f27152e9ad", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959815, "uuid": "a8d6b062-dc86-45b7-901c-2206b53717fa", "comment": "Malware payload (Heodo)", "value": "4f8a2a2141e30e1a919f82e013582728bb5eed9c58beff5195d9f0f74e60d74cb4e970c8fc6f8d6c1616d65442821985", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959815, "uuid": "6fef2adf-e9b7-4e34-bb48-713f2afc4210", "value": "T18AB4194F1E989172F0CF28776C22FB65F1EBB8009319B8116EA81B4CFB25B715961D4E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959815, "uuid": "5365c32f-ec2e-413f-bcbe-3df7a2d2caf3", "value": "ea66334e3c2bfce2838f2a75dde8dc63", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959815, "uuid": "a58ce473-0706-42f9-b744-259544dd71c0", "value": "6144:8JZToYE666spbEgoZhZO1tNI+rB7FNXtwN2B5mq8dbSNQ7dqNThMx:8v/goZoVlF/wN2PmBzdqNTWx", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647959815, "uuid": "b1312d69-7ac9-445d-9320-43acea4bede7", "value": 516096, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647959815, "uuid": "8837a182-c1c9-4d9e-8bb3-ed64b1cc3f11", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959815, "uuid": "889a6f7f-89cf-4230-a786-c4c3e67d9d9b", "value": "37cc3b20e2db4120564130b09f5865b8a9cbbeb11dadb73e84469baab5536968", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3f5ee28b-a9b1-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647933927, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647933927, "uuid": "973a42fb-1912-4c58-826b-410efdb6a178", "comment": "Malware payload (Heodo)", "value": "211649c4245ff4d8c6c21a8607d3f259", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xlsm", "colour": "#6BFEB7", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647933927, "uuid": "b82fd59b-52c0-4c4e-882a-5ff55c014d35", "comment": "Malware payload (Heodo)", "value": "37ebd7c101ec6d3c1c023d5d0927e433095814b3da4ea14e91cf89ba2af8d674", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xlsm", "colour": "#6BFEB7", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647933927, "uuid": "d1e2af69-5f78-4a56-8a7d-de2363981f5b", "comment": "Malware payload (Heodo)", "value": "7e9b276aed8e259de8bd25a3ae0d86c815e26818", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xlsm", "colour": "#6BFEB7", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647933927, "uuid": "212e9dfd-b244-4763-b7d4-528d7be45ca3", "comment": "Malware payload (Heodo)", "value": "358fe55c33d2e756d7804cd3bc3aefe00740590b89b21cf847fd6cbd110f5a6bbe2e7efdfb874e4fb6f30af27bb31050", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xlsm", "colour": "#6BFEB7", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647933927, "uuid": "e3503888-835f-4b09-8e82-b88a07d3d1ce", "value": "T15803AF30F2928B99E13A947C478CE9F583288B165141BF2C309563AC5F536B67F8E24D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647933927, "uuid": "fd00c07b-86da-4684-b64f-69a9ed260db6", "value": "768:ibdpCR8kjOZpqcVbZYpoRuBlIiOKMArOooooooooooooooooooooooooooFVIyYS:iwDOZZ1ZYpoQ/pMAeVIyYzaT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647933927, "uuid": "293e74de-a3bd-49c3-8233-9e840c89a808", "value": 39713, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647933927, "uuid": "692d9453-82d1-4909-ab3c-865acd0c23f7", "value": "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647933927, "uuid": "34ae2bd7-4abd-4e1c-b033-c50fdb1fff86", "value": "PO 03182022, United States.xlsm", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "514a3c9a-aa0b-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1647972612, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647972612, "uuid": "e174fb39-b809-431b-93ab-13e00f88b7ad", "comment": "Malware payload", "value": "5660f23c753d50105fc852b5b08bce30", "object_relation": "md5", "Tag": [ { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647972612, "uuid": "744d3fe7-e1dc-40eb-bf3a-4e481535a6dd", "comment": "Malware payload", "value": "37f2c7b6ad38aa1701c37e70ce4ef2db365c07a4bcb082b79cdb3a079e16df81", "object_relation": "sha256", "Tag": [ { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647972612, "uuid": "f05aa2b4-b88b-4165-bf51-fc74a7d4037b", "comment": "Malware payload", "value": "bd7c57e7ff98ffd6e9b2f2a8447e8d0381e95219", "object_relation": "sha1", "Tag": [ { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647972612, "uuid": "0d9c215d-3e31-4a21-bb19-b6dcfbdeae66", "comment": "Malware payload", "value": "39be2c8afcb9837dc9c68dfeb524c8812c49c0d22286f6cb1dcd975ae3f704b297fb374c55b8bc09913351128ed12fe5", "object_relation": "sha3-384", "Tag": [ { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647972612, "uuid": "02919d7f-85c5-421e-87bc-71e3b52520f5", "value": "T18C0412E6FBD84FADFF37263A5D6A340D0A78DFA1CB76C09D9292327788351253091225", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647972612, "uuid": "7cbe49bd-f134-4c5c-a052-39924e4e0406", "value": "3072:WYJ7P6Y5xH1DQ2gvAhHuXavwyorBoGEcO8UWDbDZ7e55mFoqkfk/DBZP8RiU0+Qp:jJ7Prn1zFuKvqrB4xDWDbDZa58oGP8Re", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647972612, "uuid": "18100005-b8ed-40d9-a57e-80f111b1a610", "value": 186760, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647972612, "uuid": "bc964b65-b114-409b-8cf8-7b12cbe7a606", "value": "application/encrypted", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647972612, "uuid": "826c9b1e-2703-4bc1-9b53-285efd84af34", "value": "Bill of Lading.xlsx", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "20e7ddb0-a9e2-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647954922, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954922, "uuid": "50f331ac-062f-46c1-81cb-1b5f569fd3c4", "comment": "Malware payload (Heodo)", "value": "2859f40c16f60c2532b1b7f72a3bc6b5", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954922, "uuid": "29bebcf0-e7f3-4fa5-9601-ceaf622c3ec4", "comment": "Malware payload (Heodo)", "value": "380366e05274e7a9869a94ae669e45a9b1875cd8bfc65d6513a082b9858fd143", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954922, "uuid": "1cb336b4-8539-4279-bc3a-c3f39a58d29e", "comment": "Malware payload (Heodo)", "value": "e8720a780d843f4b2a78dac269f6a3be635d38a0", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954922, "uuid": "0801aeaf-bdb3-4a69-adbc-ba95dd71394b", "comment": "Malware payload (Heodo)", "value": "392194cb6fd02fe26beddc6e740c0a68e2e071489573c4b018f9712fc221fcb967b78b125c42187d9dfee9d44cb4b43a", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954922, "uuid": "309addd0-aa10-4076-8208-32b789de9135", "value": "T121C47D1173C390F0C6576578840FE615AC7BB83C6B18857EB14B62AF4BF78909A346FA", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954922, "uuid": "95c9c08f-1cf7-4063-b106-67e4e13da324", "value": "c7be10fff3b5624b64714e5733abbf40", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954922, "uuid": "f5aa0361-25b9-4d24-bb3e-2a441840a28f", "value": "12288:S54yM33d3q3Z7BogAreNmF+U/9JckIAGfUeb:SKh3831Bo6N6+ADckbeb", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647954922, "uuid": "78a3506c-81c2-47d5-9bf6-29d03caadee9", "value": 580608, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647954922, "uuid": "76623a33-439c-40ee-8f91-27e330908f48", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954922, "uuid": "450fe49b-dd87-434f-be02-80cf07172a46", "value": "380366e05274e7a9869a94ae669e45a9b1875cd8bfc65d6513a082b9858fd143", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ca530aab-a9e1-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647954776, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954776, "uuid": "1760392b-799a-4bc2-a8ea-79ce6d3b148b", "comment": "Malware payload (Heodo)", "value": "867421f32b753478b209fe0ebe8e62c6", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954776, "uuid": "7ea03ed8-2ffb-4c20-b07e-0cb824a46e32", "comment": "Malware payload (Heodo)", "value": "380aa7ad2a6a7f9323106ac4c9d346c4098dcc9ffdbeca1c2ae3c39e93667d76", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954776, "uuid": "5098a765-0896-43c8-96d3-a7f2b9a1cfcb", "comment": "Malware payload (Heodo)", "value": "7b41da8f7133a0d2ee52262544e28fea5e1787a3", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954776, "uuid": "0847874d-84a2-49d3-a4db-f32603d945e3", "comment": "Malware payload (Heodo)", "value": "ea90d50aa2aeb1e391924f21ada54fa745bd56984e58de54d1649db499ecf158e99ef325e336658da5b2a9c8b3e721f3", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954776, "uuid": "f6739cea-1481-495e-b168-92c30b535b9b", "value": "T186B40706B152B13DC24BD0B96E0167A951AED9FD0BB137A3AFA813CC06A34D5735DBC2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954776, "uuid": "865d02e7-7a49-4c9d-8bca-842fba7a0585", "value": "42fe0d732d1bb90c6a7a1bcfb8ef88aa", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954776, "uuid": "a7965bbb-8a04-445a-87c6-0d284c92fe07", "value": "12288:AASStHx1vVHO+1Hx54Rg0p9n4WNL7XE0UdX:ecHfv4qxMnp9l7XE0", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647954776, "uuid": "08b809ea-69dc-4595-bf1a-8766eda55717", "value": 532480, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647954776, "uuid": "8fa701eb-b8ed-4e7b-a0cd-d4ba1f1ebb88", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954776, "uuid": "b81fc935-ded4-431a-95a0-55905d01e58e", "value": "380aa7ad2a6a7f9323106ac4c9d346c4098dcc9ffdbeca1c2ae3c39e93667d76", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6d0dd4f0-a9e2-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647955049, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955049, "uuid": "134f0ca5-ad18-4796-b53a-ac236267eb94", "comment": "Malware payload (Heodo)", "value": "857b3dedf5bfec7cdf603173d9382bfb", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955049, "uuid": "bef82849-212a-4f2f-9ca5-49b87b5bfe92", "comment": "Malware payload (Heodo)", "value": "380e7bc808d2ff58107fae99d67042284ce91c8cc50daa5c16a67ee03b897edb", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955049, "uuid": "8f9aada5-393b-426a-881f-c315bd190cd3", "comment": "Malware payload (Heodo)", "value": "682e1cbd0cdd3bb62ac3ed091527d08858881026", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955049, "uuid": "9cbb56b7-e19d-4d54-9fab-abc16ef046db", "comment": "Malware payload (Heodo)", "value": "3ece5f9b6933cd677df5e57e3f911cc78646b6fc4b6027097e15651d94435b0176d10d56af7284f9aa9e401e5ccaf831", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955049, "uuid": "8ee57eb2-a409-4235-8721-ac789c4c6e23", "value": "T18CD47C82F7429EF2C00B03347C32B2586BADEAD5D2158D6B9398A5AE1F35573493DE43", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955049, "uuid": "39c41321-fd69-4803-8460-27435ed12de1", "value": "e0b213ccd96f46d30dcd8e225f4e9fc9", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955049, "uuid": "bfff61b6-9c4e-46b4-96df-ba2801e60c2b", "value": "6144:XjPgWGbb0OEmS9Vzf5WI9nI1LSfcaJMyhKmZHNRuIfv7YtaIIo0cm59CH7PQ:X0bEtf5WyI1LSfcUfxhstaICRLmrQ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647955049, "uuid": "29c14698-57b7-433c-a163-93ff55a2c10b", "value": 602112, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647955049, "uuid": "15b7f715-178b-4fdf-ac1d-36bbf10d4e58", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955049, "uuid": "17538384-9f77-41ca-86fe-0e1b25d6a146", "value": "380e7bc808d2ff58107fae99d67042284ce91c8cc50daa5c16a67ee03b897edb", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2c702e4e-a9ed-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1647959665, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959665, "uuid": "e622a305-59a9-4b13-a88d-a94fde49782c", "comment": "Malware payload", "value": "d6fe89dfa4d61f2eec4ff9138fce8b88", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959665, "uuid": "aa2d9da8-07f4-463a-9f5b-2eb73c44e9ee", "comment": "Malware payload", "value": "38403adcac4b1f8fb0835fc29719580df49ebfd63b19d570ebc3147380c2f82b", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959665, "uuid": "cb546e8a-4f13-40b9-8c6a-bcaaeb2bf1ee", "comment": "Malware payload", "value": "0873afb77b6861bf41696486fafc3bb27c059c00", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959665, "uuid": "be12a3bb-8099-4529-ae1f-98e63a41fa47", "comment": "Malware payload", "value": "a15d7ed89ade914fdc5e655ed926cc2a86b1a5cb6d6ad191e3e47bef7bb283293ecb3e7b4048b271e0f5b704fefb985f", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959665, "uuid": "bfd33936-7d7b-4e45-b6f7-7fb8974fb0b3", "value": "T125D46C29F681C037D0625A34CC6BDDA5A435BBA02D68645B77FE0F0C4FB97822D272D6", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959665, "uuid": "2cd74250-ad40-4ce1-bb04-0cb256ccc178", "value": "f4938385711daded498908e840357fdc", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959665, "uuid": "f1e18569-77b7-4944-90d3-8d132bcbd5f2", "value": "6144:BFyGzQYR4IeZ4/F9KPlwuoakYPvh6ET41+C62KU38UKq6dnO814A:2GzQYR4IeaAVB6ETW82Ku8UKfdndr", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647959665, "uuid": "9b5b85ce-b32c-4133-8209-96d328894b2e", "value": 618613, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647959665, "uuid": "b8c4d9a2-a5eb-4130-922e-14d214124fce", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959665, "uuid": "6e7c101b-c5bd-4916-b72a-fc0b8f9bd817", "value": "38403adcac4b1f8fb0835fc29719580df49ebfd63b19d570ebc3147380c2f82b", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d68814ad-a9b2-11ec-9275-42010a9c0029", "comment": "Malware payload (AgentTesla)", "timestamp": 1647934611, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647934611, "uuid": "fc1fbebf-9a78-4c2c-96c7-6ce3708355fb", "comment": "Malware payload (AgentTesla)", "value": "aa3e36ad65d9f1fd5f6c4c2b4a5795ec", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647934611, "uuid": "340f80e4-64aa-4b82-9875-aebf6e9fedd9", "comment": "Malware payload (AgentTesla)", "value": "3889644b588e323f70d1bdd1e91e7870701225bc67977922369b00cb1dbc862c", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647934611, "uuid": "d99ce2cc-ae57-4dda-9a26-21e58d35db65", "comment": "Malware payload (AgentTesla)", "value": "bc2d03357eabb2add16267cf83d4fc38557180ea", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647934611, "uuid": "e31c76b5-ea34-42e3-a64b-ffe4237505bd", "comment": "Malware payload (AgentTesla)", "value": "f99f4b338fc36d3fe3808b055eabc396be0503dc939376ad79ac0e50cd891fbe9b2dc068f58bcdc9f9bf242e82310c2c", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647934611, "uuid": "8766542c-b680-42fe-8e07-1bd174dfc430", "value": "T1EC252385F695C727FFBA17F22C20160803F08A577263E7CE7DD1A2DA8267320A754A57", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647934611, "uuid": "e0b9d166-5e78-430d-8b8e-4c5192a79ffb", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647934611, "uuid": "7dcea66f-fb27-492e-a411-9d92d0fe643d", "value": "24576:4KCoh5BdXCLk98c7mLR8m5D4k73zPv7g96SvUZDUdomuN:4KCohxXh9DeR7Uk7zvLSMCB", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647934611, "uuid": "d7c4a7be-6a44-4d64-ac69-0c94196091ee", "value": 1015296, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647934611, "uuid": "1f2fc944-8e0c-475e-9aea-0b2cf5b544fc", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647934611, "uuid": "9b0022b3-dd8e-463f-909b-29e46a6d71d0", "value": "Payment Copy.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b590d7bf-a9e9-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647958178, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958178, "uuid": "407a1240-f3c8-4251-8c50-ab43e3fcba46", "comment": "Malware payload (Heodo)", "value": "1f128d734d904b7fdd5b64e59f5db98e", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958178, "uuid": "f28f86cc-f82e-462e-9e3a-db781de76425", "comment": "Malware payload (Heodo)", "value": "38c0bbcafc5e4bd0af9e4a9097ab0bb36b5e4d274ef78513541a6f83b26ecb0f", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958178, "uuid": "0427d74e-041d-43de-a6f8-8b29c7b1713d", "comment": "Malware payload (Heodo)", "value": "babe553edb315e34540123291f24a479d636c07f", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958178, "uuid": "51491015-d15a-4f58-a1e9-061816211ee5", "comment": "Malware payload (Heodo)", "value": "51ab87988fdec7670fbdaad2c08d92ddc133880582c5a5e8b11c2e2cbbbe40e7d21132766d24ca00ee81cad6274d68ed", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958178, "uuid": "3a078b0b-a4ad-405d-ab9e-38f2b7a1103b", "value": "T161059C596B46C0F2C3B53CF0182A42B11D9AFAF2C7B7023B9E84167D9A70DC17768D5A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958178, "uuid": "84292c8c-7210-4b9e-811a-49511c9e81dd", "value": "cd97bd977cef263c697f451ae2c47380", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958178, "uuid": "c2354b0b-7d99-4073-a371-c43124a9e8dd", "value": "12288:V20BXOMcVzpWfmmnDDsX5P8fMYsvFE6NKGfLjx8QvbxafqNPOd4jy:V9XOMc1KmmDYX6svFEDGloyNPOO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647958178, "uuid": "18449cbf-f22f-43e0-9436-e16527a1f5d5", "value": 799232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647958178, "uuid": "e9b2e90a-ba69-4191-9778-44e6bf65149c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958178, "uuid": "941d6683-1312-42d4-bbed-e7ca957ec4d4", "value": "38c0bbcafc5e4bd0af9e4a9097ab0bb36b5e4d274ef78513541a6f83b26ecb0f", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bc67e21c-a9e9-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647958189, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958189, "uuid": "a45816f0-4389-4122-a25b-1c26ad5a868e", "comment": "Malware payload (Heodo)", "value": "5c491ce0f09f66bc6f9030ac1ddc6725", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958189, "uuid": "1b02f4dc-7cfc-4fcd-9448-97330a1e5661", "comment": "Malware payload (Heodo)", "value": "38da678e6713a06cc23595dcef66180cff320737a536505272087c5175f7ce2e", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958189, "uuid": "3334a7fb-6e3a-449e-9b7a-267edaad7a60", "comment": "Malware payload (Heodo)", "value": "832f018e63f02a80e60cc0679c345c063da89d81", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958189, "uuid": "32233445-6eea-460b-8411-a6a5b3eb9673", "comment": "Malware payload (Heodo)", "value": "898fac2387a4c4db407ebb517e8b738da144546759456d38cc91b8481007aa04655e07aa74c4c464285f47b1b82b467c", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958189, "uuid": "ad3c1592-034b-41b7-8798-c9e7891b84f0", "value": "T12B059C596B46C0F2C3B53CF0182A42B11D9AFAF2C7B7023B9E84167D9A70DC17768D5A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958189, "uuid": "efedbb8b-f7df-4512-80b4-57189e76dc64", "value": "cd97bd977cef263c697f451ae2c47380", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958189, "uuid": "b27f0e05-fb2b-47aa-b50e-354b297da293", "value": "12288:V20BXOMcVzpWfmmnDDAX5P8fMYsvFE6NKGfLjx8QvbxafqNPOd4jy:V9XOMc1KmmD0X6svFEDGloyNPOO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647958189, "uuid": "9ec6e15b-d9f5-4ce6-bbd0-54ccf6176c26", "value": 799232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647958189, "uuid": "08fcd046-6ae9-4314-b76e-b09eee952b00", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958189, "uuid": "774069e5-ab5b-4ee6-b228-d04f2c63df02", "value": "38da678e6713a06cc23595dcef66180cff320737a536505272087c5175f7ce2e", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c531fe05-a9e1-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647954768, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954768, "uuid": "9ca97db4-ddf4-4229-bbd7-69358e345a72", "comment": "Malware payload (Heodo)", "value": "55424ece0f036fed90d34cfb609222ef", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954768, "uuid": "1fff4d7d-c718-4a06-9b33-0448d4126fd6", "comment": "Malware payload (Heodo)", "value": "38e42f6f6a61f2adb4e8dbf782c7f3eb9f4776c03be8a961487538b755f3a509", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954768, "uuid": "c2246828-260d-4636-b5ef-9d7b4a13e853", "comment": "Malware payload (Heodo)", "value": "e26152ea40c51d7c346875b77db82a70efd06824", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954768, "uuid": "697e9637-7acc-4901-9986-654a26ec3f75", "comment": "Malware payload (Heodo)", "value": "2f4a59fa65ee416aa596980d1e46857e08d08e497f858b3ab0e43966065f23e0b18df4521c2db9a5cd39bb457ab87a9f", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954768, "uuid": "402d8965-998a-4a05-ada8-835eeaafd2e9", "value": "T1CBB40706B152B13DC24BD0B96E0167A951AED9FD0BB137A3AFA813CC06A34D5735DBC2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954768, "uuid": "e64439b3-95c1-4871-8185-7e96cb6261e1", "value": "42fe0d732d1bb90c6a7a1bcfb8ef88aa", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954768, "uuid": "9259c38c-75f8-4b6b-bfea-a8b17ff9e453", "value": "12288:AASStHx1vVHO+1Hx54Kg0p9n4WNL7XE0UdX:ecHfv4qxbnp9l7XE0", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647954768, "uuid": "8cf7389f-4b7b-49c7-a10a-3056fce42181", "value": 532480, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647954768, "uuid": "4e41cba9-d93c-485b-a6ef-de95bc415d94", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954768, "uuid": "b3ede30a-c3f8-4558-ab41-26784aa50910", "value": "38e42f6f6a61f2adb4e8dbf782c7f3eb9f4776c03be8a961487538b755f3a509", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8bafb6fc-aa12-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1647975717, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647975717, "uuid": "cd70bc9b-4f62-41de-a1d2-55fa62b98128", "comment": "Malware payload", "value": "4560f57ab01b838a297245f1b7c202b8", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647975717, "uuid": "c1492a21-6f9d-4a85-94cd-8d124a48bb2d", "comment": "Malware payload", "value": "391b5a532fcbb94d2960a61d9029e2b809f3d8a5f1b7479942562cec85684182", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647975717, "uuid": "10b00500-8e0e-4b52-bd26-d163eb8d40e6", "comment": "Malware payload", "value": "e9d9671cfb75a64d2108fb12adb8d01fde22cc9b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647975717, "uuid": "e4889bff-43fb-45c7-91d8-5e8d3b8089b3", "comment": "Malware payload", "value": "b1f8873a948546a1acb70418e64323e16a681f683da44536e762b5b2f18bfce49db29076fd1156282472458c5a2d0d18", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647975717, "uuid": "02b478f1-261f-435b-8879-854a59ad1653", "value": "T130663372602D2474AFC4238DA28152BB2AF442E1DC638BFB21EF5D5A065B61F72BDD41", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647975717, "uuid": "cdbbb73f-95cf-490a-bfd4-0bfeb59332cd", "value": "196608:PHxAoAMQDDCV5DqhXb0xEwoWJ5dENJv88:Ph/QDGV5iXIATLvr", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647975717, "uuid": "bdb1fc82-6f8a-464f-9db8-7311b7d7fe3d", "value": 7071647, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647975717, "uuid": "d424f6f5-772e-4f27-b424-c4dec68c6892", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647975717, "uuid": "5ba07856-ac83-4617-8d56-e36258f14b56", "value": "4560f57ab01b838a297245f1b7c202b8.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ceea37f9-a9df-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647953925, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647953925, "uuid": "524b8fde-cea9-437d-8fd0-3c3058b9ff7f", "comment": "Malware payload (Heodo)", "value": "3287ef89b62a6e51e144fe9717558cc4", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647953925, "uuid": "71d8ba0b-aba2-4bc1-9764-56d9d0ba54a0", "comment": "Malware payload (Heodo)", "value": "3938a8413756b6e32bf5a09bce70b1f71acccab016e75ba71e2f7a237ac991ec", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647953925, "uuid": "0fb4cff1-f278-4ad1-b995-bd0e9581323c", "comment": "Malware payload (Heodo)", "value": "f0ab7201f5ea5d25f8fa3e73fb3682fb5b18e277", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647953925, "uuid": "b28ef7c8-7e22-45ba-b189-f94c64f86ac5", "comment": "Malware payload (Heodo)", "value": "6b4d15e4a07c6f3de50152b422ea4f4f3ed9ca4c7e107dc76a4eb46bdb613056d8825f8f6c2aacee2552c1f575346d51", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647953925, "uuid": "21ee8e72-4c80-4575-8f62-585ebcbadfbc", "value": "T1E125AE223AC5C07BD2BF16364506AB6E62F5FD304B359AD76BD02BAD6E345C28735302", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647953925, "uuid": "a9c4e5c3-6b9f-4730-87f0-e5a51e4f59cf", "value": "c43d7d6aae03def404d4e73d7d3f62eb", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647953925, "uuid": "ee6665bf-b9dd-48ee-b3ec-9ed9832d392f", "value": "12288:3EfTTMN0tPXuuddE6R4eehQv1mR4z+ZdnQ2v02gesq3MOeqxyo8:3EfTfvuaR4rhQdmuqI3HcMOeWyB", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647953925, "uuid": "6079a85d-f6ec-441b-a5bf-4ed58acf3648", "value": 1036288, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647953925, "uuid": "367b5d95-6039-4b9c-9c69-cf2d05e9d41a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647953925, "uuid": "1a6b25a9-ef42-4db3-8c09-5c828cfc044f", "value": "3938a8413756b6e32bf5a09bce70b1f71acccab016e75ba71e2f7a237ac991ec", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0ac4a6a6-a9e9-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647957891, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957891, "uuid": "a10f399b-04a1-4964-8fab-29fd88fdf095", "comment": "Malware payload (Heodo)", "value": "4f59984e4e495f70d31e87defd5f5496", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957891, "uuid": "87575ee7-8e89-4aa1-82eb-a4ae2b4f931f", "comment": "Malware payload (Heodo)", "value": "3a148e835ba5b1df0b3a42d5f5b0b52542605ed9bd86e8cc81551c8270c91996", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957891, "uuid": "a11a988b-de28-47df-b0de-d2d9f4904484", "comment": "Malware payload (Heodo)", "value": "6c39dbadcffc7ca904ed89423601ea31491a5fbd", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957891, "uuid": "40ab6d1a-4eef-423f-8f36-68b7813bb691", "comment": "Malware payload (Heodo)", "value": "0fd42cc121fc1c9cc3d29fa0e6a6ed79b154b2cee76beef0ac14116f2cc863f018ae6b21faaf95096ce1f5b91f167fa4", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957891, "uuid": "f69630fc-61cd-44d5-ba7d-af9a82ac5e4f", "value": "T1E6059C596B46C0F2C3B53CF0182A42B11D9AFAF2C7B7023B9E84167D9A70DC17768D5A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957891, "uuid": "6b1402fb-210e-4407-a17b-85947a79c2bf", "value": "cd97bd977cef263c697f451ae2c47380", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957891, "uuid": "be31e182-84e7-4be7-bdb5-ed86779d8d36", "value": "12288:V20BXOMcVzpWfmmnDDXX5P8fMYsvFE6NKGfLjx8QvbxafqNPOd4jy:V9XOMc1KmmDjX6svFEDGloyNPOO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647957891, "uuid": "876a01be-1574-4a1b-9027-ab57c2891439", "value": 799232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647957891, "uuid": "70a65eaf-7833-40d4-aa5a-224bf3aa98d1", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957891, "uuid": "c2a91f36-8959-42c8-af24-b65e662cb7c4", "value": "3a148e835ba5b1df0b3a42d5f5b0b52542605ed9bd86e8cc81551c8270c91996", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "08372dfd-a9e9-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647957887, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957887, "uuid": "9b216b09-8320-468b-8302-a07fd330f918", "comment": "Malware payload (Heodo)", "value": "3185f255263bdf5ba92dcb8178234647", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957887, "uuid": "67b5e3c7-13c8-4b8d-95d4-7d7669e90fdf", "comment": "Malware payload (Heodo)", "value": "3a5b378743163174ccec9905e5ecf275ab9011b2d2fabbd74419792febaf1cc5", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957887, "uuid": "278b1fd0-986e-4c08-bfd9-617aacbe1a5b", "comment": "Malware payload (Heodo)", "value": "59aa53d9f88e584df05d2d6b6ee81e1304dd2a54", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957887, "uuid": "2f0583fc-e4da-406c-9323-5d4e4150bf44", "comment": "Malware payload (Heodo)", "value": "d736a498dee3faa9e261eff358ac363bbb11817010927ff0faee82fb3100fd7f98e905d05900d7d7af51632f0dc2007a", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957887, "uuid": "c8a4402e-9515-4ed2-8e96-273c54384e5c", "value": "T1BB059C596B46C0F2C3B53CF0182A42B11D9AFAF2C7B7023B9E84167D9A70DC17768D5A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957887, "uuid": "5200dd0f-df7a-4c7c-a448-2b0fd369db60", "value": "cd97bd977cef263c697f451ae2c47380", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957887, "uuid": "06ecd5f7-b0aa-499f-8734-1db1ceec7499", "value": "12288:V20BXOMcVzpWfmmnDDoX5P8fMYsvFE6NKGfLjx8QvbxafqNPOd4jy:V9XOMc1KmmDsX6svFEDGloyNPOO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647957887, "uuid": "bb54c60c-7055-4529-b82c-8846d70a0016", "value": 799232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647957887, "uuid": "0b1b40bd-c6f4-4f12-9de3-30a3f2bbaabc", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957887, "uuid": "6ea5fcd9-fe6e-4502-af2c-11deda234e2f", "value": "3a5b378743163174ccec9905e5ecf275ab9011b2d2fabbd74419792febaf1cc5", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a358906a-aa0f-11ec-9275-42010a9c0029", "comment": "Malware payload (Formbook)", "timestamp": 1647974468, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647974468, "uuid": "25c9fb4d-e299-490d-b813-bcb0fa6e11b1", "comment": "Malware payload (Formbook)", "value": "fa7fe02db6e58035650e0d45ad830187", "object_relation": "md5", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647974468, "uuid": "be982fc4-47eb-4bc2-92c4-875b49dc62ed", "comment": "Malware payload (Formbook)", "value": "3a8580e7cc52e8a5b48c1612bb26d91322e420c07ec1117b1009e13f9bc0992e", "object_relation": "sha256", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647974468, "uuid": "21c49102-47f4-499d-a986-72108aa78ebc", "comment": "Malware payload (Formbook)", "value": "2fbc7c49f6d9d1a01d4307102ed8ba395cca0a61", "object_relation": "sha1", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647974468, "uuid": "6e46d24f-c767-47f3-a232-2bc19d7d8aa6", "comment": "Malware payload (Formbook)", "value": "dedb6f03fa93809c06b5d952100f7b327b42058362c61328e4728d79a4e72b6a7f495b8c3561f552e01feeb34302d9ef", "object_relation": "sha3-384", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647974468, "uuid": "14e7e60f-3b02-40ea-9a7b-0543ee5f8dec", "value": "T13CA5DC31B1327A87C3161461565FBE86530CBE47B2C65F8CA04DFBF82CE6CA69342D5A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647974468, "uuid": "7917ff6b-06d7-4546-b152-a987d4a30feb", "value": "1536:2ch6dtRGWbCtpl5kmrJ//RFxXxBpzB9TBtiBqK8Qf6YXkY0kY0kY92i3e+6fw5b2:mZ0H", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647974468, "uuid": "346d3c49-cb13-45f2-84f0-039a908ab30c", "value": 2172158, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647974468, "uuid": "5e97efda-96e5-48b2-9b0a-a971ec17c630", "value": "text/rtf", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647974468, "uuid": "e67eaa43-3cf6-4797-9198-c892b01221c9", "value": "swiftcopy290.doc", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fc1e5a46-a9e1-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647954860, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954860, "uuid": "072eaba1-3a58-43fc-ab8b-f9e29e630576", "comment": "Malware payload (Heodo)", "value": "0a2ab6d469b36d8a16d90d982023959b", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954860, "uuid": "fa80b1e6-86a2-43b2-8828-a0757059cdc9", "comment": "Malware payload (Heodo)", "value": "3a95f37e5679f01647906d3545adaf06a81a5e18017a5486629f8cd34f5d1692", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954860, "uuid": "a801da13-5eaf-4e07-bcbe-85c702dcaba4", "comment": "Malware payload (Heodo)", "value": "c4876cd44e0b44707202a0d2b8c3e2dc890b8f49", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954860, "uuid": "9c6534f4-5da9-4ac0-a74a-90bca4e788e7", "comment": "Malware payload (Heodo)", "value": "3b8a2312c706b34f94a8cc4b178b1b3062b6858d908f98d88f9ae6b563e8dd06d8f9ba89a31cb3a0a3cbfedaaee46f68", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954860, "uuid": "cb88a9d9-49df-46b2-93f8-fcc633e8ca7a", "value": "T1A5C47D1173C390F0C6576578840FE615AC7BB83C6B18857EB14B62AF4BF78909A346FA", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954860, "uuid": "a3f44f11-d070-4766-8a13-7617eb84316a", "value": "c7be10fff3b5624b64714e5733abbf40", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954860, "uuid": "2190c411-74c7-48bf-86be-bb9980e332dc", "value": "12288:S54yM33d3q3Z7BogxreNmF+U/9JckIAGfUeb:SKh3831BorN6+ADckbeb", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647954860, "uuid": "af1153be-9800-448f-a7d5-59d4cdb2b6ee", "value": 580608, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647954860, "uuid": "dd21d003-38d4-4237-95bb-42a3c9cf0e9b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954860, "uuid": "26ed5949-1759-48ef-b84e-a2867ed160db", "value": "3a95f37e5679f01647906d3545adaf06a81a5e18017a5486629f8cd34f5d1692", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0dcf74ab-a9e9-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647957896, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957896, "uuid": "804e8755-2898-4ef6-906a-474c7f24e374", "comment": "Malware payload (Heodo)", "value": "2236c1e201a4352439a24788b11d8e6b", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957896, "uuid": "2e02e349-8559-4684-944b-2229daf90e6e", "comment": "Malware payload (Heodo)", "value": "3ad2cd79dbb625a1a32e0a8a66c364e3efa1b25561970cdc94db21eeb7c3d1c2", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957896, "uuid": "5a34c64d-fffd-4b1d-b2e1-8d76c0401fbc", "comment": "Malware payload (Heodo)", "value": "1b666ef9497bc15c80e2cedc8b2d6baff6ccd0ce", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957896, "uuid": "273e3f7b-0dfe-4b16-b762-f65478b797a6", "comment": "Malware payload (Heodo)", "value": "d02c265671b499a10e6bd253a128ebb5b4823facef5c3394a62590d45313c101f7b9acf7984c52350da1a9bb373efceb", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957896, "uuid": "34d0e5f3-4f92-455e-b27e-97c15213cadc", "value": "T1AD059C596B46C0F2C3B53CF0182A42B11D9AFAF2C7B7023B9E84167D9A70DC17768D5A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957896, "uuid": "98b41a1b-be7d-400b-9eec-aebb63532ea4", "value": "cd97bd977cef263c697f451ae2c47380", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957896, "uuid": "558d6add-b8c6-430e-95a8-97b105226d08", "value": "12288:V20BXOMcVzpWfmmnDD7X5P8fMYsvFE6NKGfLjx8QvbxafqNPOd4jy:V9XOMc1KmmDXX6svFEDGloyNPOO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647957896, "uuid": "2748248a-3c10-4cbd-8fb3-3c791bce6e36", "value": 799232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647957896, "uuid": "443c998f-8d93-4218-86d8-416186ebff9f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957896, "uuid": "c78c3a4f-c09e-45b8-b947-b54244de1234", "value": "3ad2cd79dbb625a1a32e0a8a66c364e3efa1b25561970cdc94db21eeb7c3d1c2", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "281295af-a9e0-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647954075, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954075, "uuid": "e731c3f1-fd51-4532-9631-011aeca8860e", "comment": "Malware payload (Heodo)", "value": "0b1be804a2ac133763adc8c2dfe79945", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954075, "uuid": "697406f8-2e56-4d55-91f2-67e1d869e740", "comment": "Malware payload (Heodo)", "value": "3ae612ac563209474ea194e029b99d40503fce167ae8d6989a97e46f011f57f3", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954075, "uuid": "8a6b1a9a-f91b-4703-aead-72aea921b38b", "comment": "Malware payload (Heodo)", "value": "5dbcd6e4ca5f6c8cb2d9bdaaadb3e59dc478add5", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954075, "uuid": "b5996c0c-1c53-4c3f-a95b-bc55bf82f676", "comment": "Malware payload (Heodo)", "value": "f0a6603654448fc8a1d88ae1a19289278795ef3b90a833bcb0f0edab388c96294a77ff2865fda8e1a14e543407083b26", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954075, "uuid": "8c6e52a5-f6c8-4ce0-bcdb-c7cda6fb7577", "value": "T1B625AE223AD5C07BE2AF16760506E76E62F5FD304B2586C36FD11BAE6E345C29739302", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954075, "uuid": "2add21e0-76d6-496a-8880-9060ff26d4b5", "value": "c43d7d6aae03def404d4e73d7d3f62eb", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954075, "uuid": "6f28ce21-8c56-4797-9b44-27be3f0278ed", "value": "12288:+LDlVD0Fj+g1dEJgcIzQHBKeWZlQ05tFjNRLU:Ci6fgcIcHB8ZTbLU", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647954075, "uuid": "5f8e18ec-821d-4f17-93ac-ccb41ce83022", "value": 1028096, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647954075, "uuid": "d2fde50a-7f22-49e9-bfa2-edad79334400", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954075, "uuid": "5f367a8d-5ded-47a5-8119-427d49984d1e", "value": "3ae612ac563209474ea194e029b99d40503fce167ae8d6989a97e46f011f57f3", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "12e10a9c-a9e9-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647957905, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957905, "uuid": "068b86a0-098b-44b0-bbb4-b083adff8046", "comment": "Malware payload (Heodo)", "value": "2c3eab1b12534261db26a271d8c9ef1f", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957905, "uuid": "a0c245a6-112e-4634-8c88-bab15da5b81e", "comment": "Malware payload (Heodo)", "value": "3b1213f3f31266b9132308c84042b3e15764fbe918a1e8e8ffd42ca2592809d7", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957905, "uuid": "06f60fc3-3c6a-462c-87b6-bd7cf39081f3", "comment": "Malware payload (Heodo)", "value": "9b62d30096ea1609bbf47a12c330c4a6108b3da8", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957905, "uuid": "3428d293-40bf-42d7-a405-7b6cf782a2f5", "comment": "Malware payload (Heodo)", "value": "c9ff5db347abd7ca02f890f5dfc0e1bd7acd02a1c2ce19e3758e829fa1e5f4bc6316a76d2bc4e56d489549e7380f17b1", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957905, "uuid": "104484aa-0192-4054-85e0-fdf22d9763b2", "value": "T1CD059C596B46C0F2C3B53CF0182A42B11D9AFAF2C7B7023B9E84167D9A70DC17768D5A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957905, "uuid": "415a5b75-0cec-4e6a-a8ff-682a18266ac2", "value": "cd97bd977cef263c697f451ae2c47380", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957905, "uuid": "64aa2608-d8fa-43b8-827c-faea09f4da4d", "value": "12288:V20BXOMcVzpWfmmnDDOX5P8fMYsvFE6NKGfLjx8QvbxafqNPOd4jy:V9XOMc1KmmDKX6svFEDGloyNPOO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647957905, "uuid": "9ae942b0-ee2e-49ec-bfeb-89da937aeb48", "value": 799232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647957905, "uuid": "38395325-5c72-4d2b-a3f9-e67ddac4ecab", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957905, "uuid": "dd67ed13-6520-4cff-b147-31d2c42eedbb", "value": "3b1213f3f31266b9132308c84042b3e15764fbe918a1e8e8ffd42ca2592809d7", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e4d9d903-a9d9-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1647951385, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647951385, "uuid": "7d54fae9-619e-4271-96bd-1dd5949581f0", "comment": "Malware payload", "value": "7d20fa01a703afa8907e50417d27b0a4", "object_relation": "md5", "Tag": [ { "name": "DoubleZero", "colour": "#331A25", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Wiper", "colour": "#614E92", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647951385, "uuid": "0e6b014d-305f-4a5c-b2e6-906698d70759", "comment": "Malware payload", "value": "3b2e708eaa4744c76a633391cf2c983f4a098b46436525619e5ea44e105355fe", "object_relation": "sha256", "Tag": [ { "name": "DoubleZero", "colour": "#331A25", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Wiper", "colour": "#614E92", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647951385, "uuid": "d1545cc7-8564-4c33-b838-c00a56043eae", "comment": "Malware payload", "value": "320116162d78afb8e00fd972591479a899d3dfee", "object_relation": "sha1", "Tag": [ { "name": "DoubleZero", "colour": "#331A25", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Wiper", "colour": "#614E92", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647951385, "uuid": "b606e2a3-64f5-4255-9e99-cfa08d855dc4", "comment": "Malware payload", "value": "207552b895a6501c4fda2e931d151c5c11062e8b6c897aff7c0a60f19bfbca2ca7758adab70a79e9c0835d6a834f94ca", "object_relation": "sha3-384", "Tag": [ { "name": "DoubleZero", "colour": "#331A25", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Wiper", "colour": "#614E92", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647951385, "uuid": "68ec256c-4b58-4579-9eb0-37a1e5153fbe", "value": "T1E49443BEEE4DA9CFD8ED1EB4238417F332E5548641A26EC99F85C7236B6C140E19C583", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647951385, "uuid": "004b76b0-d22d-4e4e-997c-61f9bb6929bc", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647951385, "uuid": "6089dba7-f453-4482-b8ef-d3a61bea91f7", "value": "3072:Ga1HoUY9aEnRUx4DZLQHkRduVhiHm5Pz6GaYtxcpKnyWOtq:GwYznRC4DpduVnxzsYtxWWOtq", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647951385, "uuid": "563391d8-0ce4-455c-aea8-06dad7fb1963", "value": 429568, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647951385, "uuid": "020de4b6-c42a-4a24-ba10-4471a431939e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647951385, "uuid": "fdb3b8a1-f820-4a1e-ab9e-4e212c786cbf", "value": "3b2e708eaa4744c76a633391cf2c983f4a098b46436525619e5ea44e105355fe.bin", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "211e2c1b-a9cc-11ec-9275-42010a9c0029", "comment": "Malware payload (RaccoonStealer)", "timestamp": 1647945473, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647945473, "uuid": "20523c8f-40b9-4503-92c5-a0482d714baa", "comment": "Malware payload (RaccoonStealer)", "value": "284351c103f94500e7ec46bfe5feff3f", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647945473, "uuid": "c94708f6-4a90-4a5f-9757-51577a86f15c", "comment": "Malware payload (RaccoonStealer)", "value": "3b43575904dc89bb8b1e0f12b66cff78e59959b20f99e76bab08fb27bb5a8f82", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647945473, "uuid": "70c0f3c1-cbe9-4184-a94d-5c90847c9ddc", "comment": "Malware payload (RaccoonStealer)", "value": "942f35e0a92e3101fafe2c2c7228ed20382e209e", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647945473, "uuid": "7a649ea1-8c50-48a6-bb4c-b832bd104a8f", "comment": "Malware payload (RaccoonStealer)", "value": "87f93d53ff60c5f86941e598bf3f2056e930b13cec337afc15c60ec5f0d4608b41f7772271648646a25850b2cffbb933", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647945473, "uuid": "8e8459f3-72fa-456b-89bc-1eaf54817ff1", "value": "T144B4125CBBB1C532E482143276B4D3A24C76B472A6219DD3B7882B1DBF753C46BB2352", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647945473, "uuid": "60bd68eb-7c6d-4f01-8170-8234e372e2c9", "value": "82d4c36ef8d8d93a7382f02fd78b23b0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647945473, "uuid": "ddc7dfaf-8aab-4e3b-9405-93504a401bca", "value": "12288:pK7Y4BtWd712TH7hHa7K3BAGKmKktvOfkjgfuY:prMt612/Ba7UBA6msjYuY", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647945473, "uuid": "87cc398f-7ce2-49da-9a7b-9c52779b0f92", "value": 525312, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647945473, "uuid": "6c3b7bdb-8624-4b84-83ad-557b7c673335", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647945473, "uuid": "1b4aa1c5-8ef1-4465-8d6c-54264aca5430", "value": "284351c103f94500e7ec46bfe5feff3f.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1060e5c1-a9e9-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647957900, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957900, "uuid": "4d847bce-d987-4be4-9f0d-7224462906bd", "comment": "Malware payload (Heodo)", "value": "24908e4c9a740014970bda656bf9c1d9", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957900, "uuid": "1baf0f32-8e53-46bb-bb4e-ab40522a7c49", "comment": "Malware payload (Heodo)", "value": "3b55a8fa57feaa173487413462a75c99d02d1b6bd69acee48737be2f8fcd1c0d", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957900, "uuid": "1311b3cc-f7c0-4c75-978a-79778d25fb0a", "comment": "Malware payload (Heodo)", "value": "dfe38f05e0052c0feb83c1c6b4c775a71790ad25", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957900, "uuid": "96518381-eddb-4206-acaa-959b97dce422", "comment": "Malware payload (Heodo)", "value": "c4544efd6ac36a0936c2c32e017ce87a1b30a56b08cf8f1e555b488e41a9b153d99b1f4a83861614d47c803e888f3342", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957900, "uuid": "38c42194-52bc-440f-a5d6-b6af1d362a9b", "value": "T10C059C596B46C0F2C3B53CF0182A42B11D9AFAF2C7B7023B9E84167D9A70DC17768D5A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957900, "uuid": "36e6bed7-718f-4a22-a40f-e8af083f6617", "value": "cd97bd977cef263c697f451ae2c47380", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957900, "uuid": "06214d73-fc00-43c6-a770-bf75684973df", "value": "12288:V20BXOMcVzpWfmmnDDcX5P8fMYsvFE6NKGfLjx8QvbxafqNPOd4jy:V9XOMc1KmmDQX6svFEDGloyNPOO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647957900, "uuid": "5f98f4a0-3706-4f91-80b1-51265924e55e", "value": 799232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647957900, "uuid": "e0c75fd8-e2da-4bc1-bd15-897a16dfdf65", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957900, "uuid": "25ad7582-1365-4a5b-9649-d87f6d88c3a0", "value": "3b55a8fa57feaa173487413462a75c99d02d1b6bd69acee48737be2f8fcd1c0d", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3b9598d1-aa0e-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1647973864, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647973864, "uuid": "47c27343-16e7-46f0-b0b0-c093e58a9a34", "comment": "Malware payload", "value": "adf0907a6114c2b55349c08251efdf50", "object_relation": "md5", "Tag": [ { "name": "lnk", "colour": "#358D31", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647973864, "uuid": "3287caed-82cc-4efb-9f4b-ecf741241b3a", "comment": "Malware payload", "value": "3bb2f8c2d2d1c8da2a2051bd9621099689c5cd0a6b12aa8cb5739759e843e5e6", "object_relation": "sha256", "Tag": [ { "name": "lnk", "colour": "#358D31", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647973864, "uuid": "04ef8786-b0df-4ee0-9858-edfa43a5a346", "comment": "Malware payload", "value": "aa25ae2f9dbe514169f4526ef4a61c1feeb1386a", "object_relation": "sha1", "Tag": [ { "name": "lnk", "colour": "#358D31", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647973864, "uuid": "c244d8bc-4a58-48a5-8b8e-fb815ffe8997", "comment": "Malware payload", "value": "d8eba3afc2583458433a3baabf3755137342e5e2a1910ae93156652aabaff5f49754fd185d68afaf5fcd54d650d63a5a", "object_relation": "sha3-384", "Tag": [ { "name": "lnk", "colour": "#358D31", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647973864, "uuid": "6fad3aee-7deb-4551-b32b-227352546412", "value": "T1E32102024BD06B65D2338E32583AE3318721FA65EE47D71C8880E1C86C70608F97AE5A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647973864, "uuid": "cb852c07-1b0b-4766-996f-7d794160c0f2", "value": "24:8vYKblZ27llTyAzPe8+/ClMhRO4I0W6GF5AlWyrH4qm:8v5Elltz2ulMhHIHvyb4q", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647973864, "uuid": "59e5fbfb-f060-47ce-84b0-a071cc94513f", "value": 1237, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647973864, "uuid": "de1128ca-a852-4a48-9afb-4dcb3929c8e7", "value": "application/octet-stream", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647973864, "uuid": "e26ef3ae-01a4-4fb3-a0fc-e98933c1616b", "value": "document.lnk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "15478e02-a9e9-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647957909, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957909, "uuid": "c131b794-55ea-4abd-867c-18a8fa4847d7", "comment": "Malware payload (Heodo)", "value": "d8d009f53ebbf52bf803dd875dd82b73", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957909, "uuid": "9e974c0b-c24a-494a-8bbb-d2b586c414bf", "comment": "Malware payload (Heodo)", "value": "3bdd20c2bf050b1806b18504a18abbffa28d286e7e10a5e586ca05fb663a65f2", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957909, "uuid": "1d63fec6-05d2-4768-b6b3-fea9b1109650", "comment": "Malware payload (Heodo)", "value": "6bfa38597ceb2c83dc9a70d31dbabead0f8450cf", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957909, "uuid": "916ba929-8f60-4e43-a7e8-19e3143cef3e", "comment": "Malware payload (Heodo)", "value": "c28eae31ac917ec614745b3f9d00a492e49afc7c3b507d7242e81463866c054e46b34502332a539e53b90109aa7e7bcb", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957909, "uuid": "82ddb2df-da36-46f7-bc40-cb38cd4f053a", "value": "T1B9059C596B46C0F2C3B53CF0182A42B11D9AFAF2C7B7023B9E84167D9A70DC17768D5A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957909, "uuid": "82272f75-b7df-48a1-9531-ffe42e5517cc", "value": "cd97bd977cef263c697f451ae2c47380", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957909, "uuid": "04d4221b-6ac1-4579-a6a4-73cb77ebe130", "value": "12288:V20BXOMcVzpWfmmnDDuX5P8fMYsvFE6NKGfLjx8QvbxafqNPOd4jy:V9XOMc1KmmDSX6svFEDGloyNPOO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647957909, "uuid": "4f9763fb-84a3-49f4-b788-7cd2d3d6c3f4", "value": 799232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647957909, "uuid": "75bbc7ca-f9c2-4e5f-8eeb-82dbe6e41897", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957909, "uuid": "07e3af35-f848-4b46-ba9d-8b3b2e1dfddb", "value": "3bdd20c2bf050b1806b18504a18abbffa28d286e7e10a5e586ca05fb663a65f2", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "91d1cacc-a9e2-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647955111, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955111, "uuid": "7bb7197e-10cd-4927-8909-690e0b858f0d", "comment": "Malware payload (Heodo)", "value": "2a4ef666512241fe3ec3e0c1232c34c4", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955111, "uuid": "0f060815-8f9e-49e0-a9be-bcca46034c0c", "comment": "Malware payload (Heodo)", "value": "3c0aba84b6a8d68c28bf7e7843d040ab45b92353a63e85fde2aadc2f1cad3ffc", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955111, "uuid": "cee9dd6c-6970-4a0e-980d-37f014e412b0", "comment": "Malware payload (Heodo)", "value": "2b2cbdae09ec84d113270552a1172fe56ecf8f01", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955111, "uuid": "1ffcc073-1d4c-4968-b376-0c539a77c0be", "comment": "Malware payload (Heodo)", "value": "710cb3917f2d5c940303ddb248fa3826d2de53bcdeeb22ffe9d0266145275c1696ba69c841112472b39a5fd0adab33bd", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955111, "uuid": "6fa5ba39-71ba-41c8-8fbf-432b09050e29", "value": "T1D4D41950735AE1B7D0429CB58D1A82B5A90F6CA14A2471F3BBDE371DEB789B017213CB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955111, "uuid": "e5c74e2a-ee48-40fd-8f73-0be420569e65", "value": "463401f61c44b0d918f1e23374db995b", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955111, "uuid": "43765b16-938f-434c-ad00-5ec23acd60c3", "value": "12288:DjN/Z2wkRrA9CRDCsElAjHDsndSyHOrNvEP0Oua:dEHR+CREyfsMyHOpJL", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647955111, "uuid": "06f4223e-6804-448e-a35f-eccd50d3b3c3", "value": 613888, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647955111, "uuid": "da447c85-603b-4c5c-8d7c-9c8f2f39d856", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955111, "uuid": "18fce317-41fc-4ab8-877b-e51277e995da", "value": "3c0aba84b6a8d68c28bf7e7843d040ab45b92353a63e85fde2aadc2f1cad3ffc", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "216625cc-a9d5-11ec-9275-42010a9c0029", "comment": "Malware payload (Loki)", "timestamp": 1647949339, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647949339, "uuid": "36b6fd9f-2f8b-4324-b837-703c6ea29b63", "comment": "Malware payload (Loki)", "value": "61654d28e769b9ad28fd296ac06f776c", "object_relation": "md5", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "Lokibot", "colour": "#9C190D", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647949339, "uuid": "9b5c982c-ad84-498c-b3a4-97508de7bbb1", "comment": "Malware payload (Loki)", "value": "3c85507fdfa4f3d3c81b7ad63051a8b5fc5402b93a07152f3c517decb62b1058", "object_relation": "sha256", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "Lokibot", "colour": "#9C190D", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647949339, "uuid": "22d3633a-f4d4-4c27-89e9-60a94a2b5033", "comment": "Malware payload (Loki)", "value": "172fdeda208c35dd1892355d1c54b1c7144ca711", "object_relation": "sha1", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "Lokibot", "colour": "#9C190D", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647949339, "uuid": "e7afde8c-360c-4711-9283-342d3f3cd854", "comment": "Malware payload (Loki)", "value": "82c33a4fc33d58a861a261f196e5d8c2e0650fd33120b606992e31c50c3e95755ea30a256f13f1e6fd8d2a2f25ac8844", "object_relation": "sha3-384", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "Lokibot", "colour": "#9C190D", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647949339, "uuid": "c4e6266a-7a78-4e3d-9b8e-51b785d06613", "value": "T13904024CB7599929E1C80B3DC908DC5F2E7CDE60ECDA7EE4D986F19A64F381B431049A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647949339, "uuid": "2cd2cd00-5ba4-4ae8-8c62-e267ef309c1a", "value": "3072:itp71aBamkB+hbWoETL7DSc8iPVPf15h5hsx7U310N/q+hMPZymthoeWWa/aqCe2:ypp7UZEnKcBRTh/8C01qLPZymLoeWxCB", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647949339, "uuid": "fbe10106-322c-4e2c-af49-652b730c7907", "value": 186680, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647949339, "uuid": "b144a5bd-8de6-449f-ad5c-72c8f745837b", "value": "application/encrypted", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647949339, "uuid": "9c955734-0517-42ab-8c6d-533f83c5bb9b", "value": "MV Sally_Ship_Doc 00457ST.xlsx", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4ce59841-a9f0-11ec-9275-42010a9c0029", "comment": "Malware payload (NanoCore)", "timestamp": 1647961008, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647961008, "uuid": "8ab50a22-8061-470c-bc92-21473f2ff98f", "comment": "Malware payload (NanoCore)", "value": "d047c628bcb234356b76e19507dc32da", "object_relation": "md5", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647961008, "uuid": "3a5d54f3-58d4-4772-8616-0569878cc563", "comment": "Malware payload (NanoCore)", "value": "3ccc07a8c9779d6c6bfba1b3d695d22a6ec1a7b246be039dae1a4bdfc0c033b0", "object_relation": "sha256", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647961008, "uuid": "80a92af1-c51d-48ac-8ab5-5869fc9dda6b", "comment": "Malware payload (NanoCore)", "value": "44ad2aaaee1993a5a8cf5c4698dcf6a019e9ba17", "object_relation": "sha1", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647961008, "uuid": "4a5f9222-cc94-4a7d-ab34-2fffcc2ba5cd", "comment": "Malware payload (NanoCore)", "value": "b523a60572a2d2d903b374b8cff8eefb54ba8efe029541c5159b511ef7e04012615734cfd4b7f76a3bf32b0fb10f241c", "object_relation": "sha3-384", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647961008, "uuid": "9fb910c3-e28d-4682-89ff-a512afa67d7e", "value": "T188526CB4E4C91428E35F143D84695A0FDBECB707A9210640BD75E1981FFA0DA2FBF294", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647961008, "uuid": "359c8087-f2c8-4eda-9bf7-31901163e0ed", "value": "192:t9WeEy/yMtWN9J0mqQTnhr5OzjQT1QUP55zCbFTB8GoA6ankWxmr:t9WeL/yMti9rLOfQT1QUDzYdTbmr", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647961008, "uuid": "3af36134-0d0b-46bb-96e7-b58f4d197fca", "value": 14219, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647961008, "uuid": "806ab3c2-15bf-48fb-9bcb-3dbe72684652", "value": "application/vnd.openxmlformats-officedocument.wordprocessingml.document", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647961008, "uuid": "b1a726a8-5a97-4aeb-b9b0-1cacf61a62f9", "value": "Shoot.docx", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "18605449-a973-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647907233, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647907233, "uuid": "92b77932-003a-4d58-a268-bcfb10c820bf", "comment": "Malware payload (Heodo)", "value": "b10f62af342dea63770f61bbd2f96592", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647907233, "uuid": "93a81a60-8209-4be7-9d54-29a57048fde1", "comment": "Malware payload (Heodo)", "value": "3d05404f118f7aae313ba0943fc87352c0f17ed14a0fd7858056b9eefeb46165", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647907233, "uuid": "d5160374-ca6c-422c-b394-9ec45b0269af", "comment": "Malware payload (Heodo)", "value": "60996f903475b8b368a00c48a74b4f9472943951", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647907233, "uuid": "1d395126-4e37-4264-93f2-7316315410ea", "comment": "Malware payload (Heodo)", "value": "936314657cd3c0d203c1f992a7817993580b82ea026b70d214d2998c86d84ebbb39969e06f1f9ebb97f8fc22536bd635", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647907233, "uuid": "847201ef-00c1-47c2-8384-f2fee05b3d95", "value": "T14DB43A11BC916832C36FAC7456073262588EE7F0DBD1F26FA3E0495C9A7C5E36624BC6", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647907233, "uuid": "cd33b426-f813-4582-95ee-c7d594069a41", "value": "14e6ae8d1400b6271725b3f01025b85e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647907233, "uuid": "73eec44d-35f8-4d62-9d5a-2e6f6cdf7946", "value": "6144:VikzyaB9eoCyx/mEhHB5RYSJ/xt+qiCjzQNPj79GkqbscgCG5qH6scI:VNnCGmyHB5SSJpI0zQN39GkUGQSI", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647907233, "uuid": "1e7ab7b0-e57b-442a-ba84-80466acb0d8c", "value": 505856, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647907233, "uuid": "a7294b3a-5594-409a-a760-b5e28a231546", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647907233, "uuid": "5403b698-e808-4021-b44c-8be2c2c857b6", "value": "emotet_exe_e5_3d05404f118f7aae313ba0943fc87352c0f17ed14a0fd7858056b9eefeb46165_2022-03-22__000026.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b328898b-aa08-11ec-9275-42010a9c0029", "comment": "Malware payload (RaccoonStealer)", "timestamp": 1647971488, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647971488, "uuid": "b6610e88-fa99-41f8-92fb-0e17ddc47264", "comment": "Malware payload (RaccoonStealer)", "value": "93040334e5742311332e689db8c5524f", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647971488, "uuid": "4783efc9-63b0-41d8-a855-1b877abe4d3f", "comment": "Malware payload (RaccoonStealer)", "value": "3d096aec97d55472b437b12fc17924aec39f7b5a25e6e43867cc90f9afcf6337", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647971488, "uuid": "19cee115-f532-430a-a687-880168bb1a8c", "comment": "Malware payload (RaccoonStealer)", "value": "70231959b7b20062a3a2ae58ea54e6282590220a", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647971488, "uuid": "45eb4d93-4b6f-44d6-8596-2da672b25623", "comment": "Malware payload (RaccoonStealer)", "value": "409beda3ed0186e044fa4396e2c8c19e2e496c73429ae8d57ecd24cefa66239d881e9b66de08049d33e7fb12966af838", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647971488, "uuid": "1d9b4b26-b7ae-45fc-82cc-0e02d12cabbc", "value": "T1DDB412153D90D137D9A69935AC1A82A0973BF871D664CFC7BB08A74E0F303D6A6FA305", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647971488, "uuid": "ece84521-f86d-470e-8f92-d781b8d0d7c8", "value": "9b5dd8ae6c49e5fbd407dc1f346434cc", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647971488, "uuid": "4579ce55-2ee5-4b93-995d-ffb7b26acdd5", "value": "6144:OjnnXk6i6KJmA5CjIzMLPMMjMZQQIkAIFQaV19XH+JzQVlt+9e8:Ojna6KJmoAsM7TfkhQq11KWH+9e", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647971488, "uuid": "f82fe2d9-86b6-492d-9778-63ecda3ebe73", "value": 524288, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647971488, "uuid": "1b702452-b060-46c2-8390-e8508073271b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647971488, "uuid": "512f61ad-2150-4629-bfee-308d99dc6aa5", "value": "93040334e5742311332e689db8c5524f.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c1bb1a96-aa0f-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1647974519, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647974519, "uuid": "798350d9-7302-4a69-aed0-b650afe6c33e", "comment": "Malware payload", "value": "ccd005cc516b0677df063f989ced8c87", "object_relation": "md5", "Tag": [ { "name": "DEU", "colour": "#5920A4", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647974519, "uuid": "e11ea924-99ab-4959-aca5-016461c81cdb", "comment": "Malware payload", "value": "3d0aae5b26f6bbc27e11733dbe9703fe4a1d411386bb0f4c4eb5c79708ff9f12", "object_relation": "sha256", "Tag": [ { "name": "DEU", "colour": "#5920A4", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647974519, "uuid": "8e08031c-91b6-4b6d-8c8b-4c62a2faf0d2", "comment": "Malware payload", "value": "bc4490e1ce1fd7360aa28ee671a800835b247ca5", "object_relation": "sha1", "Tag": [ { "name": "DEU", "colour": "#5920A4", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647974519, "uuid": "6aea7706-7c50-4d91-9db4-074ca452dcac", "comment": "Malware payload", "value": "021a3a2bc11b8e5c839185dd5f3068018a3ac3fe837e6613e19086a62ba33eb1203661060d38aa9b0442a9c6e249280f", "object_relation": "sha3-384", "Tag": [ { "name": "DEU", "colour": "#5920A4", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647974519, "uuid": "efbaaf40-4b34-406e-a582-514df4cca679", "value": "T1C983B0107B6B9D02C53947B085EF99481B75138B6423D96B2ECE80C16B627CB6BE4F4F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647974519, "uuid": "b657ae09-07f3-4d5e-a69c-f41075d98df2", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647974519, "uuid": "e05d341f-46aa-4f19-91d9-506e1729464b", "value": "1536:74G8+VeTROvYGCSXKzNwFsFIJp3LKLqekn9F+Pszo:0VlovucdaFSKdkn9o0M", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647974519, "uuid": "4b1be7fa-1f3f-44bd-b5c0-8c8d04d703ae", "value": 83208, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647974519, "uuid": "a499cebe-ff7a-4be3-a1f0-756b389db479", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647974519, "uuid": "02c31e80-ef48-4bc3-81cd-fc717f504529", "value": "Anfrage 220062 LESVINDECRUS K + K GmbH.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "55ffb204-a9ed-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647959735, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959735, "uuid": "20b4699b-f0b1-4fea-bd54-5aeb4cd35c21", "comment": "Malware payload (Heodo)", "value": "b377d45ab640c929437b1acb5e3e9668", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959735, "uuid": "22841e88-be49-4310-aadf-8ff7f1c46ce8", "comment": "Malware payload (Heodo)", "value": "3d0deaedcb74278830204f38aec6c092e949de8321b9430cc8c13841b0d96bec", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959735, "uuid": "2d721fc9-af30-4e30-bcef-3dfe3fb8ffe6", "comment": "Malware payload (Heodo)", "value": "7ef4c22b19d74201cfb44bd67bd130a3c55e20a9", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959735, "uuid": "8aaaf89e-7712-44d2-8515-7932ce710314", "comment": "Malware payload (Heodo)", "value": "7e3ed2f2689b92844dc486e752180be51890176199fbff8931877c8b7e8706fcb84e19427ee4b7aedb4c26273eb1faf0", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959735, "uuid": "59a1a440-a8d3-4478-8b7e-259970c7c339", "value": "T10AB4194F1E989172F0CF28776C22FB65F1EBB8009319B8116EA81B4CFB25B715961D4E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959735, "uuid": "1d931f09-9852-40a1-987c-2d5228b2f4da", "value": "ea66334e3c2bfce2838f2a75dde8dc63", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959735, "uuid": "42217ff5-6478-4220-9f9b-928f116f0452", "value": "6144:8JZToYE666spbEgoZhZO1t9I+rB7FNXtwN2B5mq8dbSNQ7dqNThMx:8v/goZollF/wN2PmBzdqNTWx", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647959735, "uuid": "d05aee73-2593-4629-be77-e42aacd0e5ea", "value": 516096, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647959735, "uuid": "26f4dd8b-4e9f-4f7a-9685-1cb082443688", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959735, "uuid": "18fb3431-2ef9-475e-a40d-2d12c85592eb", "value": "3d0deaedcb74278830204f38aec6c092e949de8321b9430cc8c13841b0d96bec", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9e892ede-aa23-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647983050, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647983050, "uuid": "c4bdcf7f-c28f-454e-85eb-cd65a8634d72", "comment": "Malware payload (Heodo)", "value": "38819e083be723167aee7fb796d64e0d", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647983050, "uuid": "324dd430-360f-4f76-874a-1a7ecb8e7fc6", "comment": "Malware payload (Heodo)", "value": "3d17252f58ad430f5806cf025d57d9c40ae055326594d17d56eac6c607f55925", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647983050, "uuid": "2e392439-f0ef-4ba8-9457-0f396018070c", "comment": "Malware payload (Heodo)", "value": "9de200e9857ec32da4ae878f1ab7cdf10d578122", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647983050, "uuid": "35f70557-1811-4d03-8b9a-af7259bbbdba", "comment": "Malware payload (Heodo)", "value": "71af1e2871454268db7ba62b0c10ad3d50548ec8c54111d2229e76440463e2c5087aecdafdd6c5767459aecee863f166", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647983050, "uuid": "47abbf8c-978e-498f-957a-c49c13c2424c", "value": "T127055B3374C18EF5F03A533A44317F7A6397BAA05721CA9F16F3899D29F68829817247", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647983050, "uuid": "f1c0ac1d-ee8a-4971-974a-52dbfca3cfca", "value": "7be7abf9e13a5f5d55afab99418ceec4", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647983050, "uuid": "8868180d-30c2-4e41-b8e8-92e87457b28f", "value": "12288:Zal2M0pY+qQXOS1jMBYsrzhD2vIIvvX8DTC+K8YrA:ZaOY+4eMNhSFvED2+K8YrA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647983050, "uuid": "dc4bdf3c-95ee-49d9-a757-5d3b51ce9ec5", "value": 827392, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647983050, "uuid": "ff2c31a6-7b9b-4d02-9eeb-bcf514981d9c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647983050, "uuid": "ee4f46a2-176c-4ffe-83bb-0c3fa3c85eb1", "value": "emotet_exe_e4_3d17252f58ad430f5806cf025d57d9c40ae055326594d17d56eac6c607f55925_2022-03-22__210405.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "18057ac5-a9e9-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647957913, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957913, "uuid": "93377cc2-98c9-4e54-aef0-47fa7b6ab400", "comment": "Malware payload (Heodo)", "value": "3b713a01fccc339b87be0c97898ad293", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957913, "uuid": "488b85d0-4aa4-49c0-a50c-d71376f7a786", "comment": "Malware payload (Heodo)", "value": "3d37c6329a38c7acf798792576b2072f1ac554af2bd888542796f86d71c92d2b", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957913, "uuid": "51171989-ce28-4a1b-a363-31ae3f594125", "comment": "Malware payload (Heodo)", "value": "0959c81566f101d2bd84dbc4e378b150dd705694", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957913, "uuid": "5906bcca-1f42-48ce-9d22-27dc5da74cb8", "comment": "Malware payload (Heodo)", "value": "d339fd13bb90ebfe4edb4b9126e55837fe7c892cbe1841982f34374d1259c430aff0e91461e095612fc4eb25f9a8f530", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957913, "uuid": "1a92a559-b51e-430b-ae0b-ef30fbcf83fb", "value": "T160059C596B46C0F2C3B53CF0182A42B11D9AFAF2C7B7023B9E84167D9A70DC17768D5A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957913, "uuid": "838bd12a-fe15-4281-81f4-d8c1199410df", "value": "cd97bd977cef263c697f451ae2c47380", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957913, "uuid": "6b6c90f0-fc7b-4275-ae05-41701f8a8dce", "value": "12288:V20BXOMcVzpWfmmnDD5X5P8fMYsvFE6NKGfLjx8QvbxafqNPOd4jy:V9XOMc1KmmDNX6svFEDGloyNPOO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647957913, "uuid": "4a5642e9-f4ab-460f-80bd-949667f85935", "value": 799232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647957913, "uuid": "1c693d18-78a5-44c9-9614-2c99a2a90c0e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957913, "uuid": "022e0577-a33c-4bc2-b693-a71950bac2a8", "value": "3d37c6329a38c7acf798792576b2072f1ac554af2bd888542796f86d71c92d2b", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1d1a25bf-a9e8-11ec-9275-42010a9c0029", "comment": "Malware payload (NanoCore)", "timestamp": 1647957492, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957492, "uuid": "2dbbe9c9-200c-408a-8bed-c43a99335995", "comment": "Malware payload (NanoCore)", "value": "5685d50746eaf16436ba18502d9c576d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957492, "uuid": "4569b19f-7ad8-4c0c-af47-dffcc72545f5", "comment": "Malware payload (NanoCore)", "value": "3d4adf57d91eb47360050e595922701ac9caea76cba29c3aa036f6c7a89e9008", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957492, "uuid": "30de92fa-fce4-4fa4-80f3-a21a58beeef1", "comment": "Malware payload (NanoCore)", "value": "a860384ee6bf95e660a6b7b54f8630a1175d33a5", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957492, "uuid": "dbc51e6f-8e60-40ba-8034-17a1b3bc0423", "comment": "Malware payload (NanoCore)", "value": "967a56a16ad23f4ecaa5c3c4c206dfac76070d82c9b3cecd5aa63f45041d78fe2d2b081b28d684a705a83f728bb68451", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957492, "uuid": "acd05189-8005-4c01-9a1d-185e5b23f1e9", "value": "T11C05AD8E3FAD5994E3F1E63D0C8F5049FF8A23004D5370A79AC7A3791952DA21829B77", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957492, "uuid": "d0d8b7be-4e74-4502-aa34-0fae05fb2f51", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957492, "uuid": "948ca985-2761-4ff6-a042-92d8ca3ff294", "value": "12288:1lboW+0emvix48/J1Wq+MGjW3iJgyhYz/ztG2GuydYlQO+zIOs6gAQPGz8qEN3Mn:DoWnsji5+agyezc7r0fUqoyg6", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647957492, "uuid": "bdb45bac-a8fb-435c-be56-399cf2740eab", "value": 827904, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647957492, "uuid": "6975b861-643b-42df-bf8f-f4d54daf5c75", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957492, "uuid": "af1881bd-ce38-4cfa-9a69-a2287cf19dcf", "value": "3d4adf57d91eb47360050e595922701ac9caea76cba29c3aa036f6c7a89e9008", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5972b342-a9ed-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647959741, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959741, "uuid": "989e63b6-16be-4ec3-9986-d220cff8fec0", "comment": "Malware payload (Heodo)", "value": "bb964cc5780c8916f37b6babacb636ac", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959741, "uuid": "19324ef7-a5bc-4141-a69e-42a6f49b542e", "comment": "Malware payload (Heodo)", "value": "3da716e215d602e4bbde7105f7a06bd23b1ca0ef166c869b80cf42f4a58633ba", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959741, "uuid": "7ec0c676-982d-43f2-afb6-78ff78ac0e11", "comment": "Malware payload (Heodo)", "value": "3fe40206bf03977e9e07f2bb716bd634310604a7", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959741, "uuid": "c81630c3-527d-4491-9661-f846e8502cca", "comment": "Malware payload (Heodo)", "value": "4cef7a0d3b7eac5b684c8ceb5eaca137f5a1018f5f8a131dc8d7c959485a6b8cc2213c01aa92c9fb7be95932fed99132", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959741, "uuid": "08277ea7-e0e5-4f86-a1e5-d8812b95aaa2", "value": "T120B4194F1E989172F0CF28776C22FB65F1EBB8009319B8116EA81B4CFB25B715961D4E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959741, "uuid": "c72a0736-9afa-4ce8-9743-7acccc975e0c", "value": "ea66334e3c2bfce2838f2a75dde8dc63", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959741, "uuid": "88019494-0cbf-4422-92b5-38589dd599b4", "value": "6144:8JZToYE666spbEgoZhZO1tuI+rB7FNXtwN2B5mq8dbSNQ7dqNThMx:8v/goZoilF/wN2PmBzdqNTWx", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647959741, "uuid": "7c405436-3864-4490-912b-d9db8fbd10d2", "value": 516096, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647959741, "uuid": "c55174ce-8815-485a-87f7-f8ee08b0db8f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959741, "uuid": "c0f08fb9-cc07-4768-a9ba-9e9143bb429a", "value": "3da716e215d602e4bbde7105f7a06bd23b1ca0ef166c869b80cf42f4a58633ba", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2adc7f44-a9e0-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647954079, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954079, "uuid": "d27e0532-f300-4644-bbc9-07fb29ec5cad", "comment": "Malware payload (Heodo)", "value": "81b239120fa992fcd88aa4e9c6b959e9", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954079, "uuid": "80dc7d48-fb5e-4e86-9379-7f29ff1d59bc", "comment": "Malware payload (Heodo)", "value": "3e02b4e1784240f6b1743cf13d98b8590b12db78633a093e28d319b82cf34621", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954079, "uuid": "59d400dc-eb73-4ddd-9787-1018da5879fe", "comment": "Malware payload (Heodo)", "value": "35de49bc450856ea6d316599c2260e4a23b2a0c9", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954079, "uuid": "f8a8f80d-e182-48ad-9bbb-c1fa62222acb", "comment": "Malware payload (Heodo)", "value": "cdb6d2c4f208e4af467a0cfda32380ae43c51adf43048d9e25c38294a55b8ee99a3a519f493c4a9e6b20e96cd7f19843", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954079, "uuid": "9f04bf03-bfb8-4746-ac42-64070717db1c", "value": "T13F25AE223AD5C07BE2AF16760506E76E62F5FD304B2586C36FD11BAE6E345C29739302", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954079, "uuid": "041d17b7-9e71-41cc-a659-92b111d1554f", "value": "c43d7d6aae03def404d4e73d7d3f62eb", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954079, "uuid": "d9bca569-0bc5-4ea1-9f88-3c4527968848", "value": "12288:+LDlVD0Fj+g1dEJgcIzQHBKeWZlQL5tFjNRLU:Ci6fgcIcHB8ZkbLU", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647954079, "uuid": "665b3c10-c68d-4f1a-9670-53b80c80c360", "value": 1028096, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647954079, "uuid": "bd16d7fb-2b68-4a64-b702-0c04d8a05992", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954079, "uuid": "5de887c4-c25c-4e22-a91b-37a7364eb1e0", "value": "3e02b4e1784240f6b1743cf13d98b8590b12db78633a093e28d319b82cf34621", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3e8367ef-a9e2-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647954971, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954971, "uuid": "cf4c101f-15e5-4ceb-bda1-c9e327b1940c", "comment": "Malware payload (Heodo)", "value": "66f63cd5a9043ab9a1ed28a7fb71fe0f", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954971, "uuid": "586c153b-8c25-41e7-a260-3a3cea459997", "comment": "Malware payload (Heodo)", "value": "3e317fed55cbbe21e127ac9b57b7e36a606aa8f98acf1e86cfb47af0e43c548b", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954971, "uuid": "0216a360-cb62-482c-88e2-155a939b37fb", "comment": "Malware payload (Heodo)", "value": "d6ae976d5f80d8244c479b97b19dc34ce8565a79", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954971, "uuid": "77240770-b78b-45ba-9ca3-689b55165666", "comment": "Malware payload (Heodo)", "value": "19d6a28bb22b0fdc3b2134621183c149be7e0cd00dec9bed005a0866ddfba92d6f0185040558a2d5b465b72873a7d04c", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954971, "uuid": "5202b016-1401-4ec0-b9d5-8fb738cfb7aa", "value": "T118D45B11A5538073C7FB25F2CAF163B766DAAB91C72B452E02A8C07F7924E437752E21", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954971, "uuid": "cfe27ac0-ca67-4a40-bfbc-8a18569d7f10", "value": "c7be10fff3b5624b64714e5733abbf40", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954971, "uuid": "597df7fc-9e45-4cf9-a476-fbffb33af370", "value": "12288:UWBpwupxl0OeL/grxyGzO+r9AjCb/XKh:Psupxa/g52mbvKh", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647954971, "uuid": "59445402-dc8f-4f3a-ac4d-1e9d7837b820", "value": 599040, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647954971, "uuid": "1eb41f69-c6a2-4bc9-9d7a-c47bc060071d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954971, "uuid": "c9de3b0c-cdf7-4398-820b-57b0076c18a2", "value": "3e317fed55cbbe21e127ac9b57b7e36a606aa8f98acf1e86cfb47af0e43c548b", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1ac1ff44-a9e9-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647957918, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957918, "uuid": "fb1cc741-6eea-4cb6-9132-bdb0209f78f9", "comment": "Malware payload (Heodo)", "value": "b8a24cd68396eef7f5212bef2baead0d", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957918, "uuid": "a61bde77-173c-405e-a31b-f52bbc7839ab", "comment": "Malware payload (Heodo)", "value": "3e809bc28cc3153473a8eb382252d3b686111b9cdb2a048d6f1b59c88a216f14", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957918, "uuid": "81b5b496-98ab-435b-88af-e3215d57967c", "comment": "Malware payload (Heodo)", "value": "eeb9cd8899eef40656353e6f656fe229a5dc23af", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957918, "uuid": "b2618913-225e-44c3-8242-040fc1f5056f", "comment": "Malware payload (Heodo)", "value": "2efe3fed512399c69b78533f18f3caf7dce9ed36f6fbb198fd28b6fc2d04d80e71fbec7ed729e92ee2d97acf6f9ff197", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957918, "uuid": "72cbf322-7369-4a22-a0a2-21c947dbccf2", "value": "T1E8059C596B46C0F2C3B53CF0182A42B11D9AFAF2C7B7023B9E84167D9A70DC17768D5A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957918, "uuid": "5d727dfa-19eb-4b92-b45e-8f1f1e8ba363", "value": "cd97bd977cef263c697f451ae2c47380", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957918, "uuid": "049161f6-e1ff-4b15-aa1b-48bcf5580514", "value": "12288:V20BXOMcVzpWfmmnDDPX5P8fMYsvFE6NKGfLjx8QvbxafqNPOd4jy:V9XOMc1KmmD7X6svFEDGloyNPOO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647957918, "uuid": "3b0dc4d7-1f76-402d-beea-a5f12b4b823d", "value": 799232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647957918, "uuid": "e83de2dc-4874-4129-8c50-be302d938b10", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957918, "uuid": "69c5889c-804a-4cf5-8bdf-6c0ddf683827", "value": "3e809bc28cc3153473a8eb382252d3b686111b9cdb2a048d6f1b59c88a216f14", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2d67984b-a9e0-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647954084, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954084, "uuid": "3fa804b2-4bf3-4feb-b5ed-7658a3f9ce5a", "comment": "Malware payload (Heodo)", "value": "8a57d707356196d00a21994fb95bc328", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954084, "uuid": "08096c39-c150-49db-802b-09b0ddfd9eef", "comment": "Malware payload (Heodo)", "value": "3e868a6f25a814c9cc654b466da691d752592c23d87c401c89ba28e43d7cf563", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954084, "uuid": "3baec050-126e-4e81-aa15-73738be783c2", "comment": "Malware payload (Heodo)", "value": "96ccbc160a49829ec87735a81f255a4f78c7e484", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954084, "uuid": "22bdb5e7-ebd4-4121-b88e-f65cbfc83f4b", "comment": "Malware payload (Heodo)", "value": "cff2e6b665630035f99674ee767a75c163645f2ca3be69451b6278fe495328cef73df3428f4d5c70f81a3b7176b17333", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954084, "uuid": "c1a223b5-9fa1-4f30-81d2-a4a3c839beac", "value": "T1EC25AE223AD5C07BE2AF16760506E76E62F5FD304B2586C36FD11BAE6E345C29739302", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954084, "uuid": "659c8745-998e-44d4-9391-d99b68fafd4d", "value": "c43d7d6aae03def404d4e73d7d3f62eb", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954084, "uuid": "55856f55-a3ac-4e11-9785-d1d07baed7c9", "value": "12288:+LDlVD0Fj+g1dEJgcIzQHBKeWZlQQ5tFjNRLU:Ci6fgcIcHB8ZbbLU", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647954084, "uuid": "aeac2f46-dc52-421d-9eb9-9fe2e9e691fe", "value": 1028096, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647954084, "uuid": "e8f13f67-92f0-40eb-b5a7-353df611fc55", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954084, "uuid": "3b8769a1-440d-43eb-8419-92d03a08dd17", "value": "3e868a6f25a814c9cc654b466da691d752592c23d87c401c89ba28e43d7cf563", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ef130f1e-a9b9-11ec-9275-42010a9c0029", "comment": "Malware payload (AgentTesla)", "timestamp": 1647937658, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647937658, "uuid": "58bf5c93-3c54-4d6a-a43d-8a09fcfb2467", "comment": "Malware payload (AgentTesla)", "value": "b3f4f575729f8f5915d51777837d30ee", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647937658, "uuid": "65a24b46-7d9a-4355-a6d5-cfd9e3a9351f", "comment": "Malware payload (AgentTesla)", "value": "3e9c014ef2b5fe85fafc698f4b94d18a3f929c0c812157819afe49ed1ebd6d74", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647937658, "uuid": "2bd36dad-4a9f-4dfd-bbc7-ad3abb7e8000", "comment": "Malware payload (AgentTesla)", "value": "9d89060fda1eb9c44efeb498d779ad2e9ef4f0d8", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647937658, "uuid": "65b3d754-267f-40f0-85b9-13efb6cff4a6", "comment": "Malware payload (AgentTesla)", "value": "4126c69bac12ff5f34dfd6fd069da8b1efa3b664ff35f2b740161ec859ab5bbd5cffae0fc36836cc538299e0865ad781", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647937658, "uuid": "67b0ad8d-a46b-4355-b750-04e46ca2e34b", "value": "T19C252382A77E03F6EB6A2B78E420610813F0A47A9517F78DDDC525DA5B3D720EB011E7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647937658, "uuid": "ab438fbd-13fb-4396-80f7-a55aaeb196c1", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647937658, "uuid": "9f59dcf9-af84-45f9-995e-d022ae3a43c2", "value": "24576:3nohIj4zkxUXRMtQMVyVf2rWZOL2AUh6bEDrx68z6n/B8xB2mye2YMz:3nohIUzD+2OvrgEU8gh5Uq2myJY", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647937658, "uuid": "9b62dc0e-471f-4b5e-9d61-dfd3a0b08263", "value": 1032704, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647937658, "uuid": "ad55c342-e353-4702-9565-f89866d42bbe", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647937658, "uuid": "999895bb-a50e-4179-bbbd-05d72961432a", "value": "Bank details 032222.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7548aef2-a9e3-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647955493, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955493, "uuid": "3dae8ed9-e02d-4948-ad12-954850b0d4fb", "comment": "Malware payload (Heodo)", "value": "32de3675ec1a1ecdf883acfba665dfab", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955493, "uuid": "28d6d6ac-2f97-4cca-b298-e7d766ce3b6f", "comment": "Malware payload (Heodo)", "value": "3f43dbec9c7e8ac6af2a859f03591c30fb908cabeedef7c1808e7d89b10c1e52", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955493, "uuid": "7a2fcc35-d351-4ebd-9aa4-a15fb31b5735", "comment": "Malware payload (Heodo)", "value": "b17a9538657971fe582f6df2e47d2f587e6c79fc", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955493, "uuid": "359f8a6b-060c-462e-ae30-d5e9c145011f", "comment": "Malware payload (Heodo)", "value": "d8d37e3620301f86c368934831db42eab6a9265f1d3de54988d19fb7d345b8a05ea13e297fe1321703472baf0080b544", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955493, "uuid": "2edba5b4-df3b-4e60-aa53-8a0e5612d410", "value": "T17AD46B03BFD3F0F6C12F0F394505D608989A7AC6A62A45A3539C6BAFED670138D36652", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955493, "uuid": "b00572fd-ba9b-4946-8cd3-1445b690cce6", "value": "987fe31a9a4cd6eac4ce656a05c3724c", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955493, "uuid": "44890b6e-d0b7-4536-8ea5-b6ac7bbe99d6", "value": "12288:QXvRLpX4HMAus65rBxMxWXb6Sw5BxfmRgnI:Q/Rt4HMA+rBx2BlmeI", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647955493, "uuid": "2859955b-6d82-4aaa-b035-18294ff3a540", "value": 614400, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647955493, "uuid": "91a25501-da63-4033-b6ea-5c3c08282f05", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955493, "uuid": "8043f4bf-a9c5-44a7-ac37-1cdee87f8ae6", "value": "3f43dbec9c7e8ac6af2a859f03591c30fb908cabeedef7c1808e7d89b10c1e52", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f6076145-aa27-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647984914, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647984914, "uuid": "2eaba225-12d3-4243-bd35-5d07ab460e7c", "comment": "Malware payload (Heodo)", "value": "58e752bcc2cc7588123c7ac12d1d8822", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647984914, "uuid": "8b36a9d8-a721-4b14-9397-63fed91915ad", "comment": "Malware payload (Heodo)", "value": "3f614dcb95cbc5ccc28cc814584a1fa67ff793b47b1b35a7a0b343434d757fe4", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647984914, "uuid": "e168b0ad-530e-4f1b-a8c4-ceda84a03a0d", "comment": "Malware payload (Heodo)", "value": "7aab5536a383526d7db42206241462165dbba280", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647984914, "uuid": "cf55e7e5-c155-4e59-a422-0be358cbc702", "comment": "Malware payload (Heodo)", "value": "2dffbe2ca60d33d2b58e01fc06aadc366ebb668593e9232f4665387b8508396b00f4ed5fd710c4bac2965bb94721249a", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647984914, "uuid": "528d82c9-f5f6-4be5-ad3e-2ddcf772ac7d", "value": "T173055B3374C18EF5F03A533A44317F7A6397BAA05721CA9F16F3899D29F68829817247", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647984914, "uuid": "b1c0ff26-11e7-429b-bbb0-6d1b815f7971", "value": "7be7abf9e13a5f5d55afab99418ceec4", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647984914, "uuid": "c0d211f2-dc1b-4018-807a-cdbab99e765c", "value": "12288:Zal2M0pY+qQXOS1jMBvsrzhD2vIIvvX8DTC+K8YrA:ZaOY+4eMuhSFvED2+K8YrA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647984914, "uuid": "91ecdad9-fb80-4ea1-887a-7ddf8ec32685", "value": 827392, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647984914, "uuid": "0975ecd6-0a3f-4d45-9668-63fcab5b8ce7", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647984914, "uuid": "55ee0e5c-1943-47a8-a656-110b1f988eec", "value": "58e752bcc2cc7588123c7ac12d1d8822", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "95340e90-a9e2-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647955117, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955117, "uuid": "306d5cbd-0dfd-4b0b-841a-089f6e33e8b7", "comment": "Malware payload (Heodo)", "value": "2af4eaa64fe84f613880103c42dc0b6d", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955117, "uuid": "f5c1ef28-9659-4b47-8436-c2cd22846e94", "comment": "Malware payload (Heodo)", "value": "3f923118c195f6a0e13d2dd08ff530fdb54c412878bbeb84ea3488bb806b71ad", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955117, "uuid": "0179fead-96a9-4db4-9db4-be20e128fb95", "comment": "Malware payload (Heodo)", "value": "6b971e1ff416e322ad1e62c73523f0b2799a96b1", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955117, "uuid": "05212e30-f39e-448f-ba6a-f3992afb381d", "comment": "Malware payload (Heodo)", "value": "a6696ed20b65c75d7bc6853887d2eede61554aede8b6ca202422308e36bca71478cece4280479251d4b2244e73095913", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955117, "uuid": "25dbe2b3-46a7-4e50-ba96-2b82b78d5809", "value": "T1A5D41950735AE1B7D0429CB58D1A82B5A90F6CA14A2471F3BBDE371DEB789B017213CB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955117, "uuid": "c0b232b6-2659-473a-8013-4d3b87c4e20f", "value": "463401f61c44b0d918f1e23374db995b", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955117, "uuid": "fa006573-22ff-4f0c-b3e1-b54367b8e669", "value": "12288:DjN/Z2wkRrA9CRDCNElAjHDsndSyHOrNvEP0Oua:dEHR+CRDyfsMyHOpJL", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647955117, "uuid": "073983c7-9950-4e19-9f49-8d6300d42efc", "value": 613888, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647955117, "uuid": "aaa64be7-66e9-402b-9679-b1a8fa3342c9", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955117, "uuid": "28375425-693e-4cb7-9104-f695f78a008e", "value": "3f923118c195f6a0e13d2dd08ff530fdb54c412878bbeb84ea3488bb806b71ad", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2fc637a4-a9e0-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647954088, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954088, "uuid": "dacecb51-30fa-4b54-b62f-546129a28fd7", "comment": "Malware payload (Heodo)", "value": "153f50bc463574b290db094dd5c6cb23", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954088, "uuid": "efac309c-483c-4cee-bb2b-e467c38ec8fe", "comment": "Malware payload (Heodo)", "value": "3fa1a75419ebc03a8f78efe7c535ea28c6fbbcebeaaa364eb27e44081e73c790", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954088, "uuid": "e0b24f9a-d379-4a41-b544-dce8be67dd7b", "comment": "Malware payload (Heodo)", "value": "0de3256203e7f8123241859fde73398d4d3844ed", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954088, "uuid": "71d57e83-700d-406f-b8a0-81b903cd9aee", "comment": "Malware payload (Heodo)", "value": "21ab400b84007cac67f474bbe3f0b57e4c84db9df1eb619a9b549c8572f0acba5f00b5c75bbfc1ba149098d3db947b38", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954088, "uuid": "33726d29-80d9-4470-b94a-4d8af4330cee", "value": "T1C225AE223AD5C07BE2AF16760506E76E62F5FD304B2586C36FD11BAE6E345C29739302", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954088, "uuid": "a4330912-78ed-4b32-9d0b-db2cc29eaae9", "value": "c43d7d6aae03def404d4e73d7d3f62eb", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954088, "uuid": "7a987793-1334-4113-acb9-d88c7a1976fb", "value": "12288:+LDlVD0Fj+g1dEJgcIzQHBKeWZlQG5tFjNRLU:Ci6fgcIcHB8ZpbLU", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647954088, "uuid": "135045df-9110-471b-8d5b-46207edc3ac6", "value": 1028096, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647954088, "uuid": "b076586c-cb0a-4a13-a21e-6baa9b0282d6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954088, "uuid": "c0bc2e9c-a66f-44cd-bff9-336ea48bfba9", "value": "3fa1a75419ebc03a8f78efe7c535ea28c6fbbcebeaaa364eb27e44081e73c790", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "209a5df2-a9b8-11ec-9275-42010a9c0029", "comment": "Malware payload (AgentTesla)", "timestamp": 1647936882, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647936882, "uuid": "e3c3d9da-4775-460f-ad65-4efbdfd85e55", "comment": "Malware payload (AgentTesla)", "value": "c39691b3638beeecd5fb6485fbd9b01d", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647936882, "uuid": "f0f9317a-594f-4c21-b0fc-7e5242ab00b8", "comment": "Malware payload (AgentTesla)", "value": "403939afb985904147b9444522c8f1bf5ed818ed1d13ac3220ce752034a52608", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647936882, "uuid": "c816e7f8-f660-4514-98fc-bbe07c8e9e7c", "comment": "Malware payload (AgentTesla)", "value": "09f5711b35512955ee0a96f9cebbf99e90de0a3a", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647936882, "uuid": "8b63b038-69f9-4d0b-beb1-ecca10e0c762", "comment": "Malware payload (AgentTesla)", "value": "8befea13d825f821d7380cff179920cf4c984795266b0e36607ec8d0364c43d4dc6b536609fb7f161e41d6d4c910d9d2", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647936882, "uuid": "f487b4ab-6976-4d02-a885-642b7bc5e15f", "value": "T184252343755C0AAFE9BE5BB4896567784BF4FA287637E71EC84090E816CF340A3426D3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647936882, "uuid": "9a1299b9-4107-47d2-8338-1ba63bbe5fa0", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647936882, "uuid": "10bbefa4-39f0-44c3-bd5b-8ae8beb46705", "value": "24576:dhohLhWZr6DCwNZiT2mRrmw6S3s8v2ZJCn931Jy:dhohEmDxgT2mRrmwD3sk8JCnPJ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647936882, "uuid": "1b32ece2-df7f-4b29-8b4f-061ee2ea7cb1", "value": 1011200, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647936882, "uuid": "b152ca29-f59b-4d5d-b08c-63c0e3e0dfa6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647936882, "uuid": "c73334b9-5416-4989-a58e-8351d8a5053b", "value": "Attachment_1.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8bbb9dd2-a9fb-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647965838, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647965838, "uuid": "c314849f-2cf8-4bd6-bb4e-e06553ec96b4", "comment": "Malware payload (Heodo)", "value": "43f3014faee3fa3001f4ed2b2504f9c4", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xlsm", "colour": "#6BFEB7", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647965838, "uuid": "4508ee61-ce34-4eb7-9992-250c1ac66880", "comment": "Malware payload (Heodo)", "value": "4067e3e44c4ee32cc4605acfeb8171f48c631a5fb491e8c27c476f00d53f7984", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xlsm", "colour": "#6BFEB7", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647965838, "uuid": "8d3f04f7-2b34-4b28-b90b-47737ba1a1f2", "comment": "Malware payload (Heodo)", "value": "90e4a79cea84ac434d347794335d2ec1fd348da5", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xlsm", "colour": "#6BFEB7", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647965838, "uuid": "e9ebb619-fc40-4576-841a-f914e738124e", "comment": "Malware payload (Heodo)", "value": "3f034c3066fdfeae62d0e5d708f4c3ec6a9a6da5aab9589fe7eeb7c78e42a716fd6481e105342ef3d8a257856c23db18", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xlsm", "colour": "#6BFEB7", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647965838, "uuid": "16bbf97c-8810-4c04-83a4-64c9457bf4af", "value": "T138F2AF71F2E28E9AE476587C4B8CCAF4D73CDB22520A7E1C309A537C5F126566A4E24C", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647965838, "uuid": "1b71e611-b061-40bf-84a6-9bc01d60e743", "value": "768:Bsmn9tnd5euAjOZpqcVbZYpoRuBlIiOKMArOoooooooooooooooooooooooooofS:BFtndguUOZZ1ZYpoQ/pMA6Kt", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647965838, "uuid": "866bfcba-2993-4e58-a612-2236ea8b58b3", "value": 36495, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647965838, "uuid": "49ab4637-348d-4127-8d69-aa7254401dc5", "value": "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647965838, "uuid": "10477d3e-0451-4265-b46c-9081006583a0", "value": "1004664038337616075514.xlsm", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7f410a75-a9e0-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647954221, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954221, "uuid": "7c97f701-8f51-499d-aa30-af7d94f95d9e", "comment": "Malware payload (Heodo)", "value": "0b19a1042880be86d9ba3735853879e8", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954221, "uuid": "244e9199-f487-4195-9550-d787d2ae1a05", "comment": "Malware payload (Heodo)", "value": "408f449e2739be54ea3533bfcc7e10b6bbb6d8f573b2b6e1441686f2934d9e52", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954221, "uuid": "1c4cd8da-69a7-4e12-90ac-0241bba11e38", "comment": "Malware payload (Heodo)", "value": "01f1f19dc0c9f149b9d41f57adbbdbd258f662e1", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954221, "uuid": "0b11cd47-ee2d-4c83-9327-77414e997267", "comment": "Malware payload (Heodo)", "value": "cce1f277493927a0d9f886abf0bae47803cce1bf7c5fe3045984ddedffe155afa480f6620d22f21dea0717378f94bbef", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954221, "uuid": "61dae7b8-82de-4de5-a720-eb4254cd9170", "value": "T15825AE223AD5C07BE2AF16760506E76E62F5FD304B2586C36FD11BAE6E345C29739302", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954221, "uuid": "6affbc99-8b05-4f9e-9fc4-b31ed33942e3", "value": "c43d7d6aae03def404d4e73d7d3f62eb", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954221, "uuid": "d3cf27e6-10a5-43a5-a378-d2d66600eb7f", "value": "12288:+LDlVD0Fj+g1dEJgcIzQHBKeWZlQ65tFjNRLU:Ci6fgcIcHB8ZVbLU", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647954221, "uuid": "c8e25bb8-30ea-4d5b-95e5-0d1dcc6ae4f1", "value": 1028096, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647954221, "uuid": "67599003-dd66-49eb-a8e0-3fec6a3cbf8f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954221, "uuid": "ebd3d667-14fd-4990-a7bb-e840d60c4643", "value": "408f449e2739be54ea3533bfcc7e10b6bbb6d8f573b2b6e1441686f2934d9e52", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "68a57ad9-a9ea-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647958478, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958478, "uuid": "867aa826-e134-49b7-b716-444f2131a1a7", "comment": "Malware payload (Heodo)", "value": "42c0d6452e74174e5e2b6effa9126896", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958478, "uuid": "c19ba79c-fb36-4f7b-9548-f64ee46598f3", "comment": "Malware payload (Heodo)", "value": "41181cd8c71ae36fe2e194b06ffcad1a8ea569b0cb63f9f5f8996bcf2d454ff4", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958478, "uuid": "ce0ebcec-ac8b-4149-b1d5-d5ceb2e0a214", "comment": "Malware payload (Heodo)", "value": "ef88f56944c6512384df97edf712e468c716509b", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958478, "uuid": "eb9378ed-3791-4ed3-a228-a7be76bcf6d2", "comment": "Malware payload (Heodo)", "value": "2816ab09dc7387b5e537b9c78b23d7af4fc8e5b843f80bccc5cbf54a4af0c2436ff60de9fd3dbb23858106bdf832de24", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958478, "uuid": "25928386-9831-40c8-84de-083cf6f17981", "value": "T187059C596B46C0F2C3B53CF0182A42B11D9AFAF2C7B7023B9E84167D9A70DC17768D5A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958478, "uuid": "71e5ecfc-3af6-45f1-bf95-847dc3f5a006", "value": "cd97bd977cef263c697f451ae2c47380", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958478, "uuid": "b841ff4b-f5a6-4d21-b456-930152920258", "value": "12288:V20BXOMcVzpWfmmnDDYX5P8fMYsvFE6NKGfLjx8QvbxafqNPOd4jy:V9XOMc1KmmDsX6svFEDGloyNPOO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647958478, "uuid": "d82bdf2f-b9d8-476a-bf3d-2157007fe0a9", "value": 799232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647958478, "uuid": "25adbc7d-42ca-4bc6-b81b-f6aa32f26371", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958478, "uuid": "a3e3aac8-f0d5-4a0e-90d0-2d0ad960cef5", "value": "41181cd8c71ae36fe2e194b06ffcad1a8ea569b0cb63f9f5f8996bcf2d454ff4", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b52c298f-aa0a-11ec-9275-42010a9c0029", "comment": "Malware payload (Loki)", "timestamp": 1647972350, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647972350, "uuid": "45c6cc64-a253-4c2a-8455-d9c456d7a85d", "comment": "Malware payload (Loki)", "value": "24215c56ae1d786af1a21bd7c9ecdcde", "object_relation": "md5", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647972350, "uuid": "09ce9e53-7856-4a34-8fe1-fee635ad038c", "comment": "Malware payload (Loki)", "value": "412ec4177b1aa4bbc9dd0015877bcf714144758db6b55bbb7c2cc1d3c109c5ab", "object_relation": "sha256", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647972350, "uuid": "223d7b32-ea99-4833-90b3-e93a55e09729", "comment": "Malware payload (Loki)", "value": "2d999de31604ae8fc2b6c35a1051d7aee99ecae8", "object_relation": "sha1", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647972350, "uuid": "9d68d657-54c2-4bca-8e4f-366015808708", "comment": "Malware payload (Loki)", "value": "579c9e40c30430ba1283918baf874a094cb4eeb8558fb87800677bb47de5c1aa2de61f1c3a1d9764382f08304570e187", "object_relation": "sha3-384", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647972350, "uuid": "2d5b1a9f-1955-4de6-b635-2a033ffb06cd", "value": "T16E1412C2359BE5A4FA82A3BBCC908F55DED9FD8556DDB3082048BF640F7813D0661AD2", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647972350, "uuid": "b09dd796-8030-4076-a10e-32925288f659", "value": "3072:c0i1I1ha64O5fffOKnDQF4d2eW+w6zLkmNrLBuV2up2Mn4qHuxMIVSR:Vi8r4QfnOY06geWz6zLPw2q2MnFfIV6", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647972350, "uuid": "8b2d4162-bdd5-4f00-81c9-0c8c22bb762c", "value": 191800, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647972350, "uuid": "40bbf9e3-6e5d-4ee9-8763-319dc8c51921", "value": "application/encrypted", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647972350, "uuid": "fb54d689-8d89-4054-8bdc-af5bec2f3212", "value": "70% Balance.xlsx", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "227648a8-a9f8-11ec-9275-42010a9c0029", "comment": "Malware payload (AgentTesla)", "timestamp": 1647964373, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647964373, "uuid": "b4225867-fde3-44a7-b109-01eed0cc0743", "comment": "Malware payload (AgentTesla)", "value": "d1c7c5a0f685d94388301db44319a327", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647964373, "uuid": "56f3b491-05ac-47aa-b10f-d5bf1e5c0bbd", "comment": "Malware payload (AgentTesla)", "value": "424fff8525a1a9f460e50a5041495045011536cac1b8977fc170d1d373a7cfa2", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647964373, "uuid": "1e6b5837-1e9e-4b42-904b-e7925ba5b40f", "comment": "Malware payload (AgentTesla)", "value": "4ea61fba63e9a07a71e18cd0b6cb3daf898fc19c", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647964373, "uuid": "29f3e135-2899-4697-ab2f-124974970fdd", "comment": "Malware payload (AgentTesla)", "value": "95745205c522b300bb7d07a7e3753882856f4c69a13b744b32f70406396040e88758de1fd2ca1e8cdce1d256c0f12f18", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647964373, "uuid": "df5d0c6a-4e76-4ffd-9167-242fa0c54e0f", "value": "T1F9F4334C9E27050D691529F8347F1D89372E41EF25325CD86E62DB80C39A3F8EB6AE71", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647964373, "uuid": "9f020ea1-4f46-46e1-a1d7-c92b9b70624e", "value": "12288:0b54JTycdczbsjd7t9dljnThDmvtA7fZRXTxz7Zmo0P57uc/zrIVzEC:0b54JegJ39H8WZRDR7f0hRMzEC", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647964373, "uuid": "8249f386-d9c7-481f-bac5-0db943d232ba", "value": 789094, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647964373, "uuid": "ab932096-7061-46fd-a3f9-a1f65944ff30", "value": "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647964373, "uuid": "d4bd2e9a-a290-4ead-a82a-f856cde6ab91", "value": "(example)Draft PO US$600..00p.xlsx", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ae3e1f6b-a9ed-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647959883, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959883, "uuid": "9235f140-4206-4d9d-a02a-620c5dd5db71", "comment": "Malware payload (Heodo)", "value": "58de11fa720effae22b8101cdf4fafea", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959883, "uuid": "f723e9ec-7341-4c8a-aea6-ef151ebc25b5", "comment": "Malware payload (Heodo)", "value": "426efae824708bad7ba0049a5392984c93ecac71f6849d18efbf61d8b88ae8dc", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959883, "uuid": "33ae1a10-626c-4d92-9796-194fae1d31df", "comment": "Malware payload (Heodo)", "value": "ea62bf4b26bd92430698c1508d3f37b49960b1af", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959883, "uuid": "f5d1bc44-dd6f-423c-a642-2feeb5f841e0", "comment": "Malware payload (Heodo)", "value": "ca82273613e263fe393c43b093e962a381ed5ff874cc1bb60a7a11409a6ed00d3686b8ec2e46925d5ad9c51fe5c2151c", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959883, "uuid": "1d0eb2c3-e247-4628-a1c5-e2ec7e9c8886", "value": "T111B4194F1E989172F0CF28776C22FB65F1EBB8009319B8116EA81B4CFB25B715961D4E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959883, "uuid": "29e1762e-7478-43f6-a432-56a651520060", "value": "ea66334e3c2bfce2838f2a75dde8dc63", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959883, "uuid": "b899abf9-a4c1-4013-99e9-2782c9a9ec69", "value": "6144:8JZToYE666spbEgoZhZO1tyI+rB7FNXtwN2B5mq8dbSNQ7dqNThMx:8v/goZoqlF/wN2PmBzdqNTWx", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647959883, "uuid": "194fab0f-bf3e-4936-b73b-50bea50ca931", "value": 516096, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647959883, "uuid": "50dede2f-8eee-4af4-82a1-00575fb0db3a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959883, "uuid": "4ce6b79b-8acc-4998-95f7-44d9a58f4c44", "value": "426efae824708bad7ba0049a5392984c93ecac71f6849d18efbf61d8b88ae8dc", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3bf3f4c0-a979-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647909870, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647909870, "uuid": "9a916a03-9b15-4b82-9b9b-a3eebea8cbf3", "comment": "Malware payload (Heodo)", "value": "3608c8bb163f4e61b6898a364409ae0b", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647909870, "uuid": "ffcb88f4-af78-4bba-aa30-98f2814106ca", "comment": "Malware payload (Heodo)", "value": "42959fdf5d2cbea0e73dae6d75d3ed5bbce09ec8c248b8bebbd3f7b26f8ee8af", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647909870, "uuid": "64ec7198-cfa3-456d-82cf-edfb71437d10", "comment": "Malware payload (Heodo)", "value": "d34c18767add3bfbf6bc7528d084da64cdb762ab", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647909870, "uuid": "3734c99a-f613-411c-aa80-a953bda8c1bf", "comment": "Malware payload (Heodo)", "value": "ddbc44d9f8f72dd08cb1f09603bf6552a942906884ce2f72c54b02f5b14fb6a8e24da9bb0369516cc9c2aad7e115ce4e", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647909870, "uuid": "b0467b43-d858-46fa-b5fb-4961408d9505", "value": "T19BE46A22AF5740F4D89F0C3945513288AD95FF46EBA8B77ADA39728D35B20534E3884F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647909870, "uuid": "7a69fe02-0a5b-412c-82e4-d641066af1ac", "value": "b39d2fd2d18c2cfe493a1e089561b46e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647909870, "uuid": "95013949-93ec-4b1c-9fa6-13963d468e04", "value": "12288:aX5mvP53RTqtl79F+Unrymfxbm1nB0hoxxUI/:Ac53RTk5Jxi1B0hGxUI", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647909870, "uuid": "e1d4d101-73cf-437c-9f52-45f529a53047", "value": 659746, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647909870, "uuid": "f17de750-86a9-43b6-8efa-56eaf79dba26", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647909870, "uuid": "db7e2c4a-5483-4ff8-ad77-b6e22f14f03b", "value": "emotet_exe_e4_42959fdf5d2cbea0e73dae6d75d3ed5bbce09ec8c248b8bebbd3f7b26f8ee8af_2022-03-22__004424.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "73e4d72c-a9e4-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647955920, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955920, "uuid": "4036dcc3-1ac7-46bb-912b-a626c55b776e", "comment": "Malware payload (Heodo)", "value": "000f786376cb97eb1ace8504d55ed873", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955920, "uuid": "055a90ef-7c1c-43d7-a9de-a456100eb026", "comment": "Malware payload (Heodo)", "value": "42b423b2b0a5453ee2ba547510a767460ddef9c4eed1001a3cec618517d777c7", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955920, "uuid": "1cad039d-8b33-489d-ba55-063f05c21c0e", "comment": "Malware payload (Heodo)", "value": "b90fa4a3a1b175550fc936f53ae0cd69ffbc70fb", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955920, "uuid": "4651997f-1765-4f03-b149-b4a0cf958d9f", "comment": "Malware payload (Heodo)", "value": "f3b815d63690a2f45588ee30ebb112800c7ca6b9fd600ac8b7af439d044f29b4dbb91f99109495395a065d93be5c40a6", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955920, "uuid": "23ace6e6-b2cc-4644-a784-fcad259c6ce7", "value": "T113D41B017498F0B3E38918B04A858AFB724B5DB296117073F2ED378CA7725F15CE766A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955920, "uuid": "04815c21-39f2-4e9e-a199-427066ec8c9e", "value": "b193e4975b360aaa9ff34a6f93823ae8", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955920, "uuid": "856fc566-094b-412d-a8e5-93b21a95020c", "value": "12288:pao0Se86lloPxHHVVIjqxEqRVoQmiIII999tLLLdAkkJoFLZZWbClgluPcRBATfa:AqxETMJ777u3OmONFqNJtN1v96TOAnA2", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647955920, "uuid": "0ad6cee2-8580-48e4-ae9d-e1cd8beed00e", "value": 638976, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647955920, "uuid": "3ee0f308-f1c9-4b15-9073-42fe57f12b8f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955920, "uuid": "79bb0ccd-cbf0-4dc7-9c33-80b9ee57545e", "value": "42b423b2b0a5453ee2ba547510a767460ddef9c4eed1001a3cec618517d777c7", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "dafefa48-a9d1-11ec-9275-42010a9c0029", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1647947932, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647947932, "uuid": "fb8ce603-e4e0-46a8-8ec5-10e04e37e325", "comment": "Malware payload (SnakeKeylogger)", "value": "44c7281817bd823328a6376b37c14f33", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647947932, "uuid": "4c7bdf28-6bf8-4de9-837a-83ff47a8b868", "comment": "Malware payload (SnakeKeylogger)", "value": "42d13a9f983790d3abc4ea774529b6e2ef3a4da5b3778c53b8534e134a946d42", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647947932, "uuid": "4415c365-2add-42d7-bc23-3dac499d1e76", "comment": "Malware payload (SnakeKeylogger)", "value": "b5bca27f5189a9bb1174341fc416c55ef00f7450", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647947932, "uuid": "5d79bab0-c903-43aa-b061-1ce53b3c6aa1", "comment": "Malware payload (SnakeKeylogger)", "value": "662d671d194b38a2514120ceb9b76736ae3a40ac1e932ce281e21549b34be2756abb21eb5f95daa788de2bcd08ed94f8", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647947932, "uuid": "d89d4933-c0f3-4668-b731-cd6d17a83295", "value": "T10CC21D155AA8C272D5E5867E9CF272FD4227BE43CD32A75FE8C0FF0D78712601A81A25", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647947932, "uuid": "7a9791db-4c4e-48aa-8c8c-ab523d8d14c0", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647947932, "uuid": "e5b94953-d642-4872-8c33-b07f95acfc01", "value": "96:IJrbrxMs02qvhkZfzaV0zgj1WStdjiG4jaYmsvhwYkJOMSx92VP3bFnU:I11QyfzA0zqkAifaYtvXkIMSx92dO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647947932, "uuid": "7c771275-76ed-4ffc-9c0a-dbb5b3979987", "value": 26112, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647947932, "uuid": "578587f5-b5aa-4df0-b606-1d67c265a08a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647947932, "uuid": "6549b731-75a9-4287-ad9f-9b3e7acabab5", "value": "Scan07511102625.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b4627f39-a9cb-11ec-9275-42010a9c0029", "comment": "Malware payload (AgentTesla)", "timestamp": 1647945291, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647945291, "uuid": "38c186da-cc68-40fe-82aa-017f64bab3e9", "comment": "Malware payload (AgentTesla)", "value": "026a5300a2964893d6fa07af2a37f422", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647945291, "uuid": "4ee713c0-4ba3-4f5a-8bca-8aa51d40b31c", "comment": "Malware payload (AgentTesla)", "value": "43050e771bed8a330e6a4f90f6f39c43b558279e361709a0c88af76b0be226d7", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647945291, "uuid": "b20d50cf-51b1-41ca-9abc-f3f60dd99804", "comment": "Malware payload (AgentTesla)", "value": "0669d369de2a521e22f451deb829ad6b5eeabf0f", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647945291, "uuid": "50389a24-d2b8-42a6-9fb8-2a24b57a0863", "comment": "Malware payload (AgentTesla)", "value": "6fc3f4efb896d5e6408c50bb6997147827e5d3281221eb557e3b1d2c1d55fa9df44a680204faef2670b04e7ef0b4875e", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647945291, "uuid": "f52331b3-8b50-422a-9d09-c4c0cbc0d4cf", "value": "T1C525234836889157CADB0FB06404539193F5D4A65827FF9FB8C7630E139AB8B1683E6F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647945291, "uuid": "175d8ea1-2dae-439d-a1c6-21b8d915e12a", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647945291, "uuid": "d124a2a7-e717-4b80-b3d8-659b9f608153", "value": "24576:wkoh/qfTl4Qw+rb0Vh0Of8r1Cvzp7dtGiGvlNt0yshhFJb/1ra:PohSGCrb0Vh0I4CvzpanvlNt0yo/JD1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647945291, "uuid": "b5a650c2-614f-46dd-92cc-fe613a08ec9a", "value": 1048576, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647945291, "uuid": "c0acedb3-27a2-414c-9dbc-09bc2b8acccf", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647945291, "uuid": "bf63969f-5cdd-4dae-800e-71b9f3de927d", "value": "TEKL\u0130F \u0130STE\u011e\u0130 HK NEMKAR \u00dcR\u00dcN% Sipari\u015f TURK75BS\u0130l_xlsx.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "81c8d8cf-a9e0-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647954225, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954225, "uuid": "50c63ea5-0229-4746-ba43-925cf76d6026", "comment": "Malware payload (Heodo)", "value": "46dd80f7f3e6e2e26c0b60a9c099cddc", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954225, "uuid": "01195882-83a0-4f84-82c5-70c80929f2ea", "comment": "Malware payload (Heodo)", "value": "434c4cb712b9c8419ff81564c34df9d49db936afa3f1cf8ece35399e2e23d716", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954225, "uuid": "d4801626-00c0-4fd3-84e4-df1d89e107df", "comment": "Malware payload (Heodo)", "value": "1652264d1590327e74346f542f6b27242048b0a6", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954225, "uuid": "da0479b3-e305-409c-9d5f-125fa120880c", "comment": "Malware payload (Heodo)", "value": "572a4529cbdfc9be6db6912b90454aa544941ac3239130f5f1cad8fa3e005b3a71ec216d63f4ee9ad9927eaf5a8914fc", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954225, "uuid": "be0aa50f-da25-4ffc-a023-d67d1b7cbcd4", "value": "T11B25AE223AD5C07BE2AF16760506E76E62F5FD304B2586C36FD11BAE6E345C29739302", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954225, "uuid": "6ed3fb58-951e-4ac3-b407-8c40a707399c", "value": "c43d7d6aae03def404d4e73d7d3f62eb", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954225, "uuid": "595ab49c-fafb-4fa1-8031-bee75a21e0a4", "value": "12288:+LDlVD0Fj+g1dEJgcIzQHBKeWZlQe5tFjNRLU:Ci6fgcIcHB8ZxbLU", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647954225, "uuid": "0d8d1c66-d411-45b1-89eb-71815d73f540", "value": 1028096, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647954225, "uuid": "1724e695-f43b-4a1c-9066-aec8d945e055", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954225, "uuid": "993ef351-ea79-4d11-b5b8-0e32a2473b1e", "value": "434c4cb712b9c8419ff81564c34df9d49db936afa3f1cf8ece35399e2e23d716", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d90bc279-a9c3-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1647941916, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647941916, "uuid": "afd9482e-1a0a-4ff7-9f61-6d348ec895e1", "comment": "Malware payload", "value": "26a8cd620fe4a5250a24efb75ea5a7ae", "object_relation": "md5", "Tag": [ { "name": "Python", "colour": "#D6064D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647941916, "uuid": "dbdd4be4-d0e1-4e99-a498-dffb339b52f5", "comment": "Malware payload", "value": "438f283f8d9a7e2a28a6ef5e4a331f225e8bf8f96ebd6af814d7b4bf7171ef21", "object_relation": "sha256", "Tag": [ { "name": "Python", "colour": "#D6064D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647941916, "uuid": "f35412fd-87cf-4b60-9c2d-3580039df7c7", "comment": "Malware payload", "value": "73ec0864859bd81fc727722e5f8029a910848f35", "object_relation": "sha1", "Tag": [ { "name": "Python", "colour": "#D6064D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647941916, "uuid": "0597926c-e8c6-4479-839a-327a48a29492", "comment": "Malware payload", "value": "5e633655aa45c8b27516dfd8ae17a9e81eb10cd9f158702da7bb38129477c0e2c7c1d2049cea7d220df56f56b993bf5a", "object_relation": "sha3-384", "Tag": [ { "name": "Python", "colour": "#D6064D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647941916, "uuid": "c0d2fc26-af9b-450e-bc7a-4d133cea64b9", "value": "T13141E124ED7DBE10D272845DDD638907E12652132E293819F6FC8B143FB2AB4C5A39DD", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647941916, "uuid": "3a35fc87-a2ab-45ef-9ca5-da0693599e0b", "value": "48:2H3vmVrMgVDKVutAQ2ocfJm2bZX0Z0CyKspZ+ML1rcRU:2HaYgVDKVutItPbBLJcMLtcRU", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647941916, "uuid": "bacdb5dd-2bae-4b5b-93c4-9605e760f0b7", "value": 2374, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647941916, "uuid": "28a4c025-61e8-4cdc-9aa1-97c2b656f5f2", "value": "text/x-script.python", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647941916, "uuid": "c04f9176-0df1-4763-9437-ff4eeea5abb2", "value": "rr.txt", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9519dfb7-aa16-11ec-9275-42010a9c0029", "comment": "Malware payload (RedLineStealer)", "timestamp": 1647977450, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647977450, "uuid": "25190658-9634-4e82-88b0-118146947ae2", "comment": "Malware payload (RedLineStealer)", "value": "ddfaea39f2210051c2ca528b9b00bbf6", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647977450, "uuid": "f42199da-ea76-4200-9f92-0d73fb8d0cf2", "comment": "Malware payload (RedLineStealer)", "value": "4398a95b44d027ac700c862852d4e068371bbb8d86c734ec2c903a388b4c85d7", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647977450, "uuid": "4bcbb976-0952-4c29-b057-5ac29cba6ebb", "comment": "Malware payload (RedLineStealer)", "value": "7df11671b44a8f67d2376650274aa01aab15e42e", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647977450, "uuid": "5f39db04-e326-4b99-a1ac-68ac4c57553a", "comment": "Malware payload (RedLineStealer)", "value": "058336d8e68e77e25b53c31ef1785f34ba0a3e53b55e03c740c619a9e35ac5563cce52531d02540898c7cb68e77faebe", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647977450, "uuid": "dbd0b9cc-ecd7-4383-9250-618eb692aeef", "value": "T1323633466003774ACE5C57B62029A713FB54CBA05F7BC83C649B13A85288BC3ED7F966", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647977450, "uuid": "6d8f129e-8e7e-4693-8710-bd6c263fcce3", "value": "fddc083fa31a17c938d0a17ec7cd3025", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647977450, "uuid": "c42cc181-4284-4af0-b910-900e7ec5aa5f", "value": "98304:XHOerfXUtT43FXYEktOHHE//+P9J3gT/:XHcS1XYEwgHG+P9J3g", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647977450, "uuid": "6858b30c-7136-468c-a9c3-b1aee94ea174", "value": 4888432, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647977450, "uuid": "7e47f51f-57e7-422c-b647-b9b5b8fa9c93", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647977450, "uuid": "dca07019-3272-401b-be7c-6ed7e5eb6283", "value": "60696439.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c29a1f1c-a9e9-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647958199, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958199, "uuid": "62f314b4-b180-4943-8972-031b386a2add", "comment": "Malware payload (Heodo)", "value": "3775222a7c02d56e3f27790b7f6990b9", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958199, "uuid": "ac1e398b-3679-48db-9c1e-afc4d5481e47", "comment": "Malware payload (Heodo)", "value": "43a3ae70ae5cc3c0e3b3bcfd3929ecd359e996c9d33c9767eb6010b6c0a4d3c1", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958199, "uuid": "a3b05708-2808-4a73-a061-5a8ec9bbd4e8", "comment": "Malware payload (Heodo)", "value": "28603a88eef88852679a2458de18c6706a5ac8b3", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958199, "uuid": "fde69a29-fc14-44e5-a4ce-a07fd14b4850", "comment": "Malware payload (Heodo)", "value": "fcc85150d001872e3579306c4f175b2cc924c3ebca3547dea36bb7bed0dad0278899a54f839599c9fded13ade5380fb9", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958199, "uuid": "62b8eb35-079a-44d5-b799-de0b102ea61a", "value": "T11E059C596B46C0F2C3B53CF0182A42B11D9AFAF2C7B7023B9E84167D9A70DC17768D5A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958199, "uuid": "133381e4-a585-4e6e-92c2-de2bcaa80eb3", "value": "cd97bd977cef263c697f451ae2c47380", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958199, "uuid": "48700d4c-e214-492b-8dbe-711e0cf6770c", "value": "12288:V20BXOMcVzpWfmmnDDUX5P8fMYsvFE6NKGfLjx8QvbxafqNPOd4jy:V9XOMc1KmmDAX6svFEDGloyNPOO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647958199, "uuid": "f65dc12a-0776-4565-be7a-f738589d2f1f", "value": 799232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647958199, "uuid": "85fc3e55-897f-4733-8979-9134f8b77976", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958199, "uuid": "7208ec56-77bd-4e4a-b1f8-40d94a7add7c", "value": "43a3ae70ae5cc3c0e3b3bcfd3929ecd359e996c9d33c9767eb6010b6c0a4d3c1", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b5e73206-aa16-11ec-9275-42010a9c0029", "comment": "Malware payload (RedLineStealer)", "timestamp": 1647977505, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647977505, "uuid": "7289a921-a6fe-4b98-8c7e-3d43c0759e84", "comment": "Malware payload (RedLineStealer)", "value": "57a045002bfafe93fb3a648c85c5bcac", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647977505, "uuid": "16405049-395e-48f3-b49c-790a4706c61c", "comment": "Malware payload (RedLineStealer)", "value": "43f817963dcf9bc73bb52d3b1ba7a5f2bc6dbe3159f1f9aee951e44426cf20bb", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647977505, "uuid": "68d57d90-2fd7-45f4-9d15-5b8773db06f0", "comment": "Malware payload (RedLineStealer)", "value": "8282dd0372ef65de5e4aa0c174c264ca3f0ae0a6", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647977505, "uuid": "d6259dba-7f4b-4683-9b85-2b1fc4ec0a51", "comment": "Malware payload (RedLineStealer)", "value": "ba67ac2a5c657e9b672a8d3a0eb10770273a6a5a22fe4578e2588b67c76bc27a58d750a60769c705abf0e953eb6655b0", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647977505, "uuid": "4a8142a7-19b4-44bf-9c4c-0300df6a3ecf", "value": "T1EA3633C40B9E6D0CC1D70A7DA56C661FC950F649E8F8FA43321EEFDA17670C58A248B9", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647977505, "uuid": "4b4df518-5c6c-4600-9f8f-d333c7de1b9d", "value": "fddc083fa31a17c938d0a17ec7cd3025", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647977505, "uuid": "820bfe1c-01f6-43a2-853c-bbf5a49d51e1", "value": "98304:VCdq3CCulsUdLXQSpPBijUWcckNAcnCt6hJL3mEt/3zIGUr+WRiBm:odlfmUpzAj6jjjJRg", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647977505, "uuid": "e361ee9a-a025-4fc3-a66c-9d6608d18c6a", "value": 4886832, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647977505, "uuid": "a7de5d3e-53fa-4fcc-a3c6-6093b7c8876d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647977505, "uuid": "79f712aa-6821-473b-803c-7658a8db6381", "value": "83796247.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "02556892-a98e-11ec-9275-42010a9c0029", "comment": "Malware payload (njrat)", "timestamp": 1647918793, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647918793, "uuid": "fc1a02ee-f2b2-408c-aef0-30a554e09633", "comment": "Malware payload (njrat)", "value": "28a876745eead9d2eb12ebaf5c5da66f", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647918793, "uuid": "b0e7f74e-6e5c-442e-91f3-d78cb20016fa", "comment": "Malware payload (njrat)", "value": "4403f7b906a99f50c9d42c8d24b03e9daf0afdc52814e067c931411e41f1c7eb", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647918793, "uuid": "14b4ea2b-82b6-4b0e-a7fc-2db5eed4eb72", "comment": "Malware payload (njrat)", "value": "7fb4e6d931135696cd6d1542e1c352619ddf3567", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647918793, "uuid": "dc58b20b-4d8a-4c84-8186-6062d12525ec", "comment": "Malware payload (njrat)", "value": "0d8f6717913013d7192e06adcf5c9677cf37a779d30073fa3ba06f5efc0e2e54c82acefeb241e3db055794000daacdb5", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647918793, "uuid": "10bb4061-7a78-4032-a2ce-abb3a194b5b4", "value": "T1D4E208067BE94215D6BC5AFC8CB313214772E3838532EB6F5CDC88CA4B676D00655EE9", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647918793, "uuid": "0c881b44-c95d-49ef-ab5d-442db39c6de8", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647918793, "uuid": "3f7fca55-3bff-46dc-854a-df9ce7f3a0d6", "value": "384:n0bUe5XB4e0XHOnPw0Q0mS03AWTxtTUFQqzFqObbZ:sT9BuuI55dcbZ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647918793, "uuid": "cfe94b69-e3d2-48fd-a75c-1c8e69215b3a", "value": 32768, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647918793, "uuid": "4b0f499e-0d63-4a9f-a18c-21023f1c03d8", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647918793, "uuid": "57c24f41-ccac-469c-b2e2-e179d7dd4d64", "value": "4403F7B906A99F50C9D42C8D24B03E9DAF0AFDC52814E.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fce173f6-aa1b-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647979772, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647979772, "uuid": "eb7ff403-2bb8-40cc-aa56-73b165e75390", "comment": "Malware payload (Heodo)", "value": "9e3ba3ba49bb84e64715580fdab1c88a", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647979772, "uuid": "e789af82-c521-4603-a403-edbba8b6ee4a", "comment": "Malware payload (Heodo)", "value": "442d27ed53bb5067d381298428fd3792f7a7f33d0db6fab01ec44dd980c04b41", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647979772, "uuid": "b84ff2a7-8695-4552-a1b6-d280e9b2b707", "comment": "Malware payload (Heodo)", "value": "4eaeb781b76a12a58ca1a48c7de5795ca9f1aa9e", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647979772, "uuid": "a6c4491e-ebc2-471b-88c1-5fb13e2d13ac", "comment": "Malware payload (Heodo)", "value": "5850f40497c8a4cfc8d95810b4f2e6de8838c2f663150dc503b9a444441eb1ab92a2f5c1ce1f6cb2f534bf031f123d13", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647979772, "uuid": "3664e906-5f6a-46b1-8314-4b9a0c291c75", "value": "T1CA353951B04FD1BDC08F04BD596AA37EB29C9E100B7544EB329C3BDEAB389E545B2D06", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647979772, "uuid": "a632aa2a-28ee-4a84-9b3a-e3bfa2d8f445", "value": "570e13786e13464ca954b67524d1cbb1", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647979772, "uuid": "4e5576fb-aaff-41bc-b163-e5e795eddf6e", "value": "12288:NLyWPZ3mtGkQoQK/1mqXXpvoCpN8ARRZI1EPq9vsOwDu3kQybR:0KWtGkXQgDXloA1Z2ytX", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647979772, "uuid": "3629cd05-849d-45bc-97ef-b38d19cbb94a", "value": 1064960, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647979772, "uuid": "d382d61f-6efe-479b-8ad4-e71188e2d7bd", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647979772, "uuid": "89da81e0-5eee-40da-9c7e-a49d1b3c3778", "value": "emotet_exe_e5_442d27ed53bb5067d381298428fd3792f7a7f33d0db6fab01ec44dd980c04b41_2022-03-22__200927.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b44bf6c1-aa14-11ec-9275-42010a9c0029", "comment": "Malware payload (RedLineStealer)", "timestamp": 1647976644, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647976644, "uuid": "da81a1b2-83bc-44e8-a20e-5dface1277a1", "comment": "Malware payload (RedLineStealer)", "value": "8c7e41fd0368c45df60e0ad7895ae69c", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647976644, "uuid": "ef653128-f549-4909-9a62-7010570039a3", "comment": "Malware payload (RedLineStealer)", "value": "44326ab7fbd9d25759137c2984b7f279db22caa19698746a80780fab0c8fd2e3", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647976644, "uuid": "95f14a21-a72b-4b21-8bb1-a965e423982b", "comment": "Malware payload (RedLineStealer)", "value": "93b3f94e23b03b97ac97b85dab6f15cd7f56cfca", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647976644, "uuid": "530d90ca-52d2-4958-8cc9-26d34b4a349a", "comment": "Malware payload (RedLineStealer)", "value": "eb183a42210962e9cdecec43473eaec903feeb853e3afe5c1514906bec23a783f409539b295038a4733f2fef5469b78a", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647976644, "uuid": "4d19a8d6-7bc8-4fd9-9bb1-736c118f7786", "value": "T10E16331739021A66EF421EB8335F46FBC7A411E97B61B17786A888C3D4D9CCEEE58170", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647976644, "uuid": "5ca9d383-9cf3-45c5-8f79-93812f596725", "value": "445554923421947cbff896012e27345a", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647976644, "uuid": "2077f316-d43c-4530-8373-bdf54133b24a", "value": "98304:S95iC30W9f2NYjDDtA7gQukOVkyADjpBZMUeTUCnqg/HL:SbHEWTy7gQuzA/jZM55r", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647976644, "uuid": "42e8f157-87d7-403e-8760-6ab9fef698ae", "value": 4147352, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647976644, "uuid": "e9794aad-3789-4f24-94ff-f7436dc8f8df", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647976644, "uuid": "d42a013b-4595-4229-95dd-3c2ce97a67cf", "value": "51507880.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b5c84cd4-aa02-11ec-9275-42010a9c0029", "comment": "Malware payload (AgentTesla)", "timestamp": 1647968915, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647968915, "uuid": "ab3e2f2c-f96d-413d-bdd5-03bc6106b903", "comment": "Malware payload (AgentTesla)", "value": "580ee5b46f446e1dfb111bb0cfb67dde", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647968915, "uuid": "bd9fcba9-8805-4c8f-a95b-dde1970e3fce", "comment": "Malware payload (AgentTesla)", "value": "44ba60a8744dfb54e2efff18c4ea98b7daff4f8985389e14acd0d1357f5e80c5", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647968915, "uuid": "105c3f60-717e-4eb8-b4ae-aba8e96f04f4", "comment": "Malware payload (AgentTesla)", "value": "d9f3a2dbebe92a2e2b4312f35be024dcda07afb6", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647968915, "uuid": "a3808f70-3a9e-471b-89a0-3fd894caa591", "comment": "Malware payload (AgentTesla)", "value": "89944df64b03cc6779746e80c134a57301139ff35ecf46496dd593c309329dae61382c85e47f818e24673345ca2303de", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647968915, "uuid": "c7cd5c8f-1c66-490a-953c-af316421d7f4", "value": "T1294423118C3C3A4559CFAFE88AEA79BA2607152D2D8A5DDD80D8AC8DC49C4D24B3F17D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647968915, "uuid": "6522d8cf-03f2-4ad0-bc6c-1a2c2a15954f", "value": "6144:pDjpM8/qHHAAAkiGrh89M8CGDWqIm88sK4InItW7+YVZJfBMXZKsg:9S8/qnAAliY869GDOhC4InsW+ixB0Ksg", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647968915, "uuid": "7e0c6b1c-f166-4db1-a1c5-5b3bfe5736c1", "value": 276416, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647968915, "uuid": "33bf7bff-53ee-4da1-9c9c-941856719b85", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647968915, "uuid": "6560e26c-ec49-4f00-b2cc-227518648e80", "value": "Invoice.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "64deac70-a9e1-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647954606, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954606, "uuid": "9b9ce121-e020-4825-ba4c-99892f438bc3", "comment": "Malware payload (Heodo)", "value": "520922e0c197d9819962e34a4b99390e", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954606, "uuid": "4e3a3236-a603-487c-bb5b-f7c1e0c2c129", "comment": "Malware payload (Heodo)", "value": "44c12e660d565b7beb4af2a2d4f94fbc0d20048934b5fbea76f20748f22e2576", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954606, "uuid": "23067cbe-50b4-4ae4-b6c2-9ae3d70d30b0", "comment": "Malware payload (Heodo)", "value": "9bc0757ba709c8987be904e5454d4fb1d94bbf9c", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954606, "uuid": "7887c05d-dd9c-4cb6-bb31-8f8a34faed70", "comment": "Malware payload (Heodo)", "value": "2b5f442d1bd4dff2b87266654568bdfc7b85ef69ad63969ab48c05bd0014f54e6a75a6ce1ed221f207acc004ce7b5a60", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954606, "uuid": "7bfaadb4-7c77-4ede-a477-e5b9778b5770", "value": "T1A6E4BE6176C2C0B6C15F017A5946E31D62E5AD609F3896C3ABD4AFBFBFB50C29D34202", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954606, "uuid": "b0593c1f-e8c3-4021-858a-46099f8351f0", "value": "5529db874583b5635436baabaebb4b71", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954606, "uuid": "84287f64-ebee-46d6-b134-85c61daf5904", "value": "12288:Z6ZLutvgrwV8RQc5W1yS0ezL9J6XKYe/vyzfANcN/kJhXx5y:qza8RQc5W1P0Q9sXKYLzflBkn", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647954606, "uuid": "06fd280c-a0ce-495c-b304-03c7b8ee40c9", "value": 679936, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647954606, "uuid": "af29bc23-4461-4964-9534-eb2c1164e7bc", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954606, "uuid": "34ad47f1-d109-4752-b12d-092993366d8d", "value": "44c12e660d565b7beb4af2a2d4f94fbc0d20048934b5fbea76f20748f22e2576", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8997460e-a994-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647921597, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647921597, "uuid": "fb83a650-14ba-4dc3-9dd0-8c8af7112721", "comment": "Malware payload (Heodo)", "value": "b9a6aadf63c3f5af69340410791cdab6", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647921597, "uuid": "5190a9f1-925e-49f5-b0bf-9a923cdf48bc", "comment": "Malware payload (Heodo)", "value": "44f0b980dde78bc006e3e49bc751af5c745caaaead151a806e7c909e0cc3678b", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647921597, "uuid": "4bf048c9-1de2-4308-b941-2e3559bfaef9", "comment": "Malware payload (Heodo)", "value": "826f758dc69f787e0957710a6b8f86d2dfba4d55", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647921597, "uuid": "3bb8a861-6ad2-4ab9-9c4b-e753c47328dc", "comment": "Malware payload (Heodo)", "value": "04514d9239296af347bab44bcc5b17d902fc87e4d50a6d4ad10b90ab0ba30808a73b12eaedb1f518a2569841e008e01d", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647921597, "uuid": "0d7d29e2-e6ba-4ccf-a666-cc2f89e24cc5", "value": "T1B815BF133A91C47EC2AE10761A0BBB3B77F9DE204B368AC3A7457B6D4E725C24237255", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647921597, "uuid": "a578b243-6e83-4677-8461-3d21e30f562e", "value": "9a354c1fc39e5f7aac20532ec12588d2", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647921597, "uuid": "7411460e-20c7-4462-8e7a-3eebc1aa7def", "value": "12288:6Tkv3QgK8FedvC9JwY/3XAN2Wt/t6sQvIuqtCOOROPXKmb4M:eM48e09yY4N2w/tFQQGOOozb", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647921597, "uuid": "cd53029a-099c-44ca-b312-74978dbb9776", "value": 946176, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647921597, "uuid": "0cd47c57-3709-443a-84fb-6caa601d2f3e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647921597, "uuid": "1d95fa52-a5ae-40cf-af72-8e6a1162a93c", "value": "emotet_exe_e5_44f0b980dde78bc006e3e49bc751af5c745caaaead151a806e7c909e0cc3678b_2022-03-22__035950.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ad281c2c-aa10-11ec-9275-42010a9c0029", "comment": "Malware payload (Formbook)", "timestamp": 1647974914, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647974914, "uuid": "51fa6f9f-8f26-49fb-8441-0cad520bb616", "comment": "Malware payload (Formbook)", "value": "5c5afe64e80a7acd88709330fc58a20d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647974914, "uuid": "9f18a9a0-9dca-465d-9d87-b8e4646f20b5", "comment": "Malware payload (Formbook)", "value": "4504cf6857483bd7ae6874544d602ac9413a1929bb6d1fb0eef07360f572af6f", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647974914, "uuid": "a4037d84-3b8c-4550-b2f4-6a12734c63cd", "comment": "Malware payload (Formbook)", "value": "da5b364a8823c4ca161ed26e5605c72bd87ab28b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647974914, "uuid": "15a19970-e8bf-4014-805e-ef40efd4e1b8", "comment": "Malware payload (Formbook)", "value": "be333d11cf7d803aa976972e9ea27b72672f6d89bc569cce5125f05ecb1653e4cf9e77802301a0fccd6112d438e0d3df", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647974914, "uuid": "e8709bdc-ac38-4636-902d-8984641c264c", "value": "T1CEF48C63AEA3C106DF572FFE5C60AE856B5197852A13DCB47826B734DF632382F09160", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647974914, "uuid": "d7523180-b027-4457-b2b3-634baa682ab7", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647974914, "uuid": "4e315600-2f48-4eb2-9fdc-a7d576145905", "value": "24576:DcrVOv0iMxBKde1tzHfhr1znaaC0zj9GbH:DKW0xxBK0/644", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647974914, "uuid": "e4531920-7f1a-4596-bae2-b8acf0f729ad", "value": 792064, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647974914, "uuid": "fe144240-f166-4e6f-a125-1964d237722d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647974914, "uuid": "2f36ed43-ebb5-4119-843b-8c783d9fb975", "value": "5c5afe64e80a7acd88709330fc58a20d.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c797d727-a9ea-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647958637, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958637, "uuid": "8a051d22-f230-463b-bed4-077f12ee9a17", "comment": "Malware payload (Heodo)", "value": "0b684d46aa0411b48a0c5ef07fccb9b6", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958637, "uuid": "b736e626-d9e2-4cf7-9586-e1bdd4671351", "comment": "Malware payload (Heodo)", "value": "454710332a1147be17990ab841d2d257a5248e9a51fbb613d4d5e091542bbefd", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958637, "uuid": "914ebf8c-3038-43e6-916c-7c4bebc3b342", "comment": "Malware payload (Heodo)", "value": "be6ceea1da358b3ff59f831d6178ef9a334df3e5", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958637, "uuid": "6710ab3c-835a-4fee-9f2f-bac58ee07edb", "comment": "Malware payload (Heodo)", "value": "5888ea0bfe8297d385a7b563235808ddc78c4993f7b6944ef4bb3964c76bffba6eb730e97083d2639cf03c64d6dc8f4a", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958637, "uuid": "4e7ca8cc-df6b-4fa7-a17c-3311b321e018", "value": "T186059C596B46C0F2C3B53CF0182A42B11D9AFAF2C7B7023B9E84167D9A70DC17768D5A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958637, "uuid": "1ea31987-8c64-4a6e-b472-4e3ed473f2a4", "value": "cd97bd977cef263c697f451ae2c47380", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958637, "uuid": "845c70d1-e1ee-4da7-8cc2-342f73e086c0", "value": "12288:V20BXOMcVzpWfmmnDD/X5P8fMYsvFE6NKGfLjx8QvbxafqNPOd4jy:V9XOMc1KmmDrX6svFEDGloyNPOO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647958637, "uuid": "87213e17-f58f-4b37-8774-bebbf94c0daf", "value": 799232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647958637, "uuid": "e258a856-a79c-4a68-a779-543ec2799122", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958637, "uuid": "cebb618b-f81d-4168-a20c-a1903da7c638", "value": "454710332a1147be17990ab841d2d257a5248e9a51fbb613d4d5e091542bbefd", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3434d151-a9b4-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647935197, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647935197, "uuid": "cccb1918-031a-46b0-8080-c8098b16b994", "comment": "Malware payload (Heodo)", "value": "db78d8152da8bbf8ffde4eda847910f2", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xlsm", "colour": "#6BFEB7", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647935197, "uuid": "fd203108-b4b6-45f8-9ee6-ae35e0079622", "comment": "Malware payload (Heodo)", "value": "45620a3efba3fe94d247cb7d224208ca962385726b0dda729659fe48885c4bc9", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xlsm", "colour": "#6BFEB7", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647935197, "uuid": "2f28ca0d-489e-4cbd-8858-e72d7b57c46e", "comment": "Malware payload (Heodo)", "value": "23b0c9c31158e8284a65fd7d02e71e189fa39ab3", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xlsm", "colour": "#6BFEB7", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647935197, "uuid": "28b2812c-87b8-4e4f-8aa7-97bc96f170f8", "comment": "Malware payload (Heodo)", "value": "280e70d74d28e07e31ec377ef34f78eae9d2d9244b4b51d0b56e55e1fcc7a5d5333b39c663c2784f0b89603226248c54", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xlsm", "colour": "#6BFEB7", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647935197, "uuid": "7908c9d6-2998-4626-bf4e-3446029b8121", "value": "T1BBF2AF71F2E28E9AE476587C4B8CCAF4D73CDB22520A7E1C309A537C5F126566A4E24C", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647935197, "uuid": "946c04a3-53b0-4b79-82f3-498f04358d30", "value": "768:Rsmn9tnd5euAjOZpqcVbZYpoRuBlIiOKMArOoooooooooooooooooooooooooofS:RFtndguUOZZ1ZYpoQ/pMA6Kt", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647935197, "uuid": "09a0e4a7-e130-4fbe-a067-52fc1130cb1a", "value": 36495, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647935197, "uuid": "9b36e624-587b-49ac-9532-418fc400acb9", "value": "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647935197, "uuid": "592abc96-0a73-4a36-a55d-aa3b65497281", "value": "New Address.xlsm", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "803e1c6c-a9d5-11ec-9275-42010a9c0029", "comment": "Malware payload (Formbook)", "timestamp": 1647949498, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647949498, "uuid": "e2c26949-be45-45e8-8079-4fa592c5291c", "comment": "Malware payload (Formbook)", "value": "9808c8a2c63a32dc9743c03bddb09e39", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647949498, "uuid": "dcf1b4f3-067a-4808-9445-8bcd440a3b89", "comment": "Malware payload (Formbook)", "value": "457df636f0856d3ea978142fdcac35a4f2e31a863deb2660c2cdd8998f6bf2b9", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647949498, "uuid": "be76e5cc-cbcb-4a99-b11b-f5c971a3d9b1", "comment": "Malware payload (Formbook)", "value": "aa96d2972fb9d19ef77b1db916fd57cfd0dc03fd", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647949498, "uuid": "c9e1b111-b6bf-41df-b4d9-cde82509ed97", "comment": "Malware payload (Formbook)", "value": "dfd4c2783f69d418428c78739a0cc94468cf5f7d90c91e50240433ccc48b240e8d3d82362dd252ed5674364d1788cb28", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647949498, "uuid": "a5e1ca52-7a28-4007-a668-b99c09b08052", "value": "T1CF34130F3DC09AB3E5D95A3170778E79E372C290865BCD176F843FB07AA75018516A3A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647949498, "uuid": "4aeec0c9-d2a9-4708-9a41-1759cbadb47a", "value": "7fa974366048f9c551ef45714595665e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647949498, "uuid": "6260088e-f934-4acc-a28e-f5ed1f2f2c3a", "value": "6144:rGiJjYNY9wXM7UcXHPXKJASPwElaptj8NCZxumx:FjYNYSARXHPzVqa3jotu", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647949498, "uuid": "646f0a3b-71fc-405a-a397-31c775818ce2", "value": 246494, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647949498, "uuid": "c8da533b-6457-42cc-a3e5-3b5beae9ab95", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647949498, "uuid": "5d7caaee-d7c2-49cf-89dd-252544cd7c77", "value": "RF-03221127.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "76de3d36-aa3b-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1647993291, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647993291, "uuid": "d5d6ff1f-b91c-453c-a057-1e5fcfb02c86", "comment": "Malware payload (Mirai)", "value": "0bb35c57abc9bf7e6d86f74acfcfe417", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647993291, "uuid": "81748fac-06ce-41c7-8516-9e5dc5400b78", "comment": "Malware payload (Mirai)", "value": "45b02c6a9d02baab0d9c52217aed9ceb5732b6d356f9eb8b801ace01e79f6b18", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647993291, "uuid": "839dae0c-6201-4c3b-8551-609b70a152ae", "comment": "Malware payload (Mirai)", "value": "5317978d6f2a4ecec96661eb810f445d7678516e", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647993291, "uuid": "b3a48eb1-f7ab-4714-ac9c-7433e735ea75", "comment": "Malware payload (Mirai)", "value": "c70884e0dfc05da03b1be29222b271096e23a416c109b6135d960d2a77f77d1f993b4c0360a719711a1ca4e49ec56ad0", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647993291, "uuid": "b91a39aa-b7de-4f2f-b563-8182a2ab1de5", "value": "T1F5C2D088274519E9D2F9C13807B81B681DB40F96F809EC8678FCE7629D8E4753413EDD", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647993291, "uuid": "90a777b0-cf07-42c7-ab84-0ab5c6ece9f5", "value": "768:I2G214DFyosXqgvV9o1ndB08FPCJgGlzDpbuR1Jn:I2GdDgosaaO1ndrPGVJud", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647993291, "uuid": "a7746f4e-1c5a-447d-b259-8513da67a7c5", "value": 26184, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647993291, "uuid": "968459f5-7b45-4931-97b6-9fe40ab61619", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647993291, "uuid": "0a6f535d-fc8c-43b8-96f8-ce58195614f3", "value": "0bb35c57abc9bf7e6d86f74acfcfe417", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6b2fff17-a9ea-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647958482, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958482, "uuid": "af16abc3-80d0-4bbd-beae-c70f992f53d7", "comment": "Malware payload (Heodo)", "value": "50d5e906bfd0a194d0957c3ab2bef885", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958482, "uuid": "f1f2187a-e76e-428f-99e0-a11d018c5e3b", "comment": "Malware payload (Heodo)", "value": "46251c1a381a9d45871298e1e6312ca34c43b635dd24096c3d738ee56ad751e4", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958482, "uuid": "a3f2c0a8-752c-4d3d-a9e1-f741846e5e00", "comment": "Malware payload (Heodo)", "value": "5bcfc7cb70debd814a4e572f1236d13f10fbcf66", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958482, "uuid": "cedfe15d-857d-449f-9a21-89538ef2607b", "comment": "Malware payload (Heodo)", "value": "f074f8fe37415529c443acf979df1f77d51f2f724a213b46cd26fe2246f841837282dc9b2a64d8d24ba900c75ab05ad0", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958482, "uuid": "11a56ace-0af0-4b79-9d37-39308c8d1dcc", "value": "T145059C596B46C0F2C3B53CF0182A42B11D9AFAF2C7B7023B9E84167D9A70DC17768D5A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958482, "uuid": "69c044c4-9e8d-4a12-b574-4a821f58390e", "value": "cd97bd977cef263c697f451ae2c47380", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958482, "uuid": "fe26f59e-97f6-4f0d-9382-2763b6459ff2", "value": "12288:V20BXOMcVzpWfmmnDDBX5P8fMYsvFE6NKGfLjx8QvbxafqNPOd4jy:V9XOMc1KmmDlX6svFEDGloyNPOO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647958482, "uuid": "7b907872-344c-425c-8ef9-ab2a4a799be3", "value": 799232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647958482, "uuid": "4023d532-dc40-48ea-a36e-3836f67c56f0", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958482, "uuid": "cae4fb92-0678-4b6e-8486-b39d72e8ccc5", "value": "46251c1a381a9d45871298e1e6312ca34c43b635dd24096c3d738ee56ad751e4", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0ec8bc84-a9ea-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647958327, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958327, "uuid": "c91fb8f3-bc37-43b7-a3cb-138fba773b86", "comment": "Malware payload (Heodo)", "value": "aeca538a885211e9c2f5501ebeb05b42", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958327, "uuid": "f61f86aa-5d9b-485d-95f4-3c0a1efa8afc", "comment": "Malware payload (Heodo)", "value": "464ff8aedfd2805f4ade3483fdca9ec5acdff262a92adea5810a813ba880afb6", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958327, "uuid": "5156aab3-ec69-4c83-8071-3951fc25a4e9", "comment": "Malware payload (Heodo)", "value": "e56d5323778330b61883e9431220c418cf18b219", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958327, "uuid": "73487424-549e-4d92-91e6-e1cfb652f653", "comment": "Malware payload (Heodo)", "value": "965e801ac4862bf0e2f5f3cdac15ed46c27383291734d37dd919265657d89b249e9afe6a8f0855b024d4bcfb1bf0dff2", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958327, "uuid": "918ff18c-0587-427b-ae69-fe9b05f08cc7", "value": "T1C4059C596B46C0F2C3B53CF0182A42B11D9AFAF2C7B7023B9E84167D9A70DC17768D5A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958327, "uuid": "cfe6445f-dacf-4fe6-8859-cb12409aed99", "value": "cd97bd977cef263c697f451ae2c47380", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958327, "uuid": "c3e64e23-0a47-4bd6-84c3-89686429f170", "value": "12288:V20BXOMcVzpWfmmnDDQX5P8fMYsvFE6NKGfLjx8QvbxafqNPOd4jy:V9XOMc1KmmDcX6svFEDGloyNPOO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647958327, "uuid": "4bbcf452-b327-4eff-90d5-9b4d2abdd6b9", "value": 799232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647958327, "uuid": "9ef82560-2533-4c43-af4c-111e1fd3b82e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958327, "uuid": "e2552f84-1f83-4880-ac22-60090166702b", "value": "464ff8aedfd2805f4ade3483fdca9ec5acdff262a92adea5810a813ba880afb6", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8887c8a1-a9e4-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647955954, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955954, "uuid": "0b6e1446-0ff9-4e68-996b-6ce72fbdfe51", "comment": "Malware payload (Heodo)", "value": "2647208f0a85a11e11f62908cc611f6d", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955954, "uuid": "c7e99ac4-2087-4dbc-ad03-20607fde29d1", "comment": "Malware payload (Heodo)", "value": "4659cf47f35d7602b335f8af9ca80ec08603c93c539aecf278f8ce592696fb1e", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955954, "uuid": "ca3b3faf-0156-4de9-975d-38a4572ad80f", "comment": "Malware payload (Heodo)", "value": "b4fa2a5c4acb9dbdf4d75fb38871cbed6e1a3eae", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955954, "uuid": "a3fe4e78-cfc1-4f1c-88a4-76b3f27b235a", "comment": "Malware payload (Heodo)", "value": "da165553babde56d9275fc9bafe2e521b225e26ec4e30aeb683420411db5c6dafc93cfa4596cbbcd1d281350d8e28cdd", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955954, "uuid": "334fb0f7-3bab-4a02-9766-bfe04d3ac579", "value": "T143D41B017498F0B3E38918B04A858AFB724B5DB296117073F2ED378CA7725F15CE766A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955954, "uuid": "cd76e963-1f11-428b-b132-e2e22405d95a", "value": "b193e4975b360aaa9ff34a6f93823ae8", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955954, "uuid": "d2d645a5-151d-4d4d-a9ba-bdef49c35211", "value": "12288:pao0Se86lloPxHHVVIjqxEqRVoQmiIII999tLLLdAkkJoFLZZWbClgluPcRBATfd:AqxETMJ777u3OmONFqNJtN1v96TOAnR2", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647955954, "uuid": "c132468b-cfe0-4b5b-842a-b5bc1cb10c52", "value": 638976, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647955954, "uuid": "338539fe-9e52-41b2-8b96-f097c270836e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955954, "uuid": "66c282be-3d47-40be-a833-44bbb8c5dd4b", "value": "4659cf47f35d7602b335f8af9ca80ec08603c93c539aecf278f8ce592696fb1e", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "652ca438-a98f-11ec-9275-42010a9c0029", "comment": "Malware payload (Loki)", "timestamp": 1647919388, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647919388, "uuid": "4fc97006-ceea-4a0a-a728-f1721ac251db", "comment": "Malware payload (Loki)", "value": "389b88e8cd1459ab50e4ef6914b4674e", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647919388, "uuid": "1c81450d-8127-4529-b1bb-58733cc006ae", "comment": "Malware payload (Loki)", "value": "465a58c67b9c168e2a7d5a1ba3b7fb53bf439be8fdabf8b07ad8e03141aafc8c", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647919388, "uuid": "234a3154-45b1-4e0e-8476-16b8f202e1db", "comment": "Malware payload (Loki)", "value": "961ef4f329fee2eb24beae0b0f28e170fc1a8e9a", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647919388, "uuid": "3a06abaf-48d6-4a91-ab60-2eda060dcbe4", "comment": "Malware payload (Loki)", "value": "418ad6f6fe0d0c3e9e994954e220a73ab5373ccc5074a31b81313da576db549ca795606790c8b8b3c2f685530cbf7a44", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647919388, "uuid": "2b9f5906-ea76-4f18-812c-0d769191e52e", "value": "T1A844CF613760C832D19E18387925C3B15A3FB83255B59A43BB9A273E0FB17C2E2B5707", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647919388, "uuid": "f4b66b69-0de3-484d-9206-bf369c347fc1", "value": "67e4fe6a415d07af81753b9154f04b82", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647919388, "uuid": "60957293-e8d2-43a6-8bb7-723f9d4a3de6", "value": "3072:NhumhfdDbBJoRa+zfRd8ZUAht2cTPBwI85wu541TQ2B:HumVdx2RaofXGUApLuIy541L", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647919388, "uuid": "87c8314a-dd90-4e22-b750-fb2ed5780037", "value": 260096, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647919388, "uuid": "68607f5c-3351-44d1-87a3-479cec4d0d3d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647919388, "uuid": "60a68692-4b9a-47aa-bda0-8c34da8a938d", "value": "389b88e8cd1459ab50e4ef6914b4674e.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9aa1aa0b-a9e3-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647955555, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955555, "uuid": "a7f9ffab-669c-4444-bdd1-3cb69b159efa", "comment": "Malware payload (Heodo)", "value": "9b5ae35950c3eec7a43ecca8abe24067", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955555, "uuid": "4293be3e-9690-4dd5-a89e-256ee2043769", "comment": "Malware payload (Heodo)", "value": "469091b266bbf5b358a91b8609221604cd0f3a043f8343aa888d198af357243f", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955555, "uuid": "87fa4551-c2ae-4a41-b817-2205aee9aa14", "comment": "Malware payload (Heodo)", "value": "5c775dc945e8860b83d43ae2dc01397888d03315", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955555, "uuid": "90ae7682-2237-465e-a39e-3c87178ee64d", "comment": "Malware payload (Heodo)", "value": "fef37a3da4144d310bb0fbc1f18faf0ba60a026ef11e081000e1f163f2752f35ab022e7cca3d763b33ccdcbdfbc20ed8", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955555, "uuid": "a4bc1503-4ad3-481e-bcc4-395eb5bb38a5", "value": "T1C3D46B03BFD3F0F6C12F0F394505D608989A7AC6A62A45A3539C6BAFED770138D36652", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955555, "uuid": "a826788f-8e92-4eca-8cb3-aa1478660a8d", "value": "987fe31a9a4cd6eac4ce656a05c3724c", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955555, "uuid": "0cd39482-9b77-4d87-a0da-c6b9a747f978", "value": "12288:QXvRLpX4HMAus65rVxMxWXb6Sw5BxfmRgnI:Q/Rt4HMA+rVx2BlmeI", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647955555, "uuid": "32a298ac-8428-4d8a-a636-c7e92c9b0a9c", "value": 614400, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647955555, "uuid": "0c4d422f-a204-417f-b622-b5f888abe283", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955555, "uuid": "3ad9888d-e7cd-4aa8-9f91-4598e99e915a", "value": "469091b266bbf5b358a91b8609221604cd0f3a043f8343aa888d198af357243f", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "50b6a8d5-a9e2-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647955002, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955002, "uuid": "db09287e-ba39-4b85-b25c-7057716c8fc9", "comment": "Malware payload (Heodo)", "value": "beb321d17cef1199765c32f2d60bb9d7", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955002, "uuid": "dd31bcdb-f109-45be-8f95-a80d6aaec59f", "comment": "Malware payload (Heodo)", "value": "46a5b6d859733983a09711ceb1ef36587fdf54c445c124a55c0bad02b5eb71d8", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955002, "uuid": "b888d47d-8b94-4eda-8d2a-211db94d4127", "comment": "Malware payload (Heodo)", "value": "cce33dbf4fbdeef86b768b4b61780ed81b9f8e43", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955002, "uuid": "056caede-6ddd-426f-84c8-12d650b869c3", "comment": "Malware payload (Heodo)", "value": "85069d96b7c3720de38d55567333596a38746686cbd1c57da6a5f1499820abb601b500cd88368a65f2772f27d5dcbecf", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955002, "uuid": "77016410-17db-43a5-91bb-f22a0e14ec86", "value": "T1EFD45B11A5538073C7FB25F2CAF163B766DAAB91C72B452E02A8C07F7924E437752E21", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955002, "uuid": "05bcaa9d-a2f2-451f-9ded-a691b25e93d9", "value": "c7be10fff3b5624b64714e5733abbf40", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955002, "uuid": "35c72df2-7ed9-44db-aaba-7b503955a251", "value": "12288:UWBpwupxl0OeL/grxBGzO+r9AjCb/XKh:Psupxa/gQ2mbvKh", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647955002, "uuid": "3d4ed7df-a546-4344-8bb6-9c987281096d", "value": 599040, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647955002, "uuid": "88f65cf8-a109-400a-99fe-98042eac2d4e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955002, "uuid": "5e98be03-a427-4091-a924-60fb00c60c39", "value": "46a5b6d859733983a09711ceb1ef36587fdf54c445c124a55c0bad02b5eb71d8", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d615269d-a9e1-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647954796, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954796, "uuid": "3f726aaf-65ca-427b-80ae-06d1aed89a42", "comment": "Malware payload (Heodo)", "value": "0ca2b5b304cb1dd175462c0702423656", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954796, "uuid": "f7f83a24-5947-4e45-8eae-1c86a9296a3c", "comment": "Malware payload (Heodo)", "value": "470749e3f310bc3b89bb310f82223f91f441aa58c37ff7da3d68a34936442435", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954796, "uuid": "92f44272-ff85-4f68-8a02-4dc148b15aaa", "comment": "Malware payload (Heodo)", "value": "8eecf4eed70aa9c5c4f73fd6b738c21e9ce8047b", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954796, "uuid": "39bbfa3c-96ff-4033-a737-9d94ac3fc610", "comment": "Malware payload (Heodo)", "value": "c834f4b20709eeb1da49a8269e0e77bd9eb830532ac29210006c0ec5c00e1dfd34fa8bf640e761e29f59638ba942abc3", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954796, "uuid": "14b6a66b-ab13-483d-9d02-581dccc6aed4", "value": "T1F2B40706B152B13DC24BD0B96E0167A951AED9FD0BB137A3AFA813CC06A34D5735DBC2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954796, "uuid": "2b401ed3-0794-4003-ad1d-4237831c88c0", "value": "42fe0d732d1bb90c6a7a1bcfb8ef88aa", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954796, "uuid": "ab818228-18f3-493e-8c4e-22c3941343a0", "value": "12288:AASStHx1vVHO+1Hx54Ug0p9n4WNL7XE0UdX:ecHfv4qx5np9l7XE0", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647954796, "uuid": "5eea6ed8-aa30-45e5-8bcd-d016785ba45b", "value": 532480, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647954796, "uuid": "5ee018b9-571d-4139-affe-1728e6f33335", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954796, "uuid": "d94a5d50-0954-4258-994d-eec67f7ea2a6", "value": "470749e3f310bc3b89bb310f82223f91f441aa58c37ff7da3d68a34936442435", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9e0fb2d7-a97d-11ec-9275-42010a9c0029", "comment": "Malware payload (RedLineStealer)", "timestamp": 1647911752, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647911752, "uuid": "6f5ec268-d5e7-4f1f-98b7-fe9af52cf10d", "comment": "Malware payload (RedLineStealer)", "value": "1dcf4aed97e7d7069d71a774ff600085", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647911752, "uuid": "9606004a-bcfe-4acf-9639-3b1d7c81c322", "comment": "Malware payload (RedLineStealer)", "value": "47629b7ae33edf340d3dc932ebe7c175e9fee5191c718a85d269395f0ad69847", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647911752, "uuid": "c0364728-4ca6-4a61-a2f1-980aacdf653c", "comment": "Malware payload (RedLineStealer)", "value": "21071dca972ff835c963c65545ad5faceca5c687", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647911752, "uuid": "9b249c6e-1115-411b-a9a1-4a609c21a076", "comment": "Malware payload (RedLineStealer)", "value": "26ac5be033dbc310547e51586e6758bca4a96f8c727b946af5808757227b872cd942d7fe47c2e093bde8e4ad37f32498", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647911752, "uuid": "7b2a105b-80e3-4d8f-8885-7682a2f6c06f", "value": "T131B4933839FB5019F2B3EF75DAD87996DB5FB6632707E85D208003864A13A82DD8153E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647911752, "uuid": "68e92e3a-51ab-4575-86df-7f1c52389a32", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647911752, "uuid": "1a4dff35-f43f-4318-bf9f-d55737838ec2", "value": "6144:L0crz3rLmYZ7QA3+qG0cZxurQZIoW7r3DvKQdLpF5VjCXg:L0cvOYw0cvXZIoWvzvKQdLpF5VjCX", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647911752, "uuid": "556235d2-49ac-4207-b366-da30a35f382e", "value": 499200, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647911752, "uuid": "6db6a7c6-ccc0-476f-898c-fc95917c2dc7", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647911752, "uuid": "d93d501d-d148-449a-8b63-fcdcec5e06a6", "value": "41863620.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "119ba0c9-a9ea-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647958332, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958332, "uuid": "c4db6565-be4e-416a-b00c-34d0249987dc", "comment": "Malware payload (Heodo)", "value": "87a7a9731c78ba1b89fcb298eb9effc0", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958332, "uuid": "987d73c8-7761-42c2-9765-ed6fb9c15eb3", "comment": "Malware payload (Heodo)", "value": "479b2621123b04613f536623973af8372e1ccfca33b526bbc77c2055aee9a93e", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958332, "uuid": "4377dd7f-af9b-45f4-a0fb-34f5027a3cef", "comment": "Malware payload (Heodo)", "value": "5a1a0ed945519ca7ea07987d2adedc2e7eb4a0d6", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958332, "uuid": "1730cb5b-3448-4735-918c-6798b9e1ee1d", "comment": "Malware payload (Heodo)", "value": "85052836b4b775c202475524884b04dbc0ebaf66aa3a143a937f2ffc3f368136b402318b6d373b271fe4ac0c7c113a54", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958332, "uuid": "66bc3a5a-0be0-45b9-ae33-8d28578b8d1a", "value": "T182059C596B46C0F2C3B53CF0182A42B11D9AFAF2C7B7023B9E84167D9A70DC17768D5A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958332, "uuid": "5d9a5894-8b39-47a0-a7b5-6cfbf174beca", "value": "cd97bd977cef263c697f451ae2c47380", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958332, "uuid": "496dd890-5749-4751-a55d-71ebbb97cdd2", "value": "12288:V20BXOMcVzpWfmmnDDfX5P8fMYsvFE6NKGfLjx8QvbxafqNPOd4jy:V9XOMc1KmmDDX6svFEDGloyNPOO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647958332, "uuid": "7a8536cb-141f-44aa-bcbe-9843db909067", "value": 799232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647958332, "uuid": "051af7c6-daff-4f68-9d1e-00f8c25883f5", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958332, "uuid": "9ee5121c-b76e-42a8-b24e-67387c69984e", "value": "479b2621123b04613f536623973af8372e1ccfca33b526bbc77c2055aee9a93e", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "19d32019-a9e4-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647955769, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955769, "uuid": "bd47506c-60fa-4d2f-9f62-b1bb89187d51", "comment": "Malware payload (Heodo)", "value": "0ec8bb400d0d144f94c61f6fda922da7", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955769, "uuid": "8a591694-275b-4c26-97f6-9304a580329b", "comment": "Malware payload (Heodo)", "value": "47ec9f777db59f61220e439e44e7a8ba500a0acecb59696c81eee2a25e16d242", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955769, "uuid": "5d06be2d-68d5-4d3d-b211-ac7c21dc703b", "comment": "Malware payload (Heodo)", "value": "e7c4b9ae5b6cc242e838bd4e3f532969897da0b7", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955769, "uuid": "4998c4fb-8763-4739-8f64-f0172b35f33e", "comment": "Malware payload (Heodo)", "value": "2dcf1aaf66f38bb62a43981ff962a9cef2593ea0862426ea798f63663508c28e9593151bd4794528a41c8f89a14c0989", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955769, "uuid": "5d5b5039-dc40-4e44-ba7a-a3b7f186fb2d", "value": "T1A3D41A30BD5BF0F8C48A1BF46A05CA59620B7EA05625B0A372EE774D6F321334D39796", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955769, "uuid": "e572b3d8-1903-4585-a24b-cd471ffdfb40", "value": "b193e4975b360aaa9ff34a6f93823ae8", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955769, "uuid": "41108bd9-218c-4a72-9f07-c14afcfc5872", "value": "12288:ZxpNJJJ2NHPoczJkOtIhxf3foRXIa5EPwvA:Zx2gczJkFf3fnaFvA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647955769, "uuid": "51ac51f7-36cb-4baa-b7d7-4940dc14967d", "value": 618496, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647955769, "uuid": "6b3442dc-20f1-42ad-a6a5-d1cfa8a76ceb", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955769, "uuid": "97256edf-25b2-4520-aa0f-942179f57286", "value": "47ec9f777db59f61220e439e44e7a8ba500a0acecb59696c81eee2a25e16d242", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c93e2ef1-a9e2-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647955204, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955204, "uuid": "6400192f-6b9e-4d3d-a2e8-6fc0515bea66", "comment": "Malware payload (Heodo)", "value": "0d449f9b5f44a22d44c1d1baa4d82a1a", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955204, "uuid": "086f450e-f9ca-41a8-a601-6f2e0fb70bbc", "comment": "Malware payload (Heodo)", "value": "47ff535cf26fbe8d9d02b06b9eacb519529c660a9b5f93f76efd0efc21d376a6", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955204, "uuid": "880a7ddb-6e05-4490-afef-83290b183446", "comment": "Malware payload (Heodo)", "value": "25cd44cfdd5982e76d0161179c2c499c8a6c1577", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955204, "uuid": "4a7d83c2-7a50-4b58-a91f-28a7e8b74114", "comment": "Malware payload (Heodo)", "value": "3f53df2b16a7bfc5d2c6be7a0866290e63503eb33a98c3a45dc465213c0631eef9abb548077261084191fee6954cccd4", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955204, "uuid": "8dc9a1e0-d795-404e-a4be-6689b255b3a9", "value": "T105D41950735AE1B7D0429CB58D1A82B5A90F6CA14A2471F3BBDE371DEB789B017213CB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955204, "uuid": "6742ad13-6ea0-4591-9b83-b2cf06f425e7", "value": "463401f61c44b0d918f1e23374db995b", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955204, "uuid": "0bfe04c9-0a85-4c8a-ab70-ae14b60eab8f", "value": "12288:DjN/Z2wkRrA9CRDCnElAjHDsndSyHOrNvEP0Oua:dEHR+CR5yfsMyHOpJL", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647955204, "uuid": "76243e28-a671-4ac4-b19e-5e65fef062c0", "value": 613888, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647955204, "uuid": "8e83bcd9-53a5-4a5d-ae8b-4cd76b0fe313", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955204, "uuid": "d598733a-d5ad-4a44-ba01-1e8fdfab3c90", "value": "47ff535cf26fbe8d9d02b06b9eacb519529c660a9b5f93f76efd0efc21d376a6", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "694cc5a4-aa10-11ec-9275-42010a9c0029", "comment": "Malware payload (RaccoonStealer)", "timestamp": 1647974800, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647974800, "uuid": "14dc531c-4ab5-4d63-9024-8d0cb79ce1d0", "comment": "Malware payload (RaccoonStealer)", "value": "29b19294b1cf91992c1ae35cdfbbf4a3", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647974800, "uuid": "fd896aa5-ae96-410e-a60c-c5ec3acfb3b9", "comment": "Malware payload (RaccoonStealer)", "value": "48160a7b32d933414246f5e2143e4921b27961588e07a56b98df65161b40377c", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647974800, "uuid": "0799216d-9d9f-4642-9d00-8424d8fee878", "comment": "Malware payload (RaccoonStealer)", "value": "79c65030eafbede79e32a26c6d2dcd268d2582c2", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647974800, "uuid": "e4529f36-27d6-41c6-9d34-5e3fff83f812", "comment": "Malware payload (RaccoonStealer)", "value": "761ba43b4a2c732dce7cfcf47be7770a9791f5036845bca3851c045283e38673e4d415142b2597f8bb2d4af173fd58ca", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647974800, "uuid": "569c860a-ba17-46e8-92a6-d01e2c87a28b", "value": "T1BCB412263910C436C86A51705E16C4B59B7E79320673894B3B5A136EEF713C1BBBB32B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647974800, "uuid": "d025c703-ec34-4797-816e-3e24d08f4054", "value": "b2c50fda1c88b7378f90a6c676430aca", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647974800, "uuid": "ed435693-6831-445f-8fcf-d413c33f201e", "value": "6144:xT1d0kJwjtE5eBHalu+9MKbihwpA7iA9jGU2ls0p4N/XSlVFhKmpWq1rrd:x5d0kKmEOVihwa7iA9jcs0p4grLxr", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647974800, "uuid": "0a5d7672-8fc0-49e3-92bc-8784831044b5", "value": 536064, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647974800, "uuid": "3b36a6e8-97d7-4faf-981a-ffac0e946e6a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647974800, "uuid": "f05ae64d-b0ae-4747-99ef-495d76c3631a", "value": "29b19294b1cf91992c1ae35cdfbbf4a3.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b4097c0f-a9ed-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647959893, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959893, "uuid": "cd1685a8-7a03-40c5-9d8c-fa68a4de2bdd", "comment": "Malware payload (Heodo)", "value": "5fabc5ef6bd45308d880322e8f8e9b81", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959893, "uuid": "7d6e1d93-e479-4bf8-bad5-0e237b16a2cb", "comment": "Malware payload (Heodo)", "value": "482cd31a4cec7776230540daa7197bfb09efea57f36b9038e0f0bab9bf0e0146", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959893, "uuid": "20ebb2a1-16f7-402d-9bb0-11d0133b6422", "comment": "Malware payload (Heodo)", "value": "1199d481fd461f8bb36f7501935a5073c60762ab", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959893, "uuid": "f1796dce-0eac-4844-84da-640167264791", "comment": "Malware payload (Heodo)", "value": "d90bd74dbc66df7e3acdd3a47bc5ad5f34b8b158215b743b0060e3610a8baf7fbd926511d31eed69823c6aac8728eb26", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959893, "uuid": "9ef08a68-2459-44ec-84ba-d19c2942bfc3", "value": "T113B4194F1E989172F0CF28776C22FB65F1EBB8009319B8116EA81B4CFB25B715961D4E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959893, "uuid": "52c368e3-e6a5-491a-91a7-4663639d8282", "value": "ea66334e3c2bfce2838f2a75dde8dc63", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959893, "uuid": "737f6c61-4c1d-48c3-9330-6297aeeb3527", "value": "6144:8JZToYE666spbEgoZhZO1twI+rB7FNXtwN2B5mq8dbSNQ7dqNThMx:8v/goZoQlF/wN2PmBzdqNTWx", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647959893, "uuid": "7293afff-a4e9-4188-8b46-e622e558ce1f", "value": 516096, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647959893, "uuid": "962fa4b8-231b-4cfd-b457-06bc641bc1c6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959893, "uuid": "b05f63c6-357b-4caf-aff8-e4b631062fac", "value": "482cd31a4cec7776230540daa7197bfb09efea57f36b9038e0f0bab9bf0e0146", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "843aa431-a9e0-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647954229, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954229, "uuid": "331a54b9-1a70-4078-851a-d0b735d07425", "comment": "Malware payload (Heodo)", "value": "1701ca4bcab165170097f11912293112", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954229, "uuid": "e84cf859-7461-4b46-ae8b-f38f9231527e", "comment": "Malware payload (Heodo)", "value": "486bf5b303f865f8645397a8259ce2eb25317adca53138b2febcf36002759e2e", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954229, "uuid": "203003c5-d03f-4b65-ba26-e8a5fbac403b", "comment": "Malware payload (Heodo)", "value": "334df839259294dad89b01423e2987b211f5cf27", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954229, "uuid": "d991f6aa-beeb-4a32-9db6-9e7c21d1a358", "comment": "Malware payload (Heodo)", "value": "5bbdf46dd411379da2162cfcf37c4887900433467d930068720a51322f0e1df09d48dbfde1477427f16dc0b27c388518", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954229, "uuid": "01665e0c-aa6b-44fa-84a6-deba524b6bd5", "value": "T1F425AE223AD5C07BE2AF16760506E76E62F5FD304B2586C36FD11BAE6E345C29739302", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954229, "uuid": "3e47994d-3d66-41ef-85af-cae36ad64a87", "value": "c43d7d6aae03def404d4e73d7d3f62eb", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954229, "uuid": "314a94de-df4b-4a09-96ee-53114c80c006", "value": "12288:+LDlVD0Fj+g1dEJgcIzQHBKeWZlQZ5tFjNRLU:Ci6fgcIcHB8ZabLU", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647954229, "uuid": "8ac5640a-fdee-410f-9040-6c8efb684673", "value": 1028096, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647954229, "uuid": "262c4d34-2bd4-460a-bf91-c70814de91ab", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954229, "uuid": "82359c38-821d-48f5-b474-add4efe62a84", "value": "486bf5b303f865f8645397a8259ce2eb25317adca53138b2febcf36002759e2e", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "588ad78b-a9b6-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1647936117, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647936117, "uuid": "ae32f677-245a-4f14-8953-65ad694d7952", "comment": "Malware payload (Mirai)", "value": "b192e22750eb1b74273c12d73cd67e75", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647936117, "uuid": "de7d908f-2209-4cb2-88b0-94579b9ad927", "comment": "Malware payload (Mirai)", "value": "489987115b114ee62ca06170c9352d29234af84ae2b30b225a3677fe6797f506", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647936117, "uuid": "92751b04-254f-4b59-8dd5-d32fa56c9d04", "comment": "Malware payload (Mirai)", "value": "b68350f364c755aa87c9e1204dff7bf64872b3f5", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647936117, "uuid": "486d6267-7b1d-48e7-8203-d4582074c0d7", "comment": "Malware payload (Mirai)", "value": "094ae792299f371780d9b7cfb31634e7b55bf4d6c1c5bf90aebca84912c860179707a2fd4d85f3018c36d5f646c9c653", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647936117, "uuid": "6a5d0649-a6cf-4bce-b1d4-e132d3056ffe", "value": "T121E34C46EA418F03C0D62776BAAF424A33239754E3DB33069D28ABB43F8775E4E67505", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647936117, "uuid": "0cbdfc2b-f70d-419f-8532-8793fedee159", "value": "3072:0Krw///AVg45ac18jm4bLX9W1oL6OkpVM/95Sf:n8Gr5ac18jmOLGk6OkzM/9If", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647936117, "uuid": "93ea7c94-23cf-4a36-8562-90b47e385dd8", "value": 156163, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647936117, "uuid": "69df18a5-10b5-4ea2-a7c0-7cf7c271d639", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647936117, "uuid": "3b57347b-0cc2-4ad4-9d52-a58c04c08b75", "value": "b192e22750eb1b74273c12d73cd67e75", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2611df59-a9f0-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1647960943, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647960943, "uuid": "1e40e545-083a-4381-87f4-8dd05642d77f", "comment": "Malware payload", "value": "c1f39c0b60ddf78da94b5ee7231dfe58", "object_relation": "md5", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647960943, "uuid": "915fa90b-d828-4eee-9ef5-64864725c271", "comment": "Malware payload", "value": "48a35d8cff0fe7e815f69169ab8014767ecc307ac03f55110c47c7ed0185fe56", "object_relation": "sha256", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647960943, "uuid": "04f92ec2-b06f-4a07-9807-1bc35189a3c5", "comment": "Malware payload", "value": "f415bcfe0db7e8f82cd7a12beb8e45e55c127126", "object_relation": "sha1", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647960943, "uuid": "b80c573a-e345-4e4d-9ee7-897640880eec", "comment": "Malware payload", "value": "added0fdcba57f846fcbf5810299723eed937cd9b0e402f58c239172a1d0d6808265c3fd2e991252e0c899067ebc80fa", "object_relation": "sha3-384", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647960943, "uuid": "d73f16ab-1df9-4c70-82ee-af18f00c6474", "value": "T15B326D786D992921F65B8E36DD1FFFA48536F0E762D62E8203ADE0F014F21A0572690C", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647960943, "uuid": "036358fb-bccb-465b-9ecd-9932c498f394", "value": "192:XjRkXe7k8BL4htbGy4tAT0jWEHWhM7o7z9Riy5DeAVRD1fOaH2:XjRGe7kQkjz4OjdDRpsA3hOaH2", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647960943, "uuid": "44de99de-7e76-4027-a9fc-d68a53553827", "value": 11309, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647960943, "uuid": "704325eb-b59a-46c2-a467-9e190f42f509", "value": "text/rtf", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647960943, "uuid": "9a6905c5-81c1-46f6-82fc-fb79d50629fa", "value": "doc.doc", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7d07086d-aa3b-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1647993301, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647993301, "uuid": "f91fcbf1-fc3f-4c7c-988b-7f3ccca847d6", "comment": "Malware payload (Mirai)", "value": "73a92dcdd0110f28fbf404323751ae5c", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647993301, "uuid": "efff6bec-cc3a-4b96-bbd6-75a3eef7ef0d", "comment": "Malware payload (Mirai)", "value": "48ba24ffc1188781209860a6d9d2a0be0acdc5d41721198e5449dde015b8d727", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647993301, "uuid": "155bb635-460a-4425-bb1a-8d8dd0bd25ad", "comment": "Malware payload (Mirai)", "value": "a2aa80a42674dbf604c34fb2eb05612ea4b0d822", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647993301, "uuid": "3a15339f-fe7d-442a-9c54-fdde411723e2", "comment": "Malware payload (Mirai)", "value": "d75cefacdb6ebbea5adaed9c6d51e1d53a2d471699afe53f06e6111b140d5597fb48d912a9f1b94b58295d2b873c1bec", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647993301, "uuid": "e7cbd01a-7f3d-46ed-b954-3a28cfb4cc9c", "value": "T16CD2E1016641FEE1C5B00232E9678A9B72267D79C1D234FB963C0EF8A6EDA1D47F4943", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647993301, "uuid": "9ca296aa-a167-4139-b9d5-2604d3735a36", "value": "768:vusHfRavjynNKnjFcZIhQzhKMXg+9q3UEL7S:HRwynNIOQQ1KMwjLW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647993301, "uuid": "61336efe-12a4-4c86-b742-84ff8f52bdf8", "value": 29464, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647993301, "uuid": "75a3e59b-0e2b-4025-afde-635da882303d", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647993301, "uuid": "cc6e900c-8faa-4c8a-a38c-5aac9cf8d51a", "value": "73a92dcdd0110f28fbf404323751ae5c", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5f91113c-aa14-11ec-9275-42010a9c0029", "comment": "Malware payload (RedLineStealer)", "timestamp": 1647976502, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647976502, "uuid": "9bdf8cb3-b379-45a6-a557-19809a5b1285", "comment": "Malware payload (RedLineStealer)", "value": "09953ed7c0c38a496756db0c5588a2c7", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647976502, "uuid": "08c9268f-704a-4bcd-bf10-4c6c939337d4", "comment": "Malware payload (RedLineStealer)", "value": "48f3b3d6cd23447c8a1e07dac59d920a08be8e7d129320f8dbd180a905a95f87", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647976502, "uuid": "025b1b20-3566-4353-b71d-8706b68e1f39", "comment": "Malware payload (RedLineStealer)", "value": "bb9ad48377ebe8621743abdc21a9de69a6136459", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647976502, "uuid": "54c14c70-4509-4452-8e62-3abd117c8a62", "comment": "Malware payload (RedLineStealer)", "value": "105478ed2dd10a79ee416b923abfd01b5cbc0344a37a1c2e04a288c344f0e4c17581623514c4cc0a6c854ab11d7db529", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647976502, "uuid": "94b7b10c-c776-41d2-8be8-b27013d34527", "value": "T141B4C53439FB9019F1B3AF75DAD4759ADB9EBB63360BD84D208103874A03B82DD9153A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647976502, "uuid": "8fc28474-779f-45db-b40c-be7cde10c84e", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647976502, "uuid": "6edfec08-c848-48c1-8750-1d5b9cd8456a", "value": "6144:S9rJ4CIwWxvYjl0Vr31m2TKhwc7cfkf8e5cfD1T3aiLvsBdatULC8ZDKRHX9o3Ql:4F4CAe5UD1TqGNCC8ARHXW3QD1t112Y", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647976502, "uuid": "1c54cd75-cd08-462e-b459-e9ee85426fa9", "value": 498176, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647976502, "uuid": "36fa1ff8-2396-4d30-8608-ee75ad84b96c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647976502, "uuid": "eb8a15b5-ea9a-4272-bc56-c0f006a37416", "value": "50688766.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8fb5c635-a9ea-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647958544, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958544, "uuid": "c9c6356b-aa6d-4d77-b2a4-5977125130b2", "comment": "Malware payload (Heodo)", "value": "50b9cd31ca4943f4c3bbcc21cf814a42", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958544, "uuid": "99b0c534-93c9-4f74-869b-23d248baae3c", "comment": "Malware payload (Heodo)", "value": "492135f5d0921481a479090f732e330f2fa7513a112875bb8314996fbb437d3f", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958544, "uuid": "0b7a18c3-8d41-46b5-af19-728ef743026b", "comment": "Malware payload (Heodo)", "value": "80914cc5af3d1d2702f85ea990d8977287f79907", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958544, "uuid": "a4ce509a-da22-4e94-8fd7-5db50692363c", "comment": "Malware payload (Heodo)", "value": "6437fd817670873fde3ff2ae599bb8a20d3b78b3c81a71c42b314179d4e71e2e3e6df9af96fceb686e7f708f0d30de39", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958544, "uuid": "f64e2c28-6561-47d2-a5f4-3e6c1cc08158", "value": "T178059C596B46C0F2C3B53CF0182A42B11D9AFAF2C7B7023B9E84167D9A70DC17768D5A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958544, "uuid": "1aa48208-8c63-4995-917a-529d13cdfcf9", "value": "cd97bd977cef263c697f451ae2c47380", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958544, "uuid": "32fcf6ab-f55c-4d97-b35b-44ba081e53fa", "value": "12288:V20BXOMcVzpWfmmnDDtX5P8fMYsvFE6NKGfLjx8QvbxafqNPOd4jy:V9XOMc1KmmDhX6svFEDGloyNPOO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647958544, "uuid": "e54c55a6-e1e4-4459-bc95-29cc74944245", "value": 799232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647958544, "uuid": "11ecc635-a901-4957-8e82-08343133b919", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958544, "uuid": "2628bbf3-1c64-4bb8-ad0c-41b929b610b7", "value": "492135f5d0921481a479090f732e330f2fa7513a112875bb8314996fbb437d3f", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f3518da9-a9e2-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647955275, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955275, "uuid": "e6e3d055-1360-4cfa-abb3-db2beaaa87eb", "comment": "Malware payload (Heodo)", "value": "14016761c235dbdac491d3ba9b3b58e1", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955275, "uuid": "949333f4-42e9-45e8-ab9f-561b6e4f22bc", "comment": "Malware payload (Heodo)", "value": "4947da3029b56c2569d5306cf698c22b7e7bb2022c994d540e95bf31e22aab9a", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955275, "uuid": "83bd7330-065c-4c99-9513-d34885e1ae0a", "comment": "Malware payload (Heodo)", "value": "ef994ae70bc60c8d59ef0020f937c346666c6bac", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955275, "uuid": "e04efc67-e9a2-414f-b5b3-69e069e7a8fe", "comment": "Malware payload (Heodo)", "value": "2d0145bca2454c63ce0f0d642832748939d35ece26e508e22a1c6cf4d30b5fd914b9065b60339b45a48f2c4c6e019cd4", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955275, "uuid": "5153231c-06e5-49a1-aaa4-6c12545c40a9", "value": "T163D41950735AE1B7D0429CB58D1A82B5A90F6CA14A2471F3BBDE371DEB789B017213CB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955275, "uuid": "16be2a51-4729-48a5-9382-4c413a1742e6", "value": "463401f61c44b0d918f1e23374db995b", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955275, "uuid": "b47d02ec-f9a0-4549-8cd1-0ff3eddb2cb3", "value": "12288:DjN/Z2wkRrA9CRDChElAjHDsndSyHOrNvEP0Oua:dEHR+CR3yfsMyHOpJL", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647955275, "uuid": "3d72b826-7ec0-4a4d-bc13-eaf525ca3df4", "value": 613888, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647955275, "uuid": "f28375bd-b4b9-4b62-9c0c-8448cbeac4d6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955275, "uuid": "6981ae66-f2e7-486c-97f4-ae6d952767c6", "value": "4947da3029b56c2569d5306cf698c22b7e7bb2022c994d540e95bf31e22aab9a", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4cba317c-a9ea-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647958431, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958431, "uuid": "e121afee-ed2a-4376-a0f0-5fe11dfbc86a", "comment": "Malware payload (Heodo)", "value": "9da711de900f7fbcd7d9bea22553ecf8", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958431, "uuid": "25fe9b9e-ee38-4f2a-bc32-31c0963d2e3e", "comment": "Malware payload (Heodo)", "value": "4952b935a78ba3ec922b72907d08f8830a5b18971e6a3a165c5f075841eb585e", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958431, "uuid": "1265d386-5be6-4d24-ac28-eadd323ca6f7", "comment": "Malware payload (Heodo)", "value": "77bcf2cd762108073f3e8c1ad889d147bb2d9495", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958431, "uuid": "66d731c1-1063-477b-883f-a35482d5171a", "comment": "Malware payload (Heodo)", "value": "b5d47a881abb05e3ed828ac6c93d727b752b3cdea78cf6d89f2fb7d01d10b2a072bd55ecbac5a2b22debb0835bcc5fb8", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958431, "uuid": "9102e180-d70d-4064-bc1b-08f2e61e4d70", "value": "T1E6059C596B46C0F2C3B53CF0182A42B11D9AFAF2C7B7023B9E84167D9A70DC17768D5A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958431, "uuid": "088690fa-2e71-4d8c-a5be-a1da7138f4b5", "value": "cd97bd977cef263c697f451ae2c47380", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958431, "uuid": "53b7af16-abc1-4f91-ad21-b87e56dfe62d", "value": "12288:V20BXOMcVzpWfmmnDDMX5P8fMYsvFE6NKGfLjx8QvbxafqNPOd4jy:V9XOMc1KmmDgX6svFEDGloyNPOO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647958431, "uuid": "d020450d-1578-49c5-b44f-315c6a92c54e", "value": 799232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647958431, "uuid": "8864028f-3a91-4832-a340-988541de042a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958431, "uuid": "ffee60c6-a7d7-4357-bf34-deb0468df98a", "value": "4952b935a78ba3ec922b72907d08f8830a5b18971e6a3a165c5f075841eb585e", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "db5928cc-a9ed-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647959959, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959959, "uuid": "95ec0e52-2327-404a-8277-afe2456a6978", "comment": "Malware payload (Heodo)", "value": "ccea213d9e328b51d97a13ac843dd0e5", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959959, "uuid": "58b0c7c4-3fe0-410e-aa59-0567c88714a1", "comment": "Malware payload (Heodo)", "value": "496672b63f8f4ecfb8eb0034a7ed4122e1ffd9827a202158562793e1c0317305", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959959, "uuid": "9a8b0bf2-9758-47ce-8841-e079c8eaa6a2", "comment": "Malware payload (Heodo)", "value": "0138b0b2c1d2647154ac404621fe990cb95479ef", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959959, "uuid": "703b7cf8-a7f0-41c3-8f81-b6366a9a9b88", "comment": "Malware payload (Heodo)", "value": "350bdca05a455362f56a172551fc5f5d1d897443546a5623dc6172accc0061212d17016c72ca462f1fbce4670088c8c0", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959959, "uuid": "7924646d-9223-48ff-bb09-a1fbe12b7164", "value": "T192B4194F1E989172F0CF28776C22FB65F1EBB8009319B8116EA81B4CFB25B715961D4E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959959, "uuid": "be68597f-281d-444c-87cc-5d03b62ebe16", "value": "ea66334e3c2bfce2838f2a75dde8dc63", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959959, "uuid": "82a109e2-f74a-467c-947d-a762c865e11e", "value": "6144:8JZToYE666spbEgoZhZO1tvI+rB7FNXtwN2B5mq8dbSNQ7dqNThMx:8v/goZojlF/wN2PmBzdqNTWx", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647959959, "uuid": "2388313f-8cf3-4a09-b793-54398b0ad59f", "value": 516096, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647959959, "uuid": "1bd7d88e-65aa-46fd-b76f-0255d53665fc", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959959, "uuid": "4df82b3d-628d-4f83-89b0-2048257a087d", "value": "496672b63f8f4ecfb8eb0034a7ed4122e1ffd9827a202158562793e1c0317305", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c6318a6d-a9ed-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647959923, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959923, "uuid": "873deaa4-b221-4195-88a9-f47fb4901efe", "comment": "Malware payload (Heodo)", "value": "e207d5cd0cb85172404f8debabcc3b1c", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959923, "uuid": "19093538-f19b-4d39-a673-049644885b64", "comment": "Malware payload (Heodo)", "value": "4989a5b8bb381c341f5df6e4fac63b66881d0d31f90c17e98d53b2e32b7cf0fc", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959923, "uuid": "316d8e3e-126d-4d96-a5e2-c8acc27dd031", "comment": "Malware payload (Heodo)", "value": "452fc74fe98e1fc6accadc07dfdaf07a3d8396ea", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959923, "uuid": "6ae02782-32cf-4340-bcde-b9693715f71c", "comment": "Malware payload (Heodo)", "value": "8dd1ce20cf001f0ab28a4f92c5fa2979733b33a034daac3386dba32b981fd8921247312498d7c1b09503363aa1c348ff", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959923, "uuid": "2cc78008-58ba-44d3-9097-a1cd69a7be8c", "value": "T12CB4194F1E989172F0CF28776C22FB65F1EBB8009319B8116EA81B4CFB25B715961D4E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959923, "uuid": "583bc822-35a3-403d-96e0-c4e24bcedfcd", "value": "ea66334e3c2bfce2838f2a75dde8dc63", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959923, "uuid": "b0891879-2239-4fb5-ba86-d39e04bc39d2", "value": "6144:8JZToYE666spbEgoZhZO1tWI+rB7FNXtwN2B5mq8dbSNQ7dqNThMx:8v/goZoSlF/wN2PmBzdqNTWx", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647959923, "uuid": "fcce8b64-711f-4f37-b5bd-94770e40b56d", "value": 516096, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647959923, "uuid": "1a1beb13-3a58-4542-a750-1bacfc66d584", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959923, "uuid": "162eab7e-574b-48de-a9f6-67b85a553bd3", "value": "4989a5b8bb381c341f5df6e4fac63b66881d0d31f90c17e98d53b2e32b7cf0fc", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "469e4240-a9ec-11ec-9275-42010a9c0029", "comment": "Malware payload (RedLineStealer)", "timestamp": 1647959280, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959280, "uuid": "48f38a10-b8f3-45b5-a38a-e5c02c735216", "comment": "Malware payload (RedLineStealer)", "value": "d7dd16275ea95651a57f92328a801047", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959280, "uuid": "78d0f8d0-59ab-4cc9-9064-0ce2725a4f71", "comment": "Malware payload (RedLineStealer)", "value": "49d0d2a3b58255fd7c36dacc34c5ef977187f2e1ecc8cfd4cf0e35c47824fa8b", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959280, "uuid": "a099a63f-5fb3-4247-adf6-1e09af983077", "comment": "Malware payload (RedLineStealer)", "value": "2d2be23a1c647b323363668a3e99c9a5c80bfa13", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959280, "uuid": "9137a080-d632-42cd-bce2-12faf4408840", "comment": "Malware payload (RedLineStealer)", "value": "85af49e4f3d5e06ac3b97a652c4187964d1c84dd659a847ce82da5b4563fd6bdb0c675b4b40de9836ae1ab2b99b47976", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959280, "uuid": "b3ac5eaa-9499-4572-a58d-bdbb824bb81c", "value": "T176D6233FB228663FC8AB4B3255B39250597BBB68780A8C1F57F0045CCF6A4611F3BA55", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959280, "uuid": "6d024891-ab11-42c1-a5f3-d01e32118dd5", "value": "5a594319a0d69dbc452e748bcf05892e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959280, "uuid": "6e5a96a9-4655-4d37-a2c5-4030693e34b0", "value": "393216:9YmeOK4FMnddNtIMAMXHS2+zLFJ9FNucBo2vPCh:9Ymq7rNtIM/aXZFNucBo2nCh", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647959280, "uuid": "8ca6ea67-f8f1-4102-8cff-b3cb870d5cc7", "value": 13534821, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647959280, "uuid": "2b6f6856-c84e-47be-8f7a-7b1c8d49d4b6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959280, "uuid": "b6b3e6fc-137c-4fea-89b0-e5f81e27f322", "value": "49D0D2A3B58255FD7C36DACC34C5EF977187F2E1ECC8C.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d49f527b-a9e2-11ec-9275-42010a9c0029", "comment": "Malware payload (Formbook)", "timestamp": 1647955223, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955223, "uuid": "840b425c-eee0-40ef-9664-e1d34350b4f7", "comment": "Malware payload (Formbook)", "value": "d3736c55f004b615011208d102cf8d69", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955223, "uuid": "c9bb3aac-30a1-4e17-a94b-54c44aee77d7", "comment": "Malware payload (Formbook)", "value": "4a0fe18ddc4a8fe8d8bbd7b6220c5fc55b51d7611e1996829e889cddf233c0a8", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955223, "uuid": "ff3a2d56-43d4-4757-a2c3-365bf51a9a12", "comment": "Malware payload (Formbook)", "value": "c170b42b6dd3d9ddd6d198201ee8bd6f44bcea92", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955223, "uuid": "0cc37275-1606-4717-89c3-d9bc6e58f96c", "comment": "Malware payload (Formbook)", "value": "a348b8394ef9c410f0fe9748b0a1c8b0cbda5d0b2fd8a4cce18daa23d21ce7b13468531eed8be9f951d1b7f4e1107b5b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955223, "uuid": "26a5e118-ee8c-49da-9cdf-e6a1a4f29589", "value": "T1F734125FA5C1C9B7C8A0AB3206F3A378DEB5DEF001680DB75B450F6539B61C7011BAA9", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955223, "uuid": "185d32c2-a55e-4ab2-a98e-a83a0ab50d97", "value": "7fa974366048f9c551ef45714595665e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955223, "uuid": "a9fdad51-f519-4c8c-b3f0-b98cb608aafe", "value": "6144:rGi16L1KBCoLCYKK3l2vrEMrU69moNmLZ8sRxA:YL14CouK3EJ79mzZvRxA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647955223, "uuid": "9482ae1a-4ff1-4fae-a119-c0dd89d0c803", "value": 246226, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647955223, "uuid": "21b6fbbb-1d7e-48d5-b875-2d8d84f77a48", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955223, "uuid": "acbdec08-3f7a-41ab-a3a1-6d88e5b9219d", "value": "Editing Remittance Copy.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4cf6fa35-aa05-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1647970028, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647970028, "uuid": "6fca5b67-4c83-4519-9589-cfa9316ba67a", "comment": "Malware payload", "value": "1c3e72af7df13ac844fb88b7ec12a594", "object_relation": "md5", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647970028, "uuid": "8c091dcc-d1ed-483a-8e56-647830f3ed00", "comment": "Malware payload", "value": "4a2ef1275bc990de685f884d4f707a2d6ce6a759aee9939dc0ec89faa95f1dff", "object_relation": "sha256", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647970028, "uuid": "b967641c-7e77-43b5-96cb-b697f3e8e527", "comment": "Malware payload", "value": "0ee218b82bced448ebdb0b0f44a17b85bad0dc04", "object_relation": "sha1", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647970028, "uuid": "b40a0fef-0d4b-438e-a8e2-6e7c17a21890", "comment": "Malware payload", "value": "f4e81cd53409d033d63bf795fe3c0d72d4fede547ab124df652d9bbe20f2fa0dea2b8ebb9a544ca50b236643925c368a", "object_relation": "sha3-384", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647970028, "uuid": "8174744c-9f8f-4668-b07d-06767791058d", "value": "T13E04F19676A9D432E253553249D3EBF737A4FCC90D89C28B33493F2EAE761649603381", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647970028, "uuid": "010cd88e-18a2-4d22-bf77-901e76523280", "value": "1536:Nzr6SnF20a1RRIAIjaFXw9zJx93dIT0VYpYA7K52z6eh3lBuKjg3d/Qdf3UTvsgQ:dTIsApFXmP93+T0VY+b66+6KS350npI", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647970028, "uuid": "8f3113c7-6de6-4bd0-b98a-98c32f62173c", "value": 183808, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647970028, "uuid": "083bd07b-b970-4201-b92a-9ba4b07ee50f", "value": "application/msword", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647970028, "uuid": "83e1b225-1a47-4076-843e-165f824ebdd3", "value": "Comprobante de Pago.doc", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2469fae9-a9e9-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647957934, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957934, "uuid": "c4ba4bd5-bed0-41cf-b2ad-36178edb2a82", "comment": "Malware payload (Heodo)", "value": "f1162356ffef4e09823ab466651726d6", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957934, "uuid": "dc0de006-f2cd-4a35-b82f-35ee306f9e66", "comment": "Malware payload (Heodo)", "value": "4a35b51b0ef625a15c8e17ec5bc8621144ae6bc68ee3ae5f90c6114f81ec1e7b", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957934, "uuid": "73283b58-6d0d-438f-a8b8-9e1f8c745dc2", "comment": "Malware payload (Heodo)", "value": "dbc7202e273a7b3add4533b843e478c9bbe15264", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957934, "uuid": "56e0fa29-cfb9-4ddc-8d4c-c94f1d779e8f", "comment": "Malware payload (Heodo)", "value": "c0c12648630e5a29ff3d4277c7d98c4e6840ce63c4f44411a18fa7292e89f175c442a8e273d85b7a6312c1837039d441", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957934, "uuid": "e8f9a51e-a493-4abb-b6bb-d02db9812892", "value": "T11E059C596B46C0F2C3B53CF0182A42B11D9AFAF2C7B7023B9E84167D9A70DC17768D5A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957934, "uuid": "98acb381-bfdf-4478-84c8-d7342893b6a1", "value": "cd97bd977cef263c697f451ae2c47380", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957934, "uuid": "a45bee6a-fea3-47f1-bdbd-4a6b3ffbfe64", "value": "12288:V20BXOMcVzpWfmmnDDsX5P8fMYsvFE6NKGfLjx8QvbxafqNPOd4jy:V9XOMc1KmmDgX6svFEDGloyNPOO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647957934, "uuid": "6f6312a7-cef5-4318-b665-2ce94a6e5f44", "value": 799232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647957934, "uuid": "f7959330-2ec0-4cfc-977c-0d1e5fdfbfc8", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957934, "uuid": "16f72568-f6b8-490c-b7ea-3b30f2e08227", "value": "4a35b51b0ef625a15c8e17ec5bc8621144ae6bc68ee3ae5f90c6114f81ec1e7b", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f3aee9c7-a9f5-11ec-9275-42010a9c0029", "comment": "Malware payload (IcedID)", "timestamp": 1647963436, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647963436, "uuid": "6542c7f9-4dd0-4fae-ae7c-d372e857fd84", "comment": "Malware payload (IcedID)", "value": "4a6ceabb2ce1b486398c254a5503b792", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "IcedID", "colour": "#819B92", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647963436, "uuid": "d9f00726-2966-4323-8244-5a1bb3db6244", "comment": "Malware payload (IcedID)", "value": "4a76a28498b7f391cdc2be73124b4225497232540247ca3662abd9ab2210be36", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "IcedID", "colour": "#819B92", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647963436, "uuid": "5a64e5f4-c7b5-43f2-b4f9-dad2777b5c8c", "comment": "Malware payload (IcedID)", "value": "08a1c43bd1c63bbea864133d2923755aa2f74440", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "IcedID", "colour": "#819B92", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647963436, "uuid": "aed789a7-d86d-4bbb-a28c-b2aeaa055c06", "comment": "Malware payload (IcedID)", "value": "1d89129d1f3eaf72c1b8c9aa7ef9ac29964d78477a4770df0917547cb0eee5d1d1999c95bb4ee5acb5e75ddbd926c3c6", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "IcedID", "colour": "#819B92", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647963436, "uuid": "b82b327d-4a79-4309-8c3d-24f649312dd4", "value": "T1A7E38D17B7E100FBE03A8174C8932A96F372B9514964DF6F439886A61F673B0DD2AF50", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647963436, "uuid": "38c20020-5797-4bcf-8ed7-b04337a30913", "value": "1a28f9c10c182809b4aa0f60d902631b", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647963436, "uuid": "6ed749c1-5422-49aa-a1cb-de79277ca643", "value": "3072:rHcvgjYsFth26h2F11uvFYGAdttuasSf3QHM5TTdfytylU2K:riloNovud4dtoabfyoS", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647963436, "uuid": "6ae620ee-d0c9-4d65-a241-45c7237f8a1e", "value": 151040, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647963436, "uuid": "b25c8f2e-b2c5-4edd-8b75-d34ef4911afd", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647963436, "uuid": "a4c9c1b8-fa5c-4517-be30-eb58fa0298a4", "value": "dar.dll", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5cbd1835-a9ed-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647959746, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959746, "uuid": "d32d1d2e-d9c3-49c5-9021-83dab2fc7839", "comment": "Malware payload (Heodo)", "value": "f33cff96b94a11d4bf8200c2e555c134", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959746, "uuid": "07a1fe6b-c2fe-45f1-9750-560e0b0eee42", "comment": "Malware payload (Heodo)", "value": "4a8585b532b039b85d65bd1d82a07069c088955253874660d41b42a9d32f7157", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959746, "uuid": "0efd03ef-fae2-473c-912f-13105a305ae1", "comment": "Malware payload (Heodo)", "value": "83de65190a589e8d6ed8531040882ab524dfd0d2", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959746, "uuid": "b9c97a6f-25df-4d9f-a89c-678e3835d406", "comment": "Malware payload (Heodo)", "value": "75e86371d969fe55032be286d7eac4aec6f15a5ab346ccd31b6183aaeb704353e89c933bf5aed35b1e98d114acbb13a7", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959746, "uuid": "bec55c5d-b0f4-4d6f-a8ea-c1b1c1887077", "value": "T146B4194F1E989172F0CF28776C22FB65F1EBB8009319B8116EA81B4CFB25B715961D4E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959746, "uuid": "159c3f97-d48a-4cf4-ae07-e55b3bdcbbb2", "value": "ea66334e3c2bfce2838f2a75dde8dc63", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959746, "uuid": "9f96de30-6a55-442d-9578-0f4cd04ca970", "value": "6144:8JZToYE666spbEgoZhZO1tQI+rB7FNXtwN2B5mq8dbSNQ7dqNThMx:8v/goZoclF/wN2PmBzdqNTWx", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647959746, "uuid": "02b5feb1-8ada-450a-b7ac-61fba5f5feaa", "value": 516096, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647959746, "uuid": "87017002-7d03-4303-bf11-f95415abe988", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959746, "uuid": "9c3030fb-8dbd-4625-b97b-caffd658faeb", "value": "4a8585b532b039b85d65bd1d82a07069c088955253874660d41b42a9d32f7157", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2713556d-a9e9-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647957938, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957938, "uuid": "d4a1cea4-cb97-45bf-a013-4507a263a954", "comment": "Malware payload (Heodo)", "value": "3890f73b10ccf0d3cdceda0bc0d770dd", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957938, "uuid": "02a2b870-5836-449a-90f3-39ad91abd262", "comment": "Malware payload (Heodo)", "value": "4aa8a4fec985510b40a910ade173d46b582864eefe9548ebd24355d383debb7c", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957938, "uuid": "2383fbd3-a12f-4ddf-8261-3f7520baa490", "comment": "Malware payload (Heodo)", "value": "54e4d9cbb88971904a39efc697c9a469f0f30207", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957938, "uuid": "8b4d70d2-b8bc-4010-842e-a6f134946ab8", "comment": "Malware payload (Heodo)", "value": "07e04cfd64be873ebc7b887db7b481bf6707d9302778e89de9bedf4a0c49cb3c2f3a4ac659faeea499afebe3535a8659", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957938, "uuid": "d43d83f2-2a42-441c-a43c-cc3507c120d7", "value": "T178059C596B46C0F2C3B53CF0182A42B11D9AFAF2C7B7023B9E84167D9A70DC17768D5A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957938, "uuid": "60751978-a56e-414b-b7a5-8c0382bbf0ce", "value": "cd97bd977cef263c697f451ae2c47380", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957938, "uuid": "3ada692f-1032-4739-a0a5-256a5e7bc84d", "value": "12288:V20BXOMcVzpWfmmnDDlX5P8fMYsvFE6NKGfLjx8QvbxafqNPOd4jy:V9XOMc1KmmDRX6svFEDGloyNPOO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647957938, "uuid": "3438cc77-a0dc-4ba6-b302-f9dd67b65815", "value": 799232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647957938, "uuid": "0c183b0f-af7a-49f3-b9f4-fda087b01ad3", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957938, "uuid": "a767f5d1-06d3-4ec5-8e46-9fafde93d51a", "value": "4aa8a4fec985510b40a910ade173d46b582864eefe9548ebd24355d383debb7c", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d486b958-a97d-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647911844, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647911844, "uuid": "e0b0957b-526d-4c7d-8320-1f2b9fddbb5a", "comment": "Malware payload (Heodo)", "value": "dede354c0fd3ea1241afc66508ffa056", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647911844, "uuid": "0995a5fb-5888-4ceb-b1fd-c6dab2c1dd79", "comment": "Malware payload (Heodo)", "value": "4af2ab16c62af3ed2cad6a266d1beb6b9060dbede174a92c7e1c74b083987f7c", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647911844, "uuid": "6955bc07-02a9-413d-b451-c2ea64b00c40", "comment": "Malware payload (Heodo)", "value": "aef2e85edd8d8bfdeaa65a353272417ca767e95c", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647911844, "uuid": "be288b56-ef70-4115-830f-3062de4b41ae", "comment": "Malware payload (Heodo)", "value": "3438942e5560b64017d75d80bc26df169191e9cb23ad56d88d28074b3ab0314d668c51ed2a5cd0ba0a109c771df2b9d9", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647911844, "uuid": "b07b6019-b04f-4103-9fc1-7d319f1cf001", "value": "T104249E52BAE5807AC6F321B18A46626FB3F4C700473A6ED35BD11C186B38593D63CB5A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647911844, "uuid": "075a9a42-ab3a-42f4-8430-fad9afb10470", "value": "6144:g6FVcu+sW+Iz4TXVjPwSQ9ahaY85Z2pYxCCn:g6O4TpP0XjxCCn", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647911844, "uuid": "8c81e250-e725-4349-acbd-da2bb5616491", "value": 225336, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647911844, "uuid": "224f655e-2704-475b-b305-7c7beb0387e6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647911844, "uuid": "63a29781-6167-42b8-8f83-4012b6ff9134", "value": "emotet_exe_e5_4af2ab16c62af3ed2cad6a266d1beb6b9060dbede174a92c7e1c74b083987f7c_2022-03-22__011719.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f0930b36-aa0a-11ec-9275-42010a9c0029", "comment": "Malware payload (Formbook)", "timestamp": 1647972450, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647972450, "uuid": "93d961a7-ebb7-48e9-b533-52afd96ed699", "comment": "Malware payload (Formbook)", "value": "8e3f370d4c6afcb30db1d966fd689f9a", "object_relation": "md5", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647972450, "uuid": "8476da45-15b5-41b0-903f-fd6ed662415a", "comment": "Malware payload (Formbook)", "value": "4af912af0feae20222956ed454de9cca5a2460fde35a40b98d4bf0bdfdd4c5cb", "object_relation": "sha256", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647972450, "uuid": "12aa467f-98b2-4371-8a3c-e4e5d9852279", "comment": "Malware payload (Formbook)", "value": "e2a6d0ee12bd59e4e9da83d547ab9ecfc795e05e", "object_relation": "sha1", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647972450, "uuid": "26421fde-cf74-4229-8a8c-e9b35d688ba9", "comment": "Malware payload (Formbook)", "value": "688f79d829eb4f646e997d1baa204024086d9abe56922a9d49830739ae1e6b9ffaa53f1c35f9a63d0e85d5071b2a4822", "object_relation": "sha3-384", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647972450, "uuid": "5b3c1927-b967-4a28-878a-c00dbe4bb965", "value": "T1AF04121E33739CD4E1A32F351F6DB8452C73EE96C65EACD5B450B476EC3A0B158222A2", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647972450, "uuid": "53338cdc-7d12-44a8-822b-224decb9a179", "value": "3072:doUqw44ACZLpwtzCiqRH27DGWpLtvPMZqzQ0hsUXOIsMBHMmpG9gDRQ4/4n/+Z9A:+Uqw4gLpihqRWHbqn+sUNBsmo2i4/4/1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647972450, "uuid": "a5927d08-c5f6-4ed2-ae9e-85ccc5964f16", "value": 186472, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647972450, "uuid": "1ad14c09-3463-4ce2-b342-c681f8884243", "value": "application/encrypted", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647972450, "uuid": "f9c890bb-0982-44e2-ba79-6bee430011e9", "value": "ORDER-Ref LSP016459 .xlsx", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e89a0ffd-aa0a-11ec-9275-42010a9c0029", "comment": "Malware payload (Formbook)", "timestamp": 1647972437, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647972437, "uuid": "18c3d4f7-700e-4a79-baa8-941eb6dbc1ae", "comment": "Malware payload (Formbook)", "value": "384c498c632061b01c6b67ae75f55a4e", "object_relation": "md5", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647972437, "uuid": "4a8b88e7-0a1f-4277-bdd7-d2814a36ad15", "comment": "Malware payload (Formbook)", "value": "4b0c39fee0f38ca820851cfaf4b43803c4519d543d7a9482359125ad28fb6ee1", "object_relation": "sha256", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647972437, "uuid": "de38b583-baca-4481-aebf-20c5ba82de5c", "comment": "Malware payload (Formbook)", "value": "38acb94506e66f8fe8f49f3c83e36f51f85dafdb", "object_relation": "sha1", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647972437, "uuid": "a46d2c30-4910-42dc-946f-7a630e4a49eb", "comment": "Malware payload (Formbook)", "value": "ddded1e1a67bbb3a9073bba08a001a24289393b9f85246911443ef13a496d2f4273ef33e2c8ceb1abb2b219ea638d198", "object_relation": "sha3-384", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647972437, "uuid": "1566bec6-5daf-4876-a69d-fc1a760ea6e1", "value": "T1D014123E3B540B22ECC9897E465D902BBCF5EE51F072119D844A3F4E933A953A9E17B0", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647972437, "uuid": "914e3d22-3fa5-473f-8510-be5e42e96b1d", "value": "3072:kRBEKfr7sO6ilIEBQBEw/p4kJI1qs8p1jwvv7dPWSq/Kiz0skpq46sRv:OBvPrUEBQuw/dJIws8p1cH7dPX9skptJ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647972437, "uuid": "02108d5c-1802-4647-96e8-df1d34a67241", "value": 191640, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647972437, "uuid": "f78caddc-4ad9-486f-a447-e1cc05fd2b22", "value": "application/encrypted", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647972437, "uuid": "44364efb-2989-4f71-88ae-38fa78822c5d", "value": "MV EASTERN OPAL VESSEL CTM arrangement.xlsx", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "542e475d-a9e0-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647954149, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954149, "uuid": "314ca642-06ec-4364-8e7f-84ce17bb1425", "comment": "Malware payload (Heodo)", "value": "47f38c77ea80294815f2a75db904c6cd", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954149, "uuid": "5a560c4b-5e05-4df7-b9c0-033867472367", "comment": "Malware payload (Heodo)", "value": "4b17100f7801865153c7cae0955f43446be37d6de65d0646c393fb71d8e8d0f6", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954149, "uuid": "d71c15d4-dc92-4533-a911-24686c86f4b6", "comment": "Malware payload (Heodo)", "value": "09650175331d8f5948940f953483f3990e49456a", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954149, "uuid": "859bb855-018f-4d20-9086-aaeb9e8be4c9", "comment": "Malware payload (Heodo)", "value": "c7ea7f8b0493f66481b94f20ae27e2fd888605c413587eb039ff4f5585c56a11168d6a6dfdb86c243cabe4459f921fe1", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954149, "uuid": "8f102e46-e7a4-4414-921d-c93b41421587", "value": "T1F325AE223AD5C07BE2AF16760506E76E62F5FD304B2586C36FD11BAE6E345C29739302", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954149, "uuid": "65c674fa-82e4-412b-abab-9ba593888c35", "value": "c43d7d6aae03def404d4e73d7d3f62eb", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954149, "uuid": "fe34f8fc-71e2-40a1-a505-3ef58fdae43c", "value": "12288:+LDlVD0Fj+g1dEJgcIzQHBKeWZlQO5tFjNRLU:Ci6fgcIcHB8ZZbLU", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647954149, "uuid": "7f634942-8a25-4ca4-94ea-21dfde35ac24", "value": 1028096, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647954149, "uuid": "f29aca57-79f2-42eb-8de7-29823943e0da", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954149, "uuid": "6bcf9641-bf84-452c-a52c-5b0a7d936741", "value": "4b17100f7801865153c7cae0955f43446be37d6de65d0646c393fb71d8e8d0f6", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f92f84c9-a9e3-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647955714, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955714, "uuid": "96181413-c948-4138-8e76-95fcc613bac6", "comment": "Malware payload (Heodo)", "value": "05c8a0dc22ec55de6de886818a72d8b8", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955714, "uuid": "667c8053-a23a-4034-91b8-7870ed82c83a", "comment": "Malware payload (Heodo)", "value": "4bcab3c23b70c9b8fa12d11766eb07e374f30f2f06c0f8faeaa259ff831dee59", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955714, "uuid": "6e7efc72-55d2-4e94-9cfe-e006697dea93", "comment": "Malware payload (Heodo)", "value": "37f36302a57aa8cb6a94f234c8d02d07596a3fb2", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955714, "uuid": "2aad192b-117d-4078-b3a1-1e2b6f8527fc", "comment": "Malware payload (Heodo)", "value": "1020d0b01f66833509694debecde37a20cdc067ac4e41d741840645aab860d0868639255c5f81c5b9d18d3e48fc482c7", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955714, "uuid": "b8929287-2c7b-40c5-bd0d-b2065ef05273", "value": "T1FED41A30BD5BF0F8C48A1BF46A05CA59620B7EA05625B0A372EE774D6F321334D39796", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955714, "uuid": "94f02c20-d92e-4f50-bc74-18b81aacd918", "value": "b193e4975b360aaa9ff34a6f93823ae8", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955714, "uuid": "4ef7d822-7702-40a5-a602-8a7798686eee", "value": "12288:ZxpNJJJ2NHPoczJZOtIhxf3foRXIa5EPwvA:Zx2gczJZFf3fnaFvA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647955714, "uuid": "920d9b63-b768-46cf-8040-a39b7f8516ce", "value": 618496, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647955714, "uuid": "09ccce22-903b-4105-911b-68f421e822ce", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955714, "uuid": "c9cd1b59-978a-4d30-b829-52ed669f4129", "value": "4bcab3c23b70c9b8fa12d11766eb07e374f30f2f06c0f8faeaa259ff831dee59", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fbba0129-a9e3-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647955718, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955718, "uuid": "a273adcd-09f9-4866-af53-c99c7f8d15d9", "comment": "Malware payload (Heodo)", "value": "92fb222457707839331160511545fcb3", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955718, "uuid": "aab4aa60-e530-4163-97d3-85ecd9bed199", "comment": "Malware payload (Heodo)", "value": "4bdd4f4fdf11c58a053bc9ae51a8705230310b38ee792dc00ab31d6c8c9dec06", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955718, "uuid": "79e5fa1f-f4d9-4852-af98-d0f4699a23b2", "comment": "Malware payload (Heodo)", "value": "7d9a2779a8d1bf6c42c6980351c794dccf8beb5c", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955718, "uuid": "a46e016e-d0fe-4bc8-920a-a18395469450", "comment": "Malware payload (Heodo)", "value": "d3e66b97f04f5756b53babfc3e57391f07488f074608a97b08a9c7507d0f5b625879e980069ade3faa1c7987432def0d", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955718, "uuid": "9b0e6f71-2860-491f-bbf8-7d99b70b8fb0", "value": "T1C8D41A30BD5BF0F8C48A1BF46A05CA59620B7EA05625B0A372EE774D6F321334D39796", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955718, "uuid": "b0a5ea91-6c16-4698-a615-38ceb1cba3ac", "value": "b193e4975b360aaa9ff34a6f93823ae8", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955718, "uuid": "ef286290-aa03-4d54-85c7-b7c0c80cb874", "value": "12288:ZxpNJJJ2NHPoczJNOtIhxf3foRXIa5EPwvA:Zx2gczJNFf3fnaFvA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647955718, "uuid": "8b6c3182-2f00-4abd-ba22-bbb88ad3a31d", "value": 618496, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647955718, "uuid": "9ca343a8-4a8b-4010-a041-430a6b314c1d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955718, "uuid": "821c0598-938c-42f0-a504-16b922bddfc8", "value": "4bdd4f4fdf11c58a053bc9ae51a8705230310b38ee792dc00ab31d6c8c9dec06", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8cece69b-aa06-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1647970565, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647970565, "uuid": "b7cc5d4c-bb37-4d82-85b4-d72ed0990bb8", "comment": "Malware payload (Mirai)", "value": "9c465eb699913aab83323e1583930591", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647970565, "uuid": "de551b1e-d42e-4795-b580-fc87d3997761", "comment": "Malware payload (Mirai)", "value": "4c0b67d6551db6460d96c4cde9314ccaef38d0a00da10214c7696f9307157001", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647970565, "uuid": "a2073c04-c7bd-46b3-81ba-3adb2069d47f", "comment": "Malware payload (Mirai)", "value": "4f58776da523f5172f20f4993a1f2d1e5137c2ea", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647970565, "uuid": "e1f334c7-3e0e-4e1d-a9ef-76423573e439", "comment": "Malware payload (Mirai)", "value": "f9db4a2163a06d248597010c8dcc95b2eaa48298abc4ce34171626f5e841c75698ea79bf92af055bb02714cdb5ee62e1", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647970565, "uuid": "06164f0c-3f78-453a-ada8-08df208318ae", "value": "T1DE338DB1C469EEA8D16842B0B4648B781B23F414EA4F1FF65946C26A9403EECB35D7F4", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647970565, "uuid": "f4700689-0ab1-44c4-9857-8a7446263e43", "value": "768:6az6xMexmHdnzxWZyGeYF8HhHCRbQPETLlFox9JgzJCXAN1:6azLc+nl2aaIhHAQPETL8x4zJCXA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647970565, "uuid": "b76da2d9-8328-4077-893e-ec6ceccdeddf", "value": 50340, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647970565, "uuid": "f079cc78-189d-4112-b535-0832672a929b", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647970565, "uuid": "943a011b-da16-4909-886e-6485a851c595", "value": "9c465eb699913aab83323e1583930591", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e5aacd3d-aa11-11ec-9275-42010a9c0029", "comment": "Malware payload (RedLineStealer)", "timestamp": 1647975438, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647975438, "uuid": "9923e7e5-f87d-4a23-99ed-3ab6de7c9259", "comment": "Malware payload (RedLineStealer)", "value": "4fca3668e0836b3e9432874e491a23c4", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647975438, "uuid": "e6fd242f-5d18-4353-9373-f834b78a56aa", "comment": "Malware payload (RedLineStealer)", "value": "4c96561abea75c95091112fe45a8e9eb79b4a66e3f19494148932ffb87aaa17d", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647975438, "uuid": "3b576ec9-2209-4d0f-adde-776899fe3d99", "comment": "Malware payload (RedLineStealer)", "value": "a01b768c494a2387bb7494da55ec42d5586da175", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647975438, "uuid": "ff04daae-9bde-4bdd-a7b1-b2cd08a73afe", "comment": "Malware payload (RedLineStealer)", "value": "9bb1f809b720ca8f3245c5e1df10d63494d88007054ba4fcfa90f763ae1247e7561b88d6ad4835063031e3a77e4a81cf", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647975438, "uuid": "af45b8a6-f5f9-4874-9254-e98a8c7f77f9", "value": "T10844BF213BB3C8B2C49724706825CBB56BBF743216B489473BA5173D5F703D29AB631A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647975438, "uuid": "3c9e18be-9ddf-4926-9362-c8dfa6591fdf", "value": "75e06567c553fd5738bcb732c4034310", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647975438, "uuid": "0f27b95f-4cd2-4f8c-b1b8-8c27def81d6c", "value": "3072:zAXF4X1V/Q5rS9DRFECgt0OtCyENttN7AD0kw/5xXqE52B:QF4P/yS9DRuTt0Y2Qk6Eo", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647975438, "uuid": "ca96ad41-ce65-4d17-9af9-90ca27c9ff3e", "value": 270336, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647975438, "uuid": "cdfc0224-a04a-4fb0-8221-2eef9e67f9c2", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647975438, "uuid": "63910d57-283d-4260-9d69-bea276959314", "value": "4fca3668e0836b3e9432874e491a23c4.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "56e15831-a9e0-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647954153, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954153, "uuid": "c0e8b7fa-fbe9-4f0e-9a58-6d26c94589a3", "comment": "Malware payload (Heodo)", "value": "4acbb02f3dec1cf18bae5cb6f03861d0", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954153, "uuid": "36354489-819a-4c2f-a687-a72cd26dc431", "comment": "Malware payload (Heodo)", "value": "4cea158aeb0d8cca6c07341c1b181f0aa18fb322725a842301412fddf2a58bba", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954153, "uuid": "d839ed35-8068-48e5-bbbd-e54751464aa9", "comment": "Malware payload (Heodo)", "value": "e0b32322da8b1bdf7e023cf51ecdff2170d0d3cd", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954153, "uuid": "f92fdc3a-4f3d-411b-8433-3865352bade3", "comment": "Malware payload (Heodo)", "value": "43c13b392de464fe835a6f9982d874f2bbea1e5e5400db3d6781c487e6101d1e3344e1edeebb7e0d0f3646039a451315", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954153, "uuid": "2b5f45a8-9419-4745-b024-97dbc3f453f9", "value": "T11325AE223AD5C07BE2AF16760506E76E62F5FD304B2586C36FD11BAE6E345C29739302", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954153, "uuid": "7684feeb-319f-46e5-92b6-9146000478d6", "value": "c43d7d6aae03def404d4e73d7d3f62eb", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954153, "uuid": "e46f68a2-a427-49a8-9308-2f1e861f747b", "value": "12288:+LDlVD0Fj+g1dEJgcIzQHBKeWZlQp5tFjNRLU:Ci6fgcIcHB8Z2bLU", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647954153, "uuid": "43dfbc8b-fb9c-4137-af6b-8929945a7173", "value": 1028096, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647954153, "uuid": "3339dc06-5672-4913-9265-f9206a2074a8", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954153, "uuid": "df7a0f82-895c-408d-9833-75192818ae57", "value": "4cea158aeb0d8cca6c07341c1b181f0aa18fb322725a842301412fddf2a58bba", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a8ba193c-a9e1-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647954720, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954720, "uuid": "51fa5f6d-7ea9-4639-91c4-3f3620f4e7ed", "comment": "Malware payload (Heodo)", "value": "00b2e9b32b1075d91d4d841efff69584", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954720, "uuid": "e888de34-f372-4f9d-bef6-604f488bfb1f", "comment": "Malware payload (Heodo)", "value": "4ceb07277b4535520a0de03c4baf148aa9869bbdb0d27aa2f13ec9661ad77b4c", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954720, "uuid": "4a67592f-2442-40d0-aab2-85c2e215d270", "comment": "Malware payload (Heodo)", "value": "475e8f49811dc97d28e8228cc4c4630611d22b72", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954720, "uuid": "b2b04bba-1ee2-4ec1-b116-b6e57899ecf1", "comment": "Malware payload (Heodo)", "value": "068b9f9cb3ebbcb9f4088e0c2889ac9c5822c5c55f0d5802e845d31db083e517deed85b162eaf8c051667242790d11af", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954720, "uuid": "a7c7ea04-925a-45de-af88-db1fd15ca5a5", "value": "T1D6B40706B152B13DC24BD0B96E0167A951AED9FD0BB137A3AFA813CC06A34D5735DBC2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954720, "uuid": "3b97d445-f711-4a0d-b9e3-069f2af704c4", "value": "42fe0d732d1bb90c6a7a1bcfb8ef88aa", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954720, "uuid": "8979750b-9d2e-4184-8459-df6e5aa96832", "value": "12288:AASStHx1vVHO+1Hx54Gg0p9n4WNL7XE0UdX:ecHfv4qxvnp9l7XE0", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647954720, "uuid": "1c2baee6-5b44-46ff-bdb3-a03c7e1e356a", "value": 532480, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647954720, "uuid": "b3eaf27e-789c-4163-b544-99b3d76fc9b9", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954720, "uuid": "15a92264-3cf7-4235-975c-33d900897c73", "value": "4ceb07277b4535520a0de03c4baf148aa9869bbdb0d27aa2f13ec9661ad77b4c", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e126b0e8-a9c6-11ec-9275-42010a9c0029", "comment": "Malware payload (NanoCore)", "timestamp": 1647943218, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647943218, "uuid": "31ec82c3-fdfb-41a7-bb8c-c4a229c5709c", "comment": "Malware payload (NanoCore)", "value": "4ee59654b68dc17ce9cb6e6ba45d025d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647943218, "uuid": "b728f0d6-bc54-4cab-bb39-8e305f3239cb", "comment": "Malware payload (NanoCore)", "value": "4cf15be6ae32fa9b2f3e7664c93952fc458884ca0c8b93f3574b8395d11bca9e", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647943218, "uuid": "25c6fa4e-4fb8-4bd8-b0c6-5943a40f06f1", "comment": "Malware payload (NanoCore)", "value": "fb13710ce5888a6f19f5ec5ea4e137b256d830a4", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647943218, "uuid": "64953560-9e14-4ab8-989c-faa6ddcefaa0", "comment": "Malware payload (NanoCore)", "value": "d5f7b88087527dd20c8e69d82a0d8843b2fb27522c58bd2083baeb6b8497be8d6d4b71249c15774320d96f897f4fef81", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647943218, "uuid": "6918891f-8427-47ee-8bcd-9138586a9899", "value": "T11C352388BBD6C30BC1770E7D51B9422A4B70D199A423E3FBEA81A359584E335D783727", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647943218, "uuid": "a8990d78-3326-412d-98eb-2737a66bbe6c", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647943218, "uuid": "2c4c7292-3b1b-4478-a4fd-f9cbf96ee2d9", "value": "24576:tohTWR0GQtG1kTYPDBJ8meF/blX41nf7GG:tohTNGKe4SDBJ8mexlwnjGG", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647943218, "uuid": "44a5d7c9-280b-448c-8d04-a6a530393484", "value": 1067008, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647943218, "uuid": "4d35d54e-b873-4d02-9818-c409c160fe0a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647943218, "uuid": "8e12a188-e3f5-4bbe-b0ea-88f064f6fdda", "value": "4ee59654b68dc17ce9cb6e6ba45d025d.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ff2ea47d-a99f-11ec-9275-42010a9c0029", "comment": "Malware payload (RedLineStealer)", "timestamp": 1647926518, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647926518, "uuid": "b71f406b-eaee-4005-94a6-de37c87786ff", "comment": "Malware payload (RedLineStealer)", "value": "bb701d5221d2abc5b45b10ee7cf0de0a", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647926518, "uuid": "3ce1ad98-fe2e-48a0-82c6-aeda29bbcb34", "comment": "Malware payload (RedLineStealer)", "value": "4cf3ce9ba3bdf25b83562a3cc9551c483b08e02b9f3c6d6d6c5dff717941153e", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647926518, "uuid": "f4eff626-bb7b-4467-9e41-8276cde42845", "comment": "Malware payload (RedLineStealer)", "value": "f566e8fc59cdc8b275d0126e4c22cf57dff77a6d", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647926518, "uuid": "6837ab85-4da8-4c18-aee1-b39a70b692b0", "comment": "Malware payload (RedLineStealer)", "value": "7d9e7da4f18112d1137ab8abae5edbdcd703edf0434158e5ad82c65706c332442ca3083b5c807e2ec394cef9af63dd3c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647926518, "uuid": "65ec3d43-8a9d-440c-9d82-165803e52d63", "value": "T1C336337A6EF16808C6F5AF7F0BCAA609C39B91B4DC705486515F679004B8D0DAF80DFA", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647926518, "uuid": "4e8cdfb7-6729-4301-94f8-0f88ba63a634", "value": "fddc083fa31a17c938d0a17ec7cd3025", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647926518, "uuid": "fa40207a-5895-4239-bc49-dfb9a3375811", "value": "98304:xU730p1ntG76SWkQy1uck35+y9wjn4JjIk7+D6wIQT9mXjRPQa:83KI76Suck35sn4NV+D6wIy9eRP9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647926518, "uuid": "64de05ca-c244-400b-9de2-c64192a5ee3f", "value": 4903424, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647926518, "uuid": "9316d62e-fd08-4ffa-871f-53836ccaec57", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647926518, "uuid": "37a70612-d6e2-4a9d-926f-36a431e27036", "value": "56039036.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fe3a8744-a9e3-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647955722, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955722, "uuid": "0ddf778c-ab11-4a6d-aff1-286c0b3a40cb", "comment": "Malware payload (Heodo)", "value": "96b7673093be26fd0d6eadbadbddfb7a", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955722, "uuid": "82df32d9-e214-42a4-9cc1-b92bac0d7f08", "comment": "Malware payload (Heodo)", "value": "4d1c4d4d64b6641f9e7d0d69253aecc1f30f6d0123ec9f45c7165f3caf96b3d2", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955722, "uuid": "ea542070-267a-4619-acd2-ea032c275070", "comment": "Malware payload (Heodo)", "value": "8120b603a7b88fb80902a955901bb11fe53d72ef", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955722, "uuid": "ee52f580-8dbe-4e96-8c6b-cfdda2a621cb", "comment": "Malware payload (Heodo)", "value": "f431fbed7213c405af2464f35e526a652e0ba7230be66ee5779c679f935c743fc8130715bc38020f3fdec25ca115f53b", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955722, "uuid": "ea0ac585-4f11-4fb5-8dc3-3fdbfec1b062", "value": "T1D1D41A30BD5BF0F8C48A1BF46A05CA59620B7EA05625B0A372EE774D6F321334D39796", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955722, "uuid": "76085e91-3808-410d-b62c-24bb72c45aa8", "value": "b193e4975b360aaa9ff34a6f93823ae8", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955722, "uuid": "45f86bc3-66ac-4c1d-9cd9-b7f3e83a51ac", "value": "12288:ZxpNJJJ2NHPoczJXOtIhxf3foRXIa5EPwvA:Zx2gczJXFf3fnaFvA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647955722, "uuid": "f13973d5-2401-429f-977d-804dda069d8e", "value": 618496, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647955722, "uuid": "e9938dab-ea1c-4c29-92df-edb3558afaf0", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955722, "uuid": "83ca9f58-d72f-4e12-b67f-b8a603a5aac8", "value": "4d1c4d4d64b6641f9e7d0d69253aecc1f30f6d0123ec9f45c7165f3caf96b3d2", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5fc51ab7-a9ed-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647959752, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959752, "uuid": "e7ce1c8e-e44f-4078-a168-aa88191db533", "comment": "Malware payload (Heodo)", "value": "a77b48b6aa0834f2a7940d0d58a10ceb", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959752, "uuid": "49b14534-ded9-4e82-9d0e-5d916bb95f88", "comment": "Malware payload (Heodo)", "value": "4dbdb7032146edf1c7f981b13d14723bf5777574ea08fee1b028788989e8d0a9", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959752, "uuid": "c5bc7aa3-d3dd-49d1-8e55-32ea918a6f1a", "comment": "Malware payload (Heodo)", "value": "a483d83ad49e8fe1dea3b86bfa1ad8f54d205054", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959752, "uuid": "276fb940-aa10-4521-b8d1-7ca8a70e6bcf", "comment": "Malware payload (Heodo)", "value": "5b72b9adaf68f8d2c87830919ef73aba3f11941c8ed113051de8f6021da6ad247389ccc6ad7c04ce124e81c641197045", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959752, "uuid": "423d7625-d733-46cf-b43b-69e44c9a9cf6", "value": "T122B4194F1E989172F0CF28776C22FB65F1EBB8009319B8116EA81B4CFB25B715961D4E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959752, "uuid": "25b341ff-bf09-41f7-a761-42734eb96da6", "value": "ea66334e3c2bfce2838f2a75dde8dc63", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959752, "uuid": "66870ddb-cf51-4330-bcfc-22d9690e4985", "value": "6144:8JZToYE666spbEgoZhZO1tbI+rB7FNXtwN2B5mq8dbSNQ7dqNThMx:8v/goZo3lF/wN2PmBzdqNTWx", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647959752, "uuid": "494afa83-1593-434e-9cc5-d82d367468fd", "value": 516096, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647959752, "uuid": "d29f164a-a874-4c61-9aa3-1bc4cc93938c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959752, "uuid": "f76df6ff-90a8-4d13-9e71-09789f1bbc5e", "value": "4dbdb7032146edf1c7f981b13d14723bf5777574ea08fee1b028788989e8d0a9", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "77c94ee1-a9e3-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647955497, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955497, "uuid": "8917f689-79ca-4643-8691-7cbf7b688386", "comment": "Malware payload (Heodo)", "value": "246238de6384c64457f7ce5178652571", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955497, "uuid": "b09a27c0-0db6-40e2-a4c0-474b3a4ad8c7", "comment": "Malware payload (Heodo)", "value": "4e032c511ba13e6180c41799821b89279d28292586dc216bcb8b79a8fb2e1825", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955497, "uuid": "8767f31f-f61c-427d-9e64-d12b5e8a95a5", "comment": "Malware payload (Heodo)", "value": "47af86d595da7d8f1b9f48276cbbc897ea6e793d", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955497, "uuid": "383f3a87-648c-40e3-b949-5a174924c97f", "comment": "Malware payload (Heodo)", "value": "229accebb722b0bd46930eee03685c6f0779727f1e9e19aec3d1f170f3e5195bba20b8b029ae554e13fb6067cc5330b4", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955497, "uuid": "b2bc0cc2-d917-4169-8a9a-bd8e3ad420ea", "value": "T12DD46B03BFD3F0F6C12F0F394505D608989A7EC6A62A45A3539C6B9FED670138D36652", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955497, "uuid": "ba20b0a1-d2ef-4b93-b6fd-c8529b35787b", "value": "987fe31a9a4cd6eac4ce656a05c3724c", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955497, "uuid": "0f6c7a07-7491-4403-9cb3-9f49e0db4504", "value": "12288:QXvRLpX4HMAus65rUxMxWXb6Sw5BxfmRgnI:Q/Rt4HMA+rUx2BlmeI", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647955497, "uuid": "8d4a5e35-639a-4b1f-b53d-1970e14f35af", "value": 614400, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647955497, "uuid": "21857f5e-e7e8-4519-bf1e-090fe751d328", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955497, "uuid": "46ec7a18-2414-4e4d-824c-d097a82ed8f1", "value": "4e032c511ba13e6180c41799821b89279d28292586dc216bcb8b79a8fb2e1825", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "29eeff0e-a9e9-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647957943, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957943, "uuid": "4799bb18-732a-47d9-a062-77a7ea7c80b3", "comment": "Malware payload (Heodo)", "value": "f152f10156fa7bc095ce2bc759fb301e", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957943, "uuid": "c1aeef04-099b-402b-b462-43ea96b5060f", "comment": "Malware payload (Heodo)", "value": "4e4a5638ebaedbdcec78abbda924fbfffd35a6f01531946c8710e0c797f783c0", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957943, "uuid": "4fa1be8f-a057-4122-b06e-e4524e4868eb", "comment": "Malware payload (Heodo)", "value": "e19e592d6e5a2b83ab75a430dab6e6006781dc94", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957943, "uuid": "28dabfbf-1567-487e-bac2-e27a7e30d52a", "comment": "Malware payload (Heodo)", "value": "1d81a8ce9e9fa8e1fe933fff7578a27f763941fb6023538e4b006393f639526ac082b8b6050c79a2af60b33dbff04016", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957943, "uuid": "014274b0-6860-429a-b629-b42e25e42f0a", "value": "T1FE059C596B46C0F2C3B53CF0182A42B11D9AFAF2C7B7023B9E84167D9A70DC17768D5A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957943, "uuid": "e69a537c-66d0-4d9e-9f65-4c78f640299f", "value": "cd97bd977cef263c697f451ae2c47380", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957943, "uuid": "96a9475a-69aa-47ea-97d2-4193e8661018", "value": "12288:V20BXOMcVzpWfmmnDDeX5P8fMYsvFE6NKGfLjx8QvbxafqNPOd4jy:V9XOMc1KmmDSX6svFEDGloyNPOO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647957943, "uuid": "8602684b-8727-4017-9a35-edde85ed7d85", "value": 799232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647957943, "uuid": "1473160b-ca6e-44bf-8981-de333131d579", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957943, "uuid": "36f8be41-69c3-4575-a10e-ecb6da7aece0", "value": "4e4a5638ebaedbdcec78abbda924fbfffd35a6f01531946c8710e0c797f783c0", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "59780c76-a9e0-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647954158, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954158, "uuid": "3fde8970-2851-41db-8305-24bf11b4390b", "comment": "Malware payload (Heodo)", "value": "0ee8a03beec9d6e4906350d796b419f0", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954158, "uuid": "7deeea6d-723a-4243-a453-22a72e2ea0b9", "comment": "Malware payload (Heodo)", "value": "4eba844f044b0d9a0782eaa8770715bbeb64872b88659775d41556ce4ab407db", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954158, "uuid": "c2c49cb4-8977-4308-a27b-dcc03e62df17", "comment": "Malware payload (Heodo)", "value": "a231a35992dfcabc2b4650d29787fff6fff82b76", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954158, "uuid": "271763a7-13e3-4ead-9520-402545dab483", "comment": "Malware payload (Heodo)", "value": "47cff38bf26924a047de469870c5a4005bff2d349cba70466adbaa3d10e8077a9560893dd61870477251e24c4563c0a2", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954158, "uuid": "1589c84a-a7dc-4973-8610-0554793982be", "value": "T1EB25AE223AD5C07BE2AF16760506E76E62F5FD304B2586C36FD11BAE6E345C29739302", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954158, "uuid": "72d34520-1840-4693-9711-d818d68563f8", "value": "c43d7d6aae03def404d4e73d7d3f62eb", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954158, "uuid": "97660206-8df0-42fd-9f15-c5939f147bc2", "value": "12288:+LDlVD0Fj+g1dEJgcIzQHBKeWZlQQ5tFjNRLU:Ci6fgcIcHB8ZnbLU", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647954158, "uuid": "38121969-209b-471c-be8f-25908c2e5388", "value": 1028096, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647954158, "uuid": "aeefb8e6-c736-408a-9576-6c2e446b0740", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954158, "uuid": "00a8c955-a065-4f30-a10f-0fef621306f0", "value": "4eba844f044b0d9a0782eaa8770715bbeb64872b88659775d41556ce4ab407db", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2dd91dca-a9b8-11ec-9275-42010a9c0029", "comment": "Malware payload (Formbook)", "timestamp": 1647936904, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647936904, "uuid": "36f6367c-1840-4d4c-bbd0-df9dfa7b404d", "comment": "Malware payload (Formbook)", "value": "f827aab7bbb871e026de55c9884c7986", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647936904, "uuid": "9225922b-ad65-4729-a617-396782cc7d8a", "comment": "Malware payload (Formbook)", "value": "4ed75b8466a537951e39fcf6a8a024701d41c6ff3be98153dcc81dbff6a75756", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647936904, "uuid": "81d995f6-8e23-480b-b2f3-5eb517a3340d", "comment": "Malware payload (Formbook)", "value": "dc4c11b36add611aee52a751e1f2aad8246da3d5", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647936904, "uuid": "913fe490-e341-4b7f-a1fb-162077b48a64", "comment": "Malware payload (Formbook)", "value": "e643d3f22b4b06b1029992de73ef3a23010c3fec6e5aea30ab9ed8ca7d3ac573e4eb6a20163eb274164bbaa839c8f8c0", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647936904, "uuid": "61e9e5fe-7548-451c-9cd8-d0a1195bd440", "value": "T16635AE63F3A05433C43726384D0B9BA4993ABD112E79DC863BE56E4C1FF96827D25287", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647936904, "uuid": "76dd50eb-9e6f-458b-af4f-f3dca82197aa", "value": "ecda77ba4b20deffbdfcdb24b1b9910f", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647936904, "uuid": "94b89b5f-a890-4ef2-a896-5a7c98906a94", "value": "24576:PolcmxDQ6vSWIqAk3OOJDnViniHCP9iWvjXf:PA2J9OpViniiP9is", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647936904, "uuid": "354523ff-6414-4194-a471-477cb266e7d7", "value": 1065472, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647936904, "uuid": "ef7f378a-6ad4-4180-8371-5e1185a33325", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647936904, "uuid": "792d2e2a-a31e-47d8-ae6c-9933a949388c", "value": "u prilogu je popis narudzbenica.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b9374b32-a9df-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647953889, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647953889, "uuid": "96254aa1-d712-4c0a-81cd-90291e9f0b82", "comment": "Malware payload (Heodo)", "value": "066a849e0babd8dee650448b87cd501a", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647953889, "uuid": "23c29d63-f996-423b-85e0-b1f73607cbcb", "comment": "Malware payload (Heodo)", "value": "4f2c603abe4290dab0877fd873b723c67841f15557dc29428903a2e7394bd564", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647953889, "uuid": "d3c89026-b9ba-4937-9843-025d5c170eb0", "comment": "Malware payload (Heodo)", "value": "89ae8fda1b5e1ddc495f533ba15c2f26b2b04cb9", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647953889, "uuid": "0dc8c5c2-0b91-4b85-995b-ccab0c2d8071", "comment": "Malware payload (Heodo)", "value": "6d6d69bc86dd4bebea35dc0b3272551348defb938129fa799ac1f2f824f0f00403e33c6922fa7d783eab747e70ddad78", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647953889, "uuid": "eb40a916-5721-47cb-b97d-18b7a47c1be6", "value": "T10B25AE223AC5C07BD2BF16364506AB6E62F5FD304B359AD76BD02BAD6E345C28735302", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647953889, "uuid": "2ca1c518-9a21-4921-94e6-51b6679bffba", "value": "c43d7d6aae03def404d4e73d7d3f62eb", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647953889, "uuid": "c55a2a3c-516b-4677-8bf9-b3fb2d4b4693", "value": "12288:3EfTTMN0tPXuuddE6R4eehQv1mR4z+Z8nQ2v02gesq3MOeqxyo8:3EfTfvuaR4rhQdmuqV3HcMOeWyB", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647953889, "uuid": "6e961a48-7713-4b92-807e-2d69c5ecc741", "value": 1036288, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647953889, "uuid": "21cf26f2-fec6-4e37-b383-9d3838665afd", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647953889, "uuid": "4f7fd059-eb1d-4737-a3d3-bc7bd806551e", "value": "4f2c603abe4290dab0877fd873b723c67841f15557dc29428903a2e7394bd564", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "00cf0eb2-a9e4-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647955727, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955727, "uuid": "50d7114d-439e-4dac-b552-4da421953f02", "comment": "Malware payload (Heodo)", "value": "033d38ee7c14f3b549638debfdedbb41", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955727, "uuid": "c3fbab7c-777a-4285-8df7-94541eb5ef68", "comment": "Malware payload (Heodo)", "value": "4f62b3d63d359bb69f9c89d003a2a86cf3746429c2bf17b5257efb2f934faf7c", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955727, "uuid": "6964897c-23e9-412c-9c4b-a3a7a3c04814", "comment": "Malware payload (Heodo)", "value": "3741e165a61aa49b59dd4de2184fcefe38dcf7d2", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955727, "uuid": "a217bc3f-d836-4a57-80a2-dfa68173f86a", "comment": "Malware payload (Heodo)", "value": "858cf9f19d91bdc2c88e29d98d86075fa552dd607f613c255ef669a45782226d90057000aec12949b5382c4affe72651", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955727, "uuid": "1867f64d-6ca0-4908-80b7-f5faae6b13f2", "value": "T1D8D41A30BD5BF0F8C48A1BF46A05CA59620B7EA05625B0A372EE774D6F321334D39796", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955727, "uuid": "0d508fdd-be2e-470b-b990-eaedf61ccde6", "value": "b193e4975b360aaa9ff34a6f93823ae8", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955727, "uuid": "bf640ebd-6666-42db-84f3-1726d92d7b58", "value": "12288:ZxpNJJJ2NHPoczJCOtIhxf3foRXIa5EPwvA:Zx2gczJCFf3fnaFvA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647955727, "uuid": "053d6b80-0d1d-4b7b-b23e-382e9639af06", "value": 618496, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647955727, "uuid": "312a8999-51d2-4f1d-8f36-71b5ad9cf17f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955727, "uuid": "f4c1177c-e31b-4bb2-9a9c-e2d09d1ab6ec", "value": "4f62b3d63d359bb69f9c89d003a2a86cf3746429c2bf17b5257efb2f934faf7c", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7a31e7b3-a9e3-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647955501, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955501, "uuid": "30c5477a-b8ca-468d-a607-3d0aac683580", "comment": "Malware payload (Heodo)", "value": "42d88adb157ab18c9af6a2fa53663201", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955501, "uuid": "c90e33e9-06cd-4acb-9a0d-74bfd68dd28e", "comment": "Malware payload (Heodo)", "value": "4f9b0e5f4abdf3fe57f20324f3fdcffa0461f7194165dc18e3c4c4bf840c2cbe", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955501, "uuid": "a00c9334-23d4-4828-8b72-26fd9bee7b7e", "comment": "Malware payload (Heodo)", "value": "bff63a3a57686bf0d0cecc830169ceee8b39ecb7", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955501, "uuid": "8b022386-7052-4b9e-9054-93b0e0355453", "comment": "Malware payload (Heodo)", "value": "c7e85c2405333b8aa82527ea2c07f7828fa3b2b0b6050917d9725c18847cf088c3116614be7eac760f0b089cd9b5e027", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955501, "uuid": "48232ac8-11d2-4835-b8dd-dfe018b6ca5f", "value": "T116D46B03BFD3F0F6C12F0F394505D608989A7AC6A62A45A3539C6B9FEE670138D36652", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955501, "uuid": "c0539c92-505b-4e10-adec-b93ce659e1d7", "value": "987fe31a9a4cd6eac4ce656a05c3724c", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955501, "uuid": "9cb643bf-3528-479e-8541-c9620f3824d5", "value": "12288:QXvRLpX4HMAus65r+xMxWXb6Sw5BxfmRgnI:Q/Rt4HMA+r+x2BlmeI", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647955501, "uuid": "c1532abf-267b-4bea-9d3e-89a811d1e446", "value": 614400, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647955501, "uuid": "44cdd7c4-744a-4808-afd4-bd7dae3a8233", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955501, "uuid": "0fbc81d6-d773-4e9c-bc4e-74481f2439aa", "value": "4f9b0e5f4abdf3fe57f20324f3fdcffa0461f7194165dc18e3c4c4bf840c2cbe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f5956045-aa21-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1647982337, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647982337, "uuid": "a61dc162-4912-48ee-9e20-7a89f568a055", "comment": "Malware payload", "value": "e714e8844ea48b82a14a88874df084bc", "object_relation": "md5", "Tag": [ { "name": "iso", "colour": "#ED4E86", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647982337, "uuid": "5cf407a9-0e6c-4e6e-9ad6-8d90dd95ae66", "comment": "Malware payload", "value": "4faf162e4958b7693e3a1059c5efb21d84901b01613e13c80f3d804678c26fe9", "object_relation": "sha256", "Tag": [ { "name": "iso", "colour": "#ED4E86", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647982337, "uuid": "0d7aea39-9965-4350-a824-4dd10de836aa", "comment": "Malware payload", "value": "83450b180ab507c1cf38b9552ec389c4358bd986", "object_relation": "sha1", "Tag": [ { "name": "iso", "colour": "#ED4E86", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647982337, "uuid": "33a9c82d-fb83-48f9-850c-a84c7a2f85b7", "comment": "Malware payload", "value": "f6a384a118764bdecbad16b7eef62dfd6104b9e89d9616afd68b2604c5ffa4cf8bccebbfa8e1070f162f4465224dce76", "object_relation": "sha3-384", "Tag": [ { "name": "iso", "colour": "#ED4E86", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647982337, "uuid": "00ec5c34-b9ec-4b88-a55c-269012d16b52", "value": "T1CE75BF92F6915433D6371E348C1BB3649C6ABF102D28A4877BF95D4C2F3A681BC251EB", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647982337, "uuid": "5ae568eb-ccd2-414c-9654-4347bcaa3d5f", "value": "24576:dGkQ9ftdUDQVYxNEeFgbTRUFau59fXwQlEeK320dkgbUhAviXW8OLxZdPY:YD/zLK9t9H47pY", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647982337, "uuid": "4542e4a3-1e43-4290-b922-c908290228e8", "value": 1703936, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647982337, "uuid": "2abca7eb-14c8-4310-91bb-52615ab16e8b", "value": "application/x-iso9660-image", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647982337, "uuid": "6181d607-84bb-4f4a-bab9-5d196960a7a6", "value": "IMG_5330005765455634899.iso", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "97c24ea7-a9e2-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647955121, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955121, "uuid": "5642800d-b3df-451b-8d09-4cad2dfff680", "comment": "Malware payload (Heodo)", "value": "5042d1351c4b920aa7091f5b262c5c5d", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955121, "uuid": "7c2904d6-0417-465b-86ca-b67e02c9a52e", "comment": "Malware payload (Heodo)", "value": "4fb4d785cf05fd1b35526eed8831a0adb92f8d7890f69644d69ea02ce88cddc2", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955121, "uuid": "cf165300-3848-4e63-84e8-40b67fb11b99", "comment": "Malware payload (Heodo)", "value": "feca3afbbbf1651b9cbecc4a8d32ac22119c6891", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955121, "uuid": "0150da67-8555-47bc-9c6a-99ff31a56e3a", "comment": "Malware payload (Heodo)", "value": "a6d7112e61de683f7ebd16b9398703e9c0cef286f348329f997dae6e124629f05cba1be2af19d4791260267135cc7b18", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955121, "uuid": "c6f9582f-0858-4205-a433-4293482b370f", "value": "T1C6D41950735AE1B7D0429CB58D1A82B5A90F6CA14A2471F3BBDE371DEB789B017213CB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955121, "uuid": "920e309f-1fc7-4913-891f-e7b458210629", "value": "463401f61c44b0d918f1e23374db995b", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955121, "uuid": "4d9e711a-1228-4981-955e-4ec9a56b9a75", "value": "12288:DjN/Z2wkRrA9CRDCOElAjHDsndSyHOrNvEP0Oua:dEHR+CRuyfsMyHOpJL", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647955121, "uuid": "5107dc8e-3a14-4d17-b447-4628cf3e0aed", "value": 613888, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647955121, "uuid": "2ad20d1d-9edc-4f63-8821-f65824f4ff2f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955121, "uuid": "72683a4d-d599-454d-bdd9-366fe5a85e47", "value": "4fb4d785cf05fd1b35526eed8831a0adb92f8d7890f69644d69ea02ce88cddc2", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d8d02071-aa01-11ec-9275-42010a9c0029", "comment": "Malware payload (RedLineStealer)", "timestamp": 1647968545, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647968545, "uuid": "76764c08-b5e1-44e8-87c2-2a2f10ff7443", "comment": "Malware payload (RedLineStealer)", "value": "df689aafc37fe83d1f76984911e4d6c2", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647968545, "uuid": "4d0cc809-fd52-45bc-9763-9e075dd1d4bd", "comment": "Malware payload (RedLineStealer)", "value": "4ff32cd7d9a37a73d8c836a7c5a32792281e46b3f2d8a17fd535a4c90fe65680", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647968545, "uuid": "1bd76c14-a191-4a43-9fcb-39f68f533e47", "comment": "Malware payload (RedLineStealer)", "value": "e90bd78e5e110fe2d306ecc8e8cadf19de78564c", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647968545, "uuid": "efffa6ab-2788-497f-addb-1171a2bd5151", "comment": "Malware payload (RedLineStealer)", "value": "f7f0b1ad773eab0adb2c59ec74879aa66384a031aa235ac559aa702692882bee001b9f691839433e4b02d56dca691d30", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647968545, "uuid": "d872f6c0-732a-4b7d-b634-c12b99ac0876", "value": "T12244CF123BA3C8B2C99254706825CBB02BBFB53115B585873BA6177D4F703D2EBB6346", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647968545, "uuid": "757618bc-8faa-4c4e-afa9-39e0ae09b1b4", "value": "75e06567c553fd5738bcb732c4034310", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647968545, "uuid": "71010d7b-07b6-4cc7-b6ce-80d15483abb9", "value": "3072:iAX24AFV/4KbS1TJtECo26VN7N0hI9wKNaF5xvCK/WoA2B:324K/9S1TJWb267QCw3/b7", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647968545, "uuid": "8aea811b-4829-4ac4-99d0-9abb07ac880e", "value": 270336, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647968545, "uuid": "15eb05a9-7b77-4d1b-87ff-e9e5887e5dd6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647968545, "uuid": "02996c2b-0226-43cb-bf7a-2e6e0fb1b022", "value": "df689aafc37fe83d1f76984911e4d6c2.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "191fe968-a973-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647907234, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647907234, "uuid": "7463412e-feb5-49ab-95b3-ef6502b2b4f1", "comment": "Malware payload (Heodo)", "value": "d8460a58321fc081781b364481caa30c", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647907234, "uuid": "511d1e12-1dfb-4fda-abaf-98b6c8bc369a", "comment": "Malware payload (Heodo)", "value": "501409ff9ba9904ff82b74468291d6ae8be4df2b77991679fce5f031bc599e92", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647907234, "uuid": "61972f89-0c8f-4e03-aef9-95e1a303e42f", "comment": "Malware payload (Heodo)", "value": "257e0561e36c6c5f417a0277410b502155527047", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647907234, "uuid": "edeaa6d8-812e-4961-8bd1-4ceddebfb424", "comment": "Malware payload (Heodo)", "value": "2b962f47435186af3a01f136a65b4b47d1398cac62d598c5d957b34c02a67d4276409f194d1c6a6b809458e9fc339e97", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647907234, "uuid": "b7e5f271-ab1c-40ef-ac7a-aed74e9ea7a0", "value": "T111B43A11BC916832C36FAC7456073262588EE7F0DBD1F26FA3E0495C9A7C5E36624BC6", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647907234, "uuid": "ebf9edcf-0163-426f-915e-c25a8621f9a1", "value": "14e6ae8d1400b6271725b3f01025b85e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647907234, "uuid": "1015d3f0-f90e-4d67-8de0-9d82c2daef52", "value": "6144:VikzyaB9eoCyx/mEhHB5RYSJ/xU+qiCjzQNPj79GkqbscgCG5qH6scI:VNnCGmyHB5SSJp30zQN39GkUGQSI", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647907234, "uuid": "3981dc2b-30b5-46d3-90b5-06d58ea5cda7", "value": 505856, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647907234, "uuid": "616268be-cd77-4293-bf15-5c4ca4e03e8e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647907234, "uuid": "d85cc1cb-1793-470d-bf2f-5abaf9da4d8a", "value": "emotet_exe_e5_501409ff9ba9904ff82b74468291d6ae8be4df2b77991679fce5f031bc599e92_2022-03-22__000026.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "19c997db-a973-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647907236, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647907236, "uuid": "13cff865-a26d-4281-85ae-ca258184bbe4", "comment": "Malware payload (Heodo)", "value": "f9754672ce167eace0f9bd1920e48230", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647907236, "uuid": "e6725e43-b541-4981-a61f-02fb7e82b7cc", "comment": "Malware payload (Heodo)", "value": "50149b293640201ccdb2318ee28c7d19b94671895906e6eac3b49971a87d37a9", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647907236, "uuid": "909dcfb4-1468-45eb-b68f-d3b084bd8567", "comment": "Malware payload (Heodo)", "value": "ced8a214f08b372813662703fa30855afb10ec61", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647907236, "uuid": "31196247-cbb2-4962-b089-878cc366fac4", "comment": "Malware payload (Heodo)", "value": "50f3fa9bb96245aaff9aacb9ec53d48b80e1b1f9a4b448344b8a7dad2caea124f48012bb6b7d86ca6eb4d494c1ec2e66", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647907236, "uuid": "51461f0d-f39f-4e90-8fd3-2b9af4a2d684", "value": "T102B43A11BC916832C36FAC7456073262588EE7F0DBD1F26FA3E0495C9A7C5E36624BC6", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647907236, "uuid": "8b7266b1-bf7c-4055-8768-3eaaec1d645c", "value": "14e6ae8d1400b6271725b3f01025b85e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647907236, "uuid": "66532f86-0a26-40a1-914c-b8529c2dfe0a", "value": "6144:VikzyaB9eoCyx/mEhHB5RYSJ/xP+qiCjzQNPj79GkqbscgCG5qH6scI:VNnCGmyHB5SSJpi0zQN39GkUGQSI", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647907236, "uuid": "56e3112d-ac7f-451f-9942-4e04b050a652", "value": 505856, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647907236, "uuid": "7d3c00ae-92f6-4c17-97ca-4c77b88d9a26", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647907236, "uuid": "22527b91-9e97-4ae8-959d-eee4c65ce157", "value": "emotet_exe_e5_50149b293640201ccdb2318ee28c7d19b94671895906e6eac3b49971a87d37a9_2022-03-22__000028.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "872a55cd-aa3b-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1647993318, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647993318, "uuid": "de70ef4b-e7e7-4811-887c-8bdcc059cefd", "comment": "Malware payload (Mirai)", "value": "762f15a1f9447b6f2b9f73fc934f34f4", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647993318, "uuid": "c55d0ffb-52d4-4162-8ad1-6f88ee3032d3", "comment": "Malware payload (Mirai)", "value": "50db0971dc8d7a6a3a68b2d83357d570764a962eb368cfb394e41cd9f5dc2176", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647993318, "uuid": "bf63f56a-4ee8-4a8f-960e-a8caece0b897", "comment": "Malware payload (Mirai)", "value": "29643a290073e7bc6d6fa812c327b4ba4a22380c", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647993318, "uuid": "22798d22-c6b7-4546-8a46-a15674454b09", "comment": "Malware payload (Mirai)", "value": "709d2ba3d19cf918fbed069bf07ff697adb90f7d5991b69eca23a80a233a2226eda24ab5ada86889c0f6dec32d1441d3", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647993318, "uuid": "49e22862-e36f-47d1-a827-13498a701f6b", "value": "T1F1333BD6B902AD7CF98BE67E80270E0AB53123541053073777EBFC937E321949956E46", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647993318, "uuid": "88670b33-5b04-4b85-8df4-09547dd5e4f3", "value": "768:8CeKEfhe5Xdrben4I1fN5KQnaodgFHx+iPuvWeffpqmUJT6r6Lu380D8:dsfIBZeXl5nKFx+imvppqmUJQ6Lc8Z", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647993318, "uuid": "d5cb7b99-9b0f-4050-bffd-48d955dbdf16", "value": 53052, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647993318, "uuid": "863ec2b1-caf2-41af-9454-916e1c9dc3e5", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647993318, "uuid": "69dda6e7-45d0-4e81-81ab-cdf9e2d1b069", "value": "762f15a1f9447b6f2b9f73fc934f34f4", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "caa97d0a-a9e9-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647958213, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958213, "uuid": "f3c21900-bcd0-4c44-ac91-8a0e581d9aeb", "comment": "Malware payload (Heodo)", "value": "60c34d8cb442956961562ef929414102", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958213, "uuid": "09ef8d75-7bc7-4706-b2d4-095b8dc99848", "comment": "Malware payload (Heodo)", "value": "50f9fc03713699145d255a8dcdb3de9e0fa8a1b0758845eebc1e10627653e674", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958213, "uuid": "ed50a770-5097-4d41-8ef7-b26633ef4ee6", "comment": "Malware payload (Heodo)", "value": "0fabaf625600ef4ad19c64b79c4e8415a97562a5", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958213, "uuid": "116cf90a-3772-4ade-8d6a-2ca4f5c59d26", "comment": "Malware payload (Heodo)", "value": "21f66ff3d503e0a277725786ec838ad3d43ddefef6e0013a2e1c76480787f015d9e02f2e8f9a76c924b06419d3de5554", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958213, "uuid": "5f97f8e6-4c4c-4f3a-91fe-c8c6c96fd06b", "value": "T1B2059C596B46C0F2C3B53CF0182A42B11D9AFAF2C7B7023B9E84167D9A70DC17768D5A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958213, "uuid": "d488bf54-9210-4021-b907-fe1e69f0e2c5", "value": "cd97bd977cef263c697f451ae2c47380", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958213, "uuid": "051b0c7b-fa2c-41c7-ac36-a25c85448926", "value": "12288:V20BXOMcVzpWfmmnDDxX5P8fMYsvFE6NKGfLjx8QvbxafqNPOd4jy:V9XOMc1KmmDdX6svFEDGloyNPOO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647958213, "uuid": "ffb76a2d-d9ac-4f07-ac1d-18e150ed9bba", "value": 799232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647958213, "uuid": "1d7dff1e-fa96-4ca8-8d3d-bec6b761ac91", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958213, "uuid": "5c28ba01-fed4-4ed8-bf19-209a12c73a00", "value": "50f9fc03713699145d255a8dcdb3de9e0fa8a1b0758845eebc1e10627653e674", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "93355af6-a9e3-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647955543, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955543, "uuid": "7ebd93ed-e04c-49f2-a604-9c4429369bc5", "comment": "Malware payload (Heodo)", "value": "04e79b19aa66b8c44e8248c48c2d5315", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955543, "uuid": "0b275bd5-3be5-4cdb-96d0-bd219ca5660e", "comment": "Malware payload (Heodo)", "value": "510d698e33e5206bd4a40ae05036e48a540d2f60cff2b32a6b085f951379983e", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955543, "uuid": "2c9089f9-906d-4672-93b8-7e0b62ab73b5", "comment": "Malware payload (Heodo)", "value": "fb1837879acd6d2782321b1ad442962762c3a36c", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955543, "uuid": "f5a584bb-7db9-4f56-bdbb-e0d3a483d432", "comment": "Malware payload (Heodo)", "value": "5991c4792eadf941a32d7c6460bb7e84a6b609e2f5f202705b2fd43519afc08b05c4fcbe5aa2764ea1b4c3a6879bd12b", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955543, "uuid": "7c2cbb4b-9dd1-4804-9988-23ccf5d6f55d", "value": "T16FD46B03BFD3F0F6C12F0F394505D608989A7EC6A62A45A3539C6B9FEE670138D36652", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955543, "uuid": "f9ec2414-494d-4f62-887a-2d86e7ad1c3c", "value": "987fe31a9a4cd6eac4ce656a05c3724c", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955543, "uuid": "3a6c5e9a-379e-492b-9d4c-b456ce04efaa", "value": "12288:QXvRLpX4HMAus65rExMxWXb6Sw5BxfmRgnI:Q/Rt4HMA+rEx2BlmeI", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647955543, "uuid": "bf953143-6da1-4352-a165-d82237c214c5", "value": 614400, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647955543, "uuid": "525ba478-10f9-42c3-bac2-db98f4647854", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955543, "uuid": "176c1e6f-5969-41a8-b005-ed269b7fbc27", "value": "510d698e33e5206bd4a40ae05036e48a540d2f60cff2b32a6b085f951379983e", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a3033dfb-a97c-11ec-9275-42010a9c0029", "comment": "Malware payload (RedLineStealer)", "timestamp": 1647911331, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647911331, "uuid": "721f2263-4add-460c-b2bc-267e338374b4", "comment": "Malware payload (RedLineStealer)", "value": "6ba2aac1b4bb0e6b3eb9dcae170bc6e5", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647911331, "uuid": "49806219-91de-4921-9ba8-67a487b09724", "comment": "Malware payload (RedLineStealer)", "value": "51185bc94294919e675bafb6dd4c7e592ffdb258e92c77cd6c00a0c606f67d1a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647911331, "uuid": "755148ab-eafd-412d-b8e1-40c5abea7ae3", "comment": "Malware payload (RedLineStealer)", "value": "e386731d58e6b33db51085d2b248624e58ea2251", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647911331, "uuid": "61f863d8-ba06-4aa3-a3b1-fee1793ff8b5", "comment": "Malware payload (RedLineStealer)", "value": "9cedf93fc2de5d92d536f61128ef6153172341c5852daf7f9fb41a424b3c5aff0cdeaa6e4354b36f3d118c58bf020dd0", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647911331, "uuid": "77a449f7-2bc9-4cb8-97af-4eecc70a1cc2", "value": "T12F3633FC9DB0FC9CD64B9772589620166A672EA86457FE03C60C7353FF85801886ADDC", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647911331, "uuid": "342eaf96-3c57-4dbe-9926-a4a6cdf365db", "value": "fddc083fa31a17c938d0a17ec7cd3025", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647911331, "uuid": "0bdbf8d3-7df2-4e3a-a72e-c72a4e18dde9", "value": "98304:9F5pvwyzvz8NP8daqSUHFMeezcGSMIf2NFTs8fVRDlBsYjZWshbdz5:35twgvdrHFMJzcGE+b9RZBsEWcbdz5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647911331, "uuid": "b672d7df-ca14-4e56-b7d2-bbbb34351c47", "value": 4904960, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647911331, "uuid": "77347fec-167c-4ef0-9e61-06f29a80b89d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647911331, "uuid": "7a49e958-e82f-455c-8b4c-ef0bbeba1c75", "value": "39322519.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "170b21c4-a9ea-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647958341, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958341, "uuid": "a8ab0361-915e-47f2-84d5-685a20c9a99d", "comment": "Malware payload (Heodo)", "value": "41cca88adcdac9f2af697d059479ede3", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958341, "uuid": "deee53c6-8c83-4768-8b38-bbef9f86f940", "comment": "Malware payload (Heodo)", "value": "515f7415cf4af0b953706f24d7f4d32e406f56508eadb8c551dcfa31d635007a", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958341, "uuid": "d0bea6b1-558c-46db-be43-8f2c365d0dfe", "comment": "Malware payload (Heodo)", "value": "0a591a31861f877f045f4a4b112c2afa3debb5d4", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958341, "uuid": "7268691b-ab40-4fb8-9af3-05231a45762c", "comment": "Malware payload (Heodo)", "value": "80d88cbf9ebe8679df3881bb224baa8274f2a24e53895fbe51dca89722bb4fb21b9c0964740c6d0e184992a69bccf1bb", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958341, "uuid": "7ccde71c-c7db-40b1-93e0-b53c4850a5d5", "value": "T168059C596B46C0F2C3B53CF0182A42B11D9AFAF2C7B7023B9E84167D9A70DC17768D5A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958341, "uuid": "657e3e81-5b84-4a9c-b168-dd45bf94d660", "value": "cd97bd977cef263c697f451ae2c47380", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958341, "uuid": "f73f7cdf-4513-4437-b363-0474b3a75980", "value": "12288:V20BXOMcVzpWfmmnDDqX5P8fMYsvFE6NKGfLjx8QvbxafqNPOd4jy:V9XOMc1KmmD2X6svFEDGloyNPOO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647958341, "uuid": "e3ab4eac-cbc0-4c74-be39-ee98ea3ca0c6", "value": 799232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647958341, "uuid": "d9a2ba55-d59c-4774-b7cd-94c83e05a4b9", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958341, "uuid": "dbaedbb9-8bc7-435f-8f4d-27f89c186f5f", "value": "515f7415cf4af0b953706f24d7f4d32e406f56508eadb8c551dcfa31d635007a", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "86b32371-a9e1-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647954663, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954663, "uuid": "b24afe2e-d3b3-402d-8297-0bdcea6e6d3f", "comment": "Malware payload (Heodo)", "value": "00486cd90d656b3234c8ed8c120f4f53", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954663, "uuid": "7546fb3f-cdc0-49bc-a3d6-239fb3643be9", "comment": "Malware payload (Heodo)", "value": "5165564a0fbd53642229d116fb4a7ba5ccaf4db542596b308df6ede21e1f0b6b", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954663, "uuid": "62cedc10-aba8-49fa-8911-71dba1baba40", "comment": "Malware payload (Heodo)", "value": "6351cc6943e4ad7ca4ad44a0b6141b53856e9468", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954663, "uuid": "41dae466-ae00-4939-8283-af8e4ddcf0ca", "comment": "Malware payload (Heodo)", "value": "f1da118509e38baba2640f39dbe8a918b6d335e5fd39516b5236774fb3e8bc7ef0062defa28d6dc2a1a91924eec00d74", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954663, "uuid": "c53e6b27-d9db-4a1f-9cdf-6d5aa08795ea", "value": "T13BB46B992251F077D11B503D0BCC2AAD7DEB88F09A6DF27FD2A3558D0F31190A62D993", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954663, "uuid": "a36e2569-217b-4856-bc28-0a1fea01eaf8", "value": "42fe0d732d1bb90c6a7a1bcfb8ef88aa", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954663, "uuid": "9d9fa8f6-73c9-412b-bc4d-15ee071d85f7", "value": "6144:cH4C1DzgG1GCQw2HOOnPE10JQNqotvrC4cHV9jp6YagzSAIVCL4Ry:cYC14G1GUgOOs14Qkotm1xpdIVCLqy", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647954663, "uuid": "95aceec0-eb71-467a-ac9f-9d42a4d272fc", "value": 528384, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647954663, "uuid": "ac60daef-05b5-4703-844f-57d9c10361d5", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954663, "uuid": "74f2e444-47ad-49f6-850d-cfc6ece511e5", "value": "5165564a0fbd53642229d116fb4a7ba5ccaf4db542596b308df6ede21e1f0b6b", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6dcbd86b-a9ea-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647958487, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958487, "uuid": "f04302d6-04db-42cb-bc25-7b587f31af25", "comment": "Malware payload (Heodo)", "value": "da231146b153493cd57b331091fbb4ac", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958487, "uuid": "08afce70-68fc-4d32-9402-1016f29d1387", "comment": "Malware payload (Heodo)", "value": "51711dbf2671152dfabf81198261d57d263d39d7d35a5e1fd7d4b1a3246ea78b", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958487, "uuid": "45039357-4aa1-44cf-a549-fc8a90b08d9f", "comment": "Malware payload (Heodo)", "value": "f168a49de06b6940b9e4afbef09a4418b33881a2", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958487, "uuid": "947562d9-fa80-4c4d-8e33-d1e1bf628536", "comment": "Malware payload (Heodo)", "value": "1e79d61e82c6040e01f22474a35cf137b237283ece1d7546f4fd5c9278d05e6fb46293b5e69bc32f458068ef77bafb0d", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958487, "uuid": "ea8c6eed-4066-4e8a-8c25-5053a0ebc923", "value": "T198059C596B46C0F2C3B53CF0182A42B11D9AFAF2C7B7023B9E84167D9A70DC17768D5A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958487, "uuid": "0d1f75eb-24d9-4bb4-9d44-f01f917f0671", "value": "cd97bd977cef263c697f451ae2c47380", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958487, "uuid": "04ddc9b0-ef23-42a0-988a-018a9c397446", "value": "12288:V20BXOMcVzpWfmmnDD9X5P8fMYsvFE6NKGfLjx8QvbxafqNPOd4jy:V9XOMc1KmmDZX6svFEDGloyNPOO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647958487, "uuid": "2b88ebf8-4512-4517-881b-21a83e3d6aad", "value": 799232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647958487, "uuid": "78442087-1136-432e-8b08-f634a9f81ec5", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958487, "uuid": "2354369d-5416-4b5b-b00d-fdf9883d56dc", "value": "51711dbf2671152dfabf81198261d57d263d39d7d35a5e1fd7d4b1a3246ea78b", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2bb3fad0-a99f-11ec-9275-42010a9c0029", "comment": "Malware payload (DCRat)", "timestamp": 1647926163, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647926163, "uuid": "5d7ecd59-7a71-4d29-a0c0-1b0f7310b8d6", "comment": "Malware payload (DCRat)", "value": "ac87026a8b8960a97da254a7b533483f", "object_relation": "md5", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647926163, "uuid": "69bdea76-92a0-4bbf-88af-bb4555892136", "comment": "Malware payload (DCRat)", "value": "517d19cf4dc8b14dcec001fc8b023fa2fe6306bf90e6ae62251b1e8358c1069f", "object_relation": "sha256", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647926163, "uuid": "8193c42b-357f-4760-8863-c6ae3411bb82", "comment": "Malware payload (DCRat)", "value": "79392704e4a3687b0e9526abf05ac9a623a9bc33", "object_relation": "sha1", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647926163, "uuid": "cbff0410-6ef5-4a21-b650-ddbc3e1d9b45", "comment": "Malware payload (DCRat)", "value": "3b64f2333ed86b41ec643259773b7cf19e9220a9e3dc5d869195cf7e16316e25f79baab215beacaee82a08881e82ea19", "object_relation": "sha3-384", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647926163, "uuid": "6f8e6ba3-03f4-4a4d-aef2-e5e6f05e8cca", "value": "T13BC523A2ABA563B3E0A7733138D873693BF9A52A4B0341F7934181267DB03D175BD607", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647926163, "uuid": "cb21ac58-f04e-4f02-9b6e-63e1a3acdc24", "value": "40e5756c30e8a97a052538422b8f4b5d", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647926163, "uuid": "fa110f59-ae9c-4ec1-a267-e42b60f86a2a", "value": "49152:C4lcaYsZHJ5GidapHgoYSRRfMg6GIroX7Z+dlpu4GekxT:C4SaYsZpVmHgjSRh6N27Z+dlpu46l", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647926163, "uuid": "aa476d70-f78e-49b0-a383-5eabef2cb1d6", "value": 2672792, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647926163, "uuid": "cad8d8f2-7686-4d41-9779-54cf39567fa5", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647926163, "uuid": "45b4d836-1fce-4b00-8d03-c7471f39e9f1", "value": "47576800.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "01bd40e1-aa04-11ec-9275-42010a9c0029", "comment": "Malware payload (AgentTesla)", "timestamp": 1647969472, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647969472, "uuid": "95cd5baf-649c-4bba-ad7a-335f7fdb16a0", "comment": "Malware payload (AgentTesla)", "value": "8b8aaa0c4057179439d7adee444f2794", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647969472, "uuid": "c819c56f-74a7-4a8f-9188-07127a7b45ed", "comment": "Malware payload (AgentTesla)", "value": "519caa11138d26de8aeec106a6136367de477731b46457bef2b230ad968fff4c", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647969472, "uuid": "86714362-8edf-4133-9b92-12013baebd7e", "comment": "Malware payload (AgentTesla)", "value": "2ac8d6178861f55cfc8724e786a97875190ec00e", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647969472, "uuid": "6970fbc0-649f-47fa-b490-bda21166817a", "comment": "Malware payload (AgentTesla)", "value": "14080f16202025cdb36f4af51daa773d6432c618c51535a55bcf12b82f2ae35459fd0db82edb0ac3a1fa0057d29a43c9", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647969472, "uuid": "71cc6013-c784-4c9b-a7d2-9c0e26d64c8d", "value": "T18925230576E6C9B2C1594E3488B157912278CF7A6D2BEB5D68C0373A014E3CDBB12EE7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647969472, "uuid": "53e7b0d7-84f1-4de7-9e46-7d06b9141a25", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647969472, "uuid": "269c5aee-3533-490f-8dbf-876dc96f5ebe", "value": "24576:sohCZ4gQxv6UgmKjUHnkFktLjznPZx7Z9G:sohAwv6UgmKYHnTlPL", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647969472, "uuid": "b9750b9d-f44c-49be-9015-3ec9a5f4c213", "value": 1030656, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647969472, "uuid": "60c18aca-9f41-44fd-8bb3-9a203c904dea", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647969472, "uuid": "7e0d0cb6-dffc-4be9-805d-a70d0f79b428", "value": "Due Invoicve-pdf-.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cd7c0fbb-a9e9-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647958218, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958218, "uuid": "c1f93ad3-aec2-4425-b48b-5691a9234707", "comment": "Malware payload (Heodo)", "value": "659d2f33c17cc8ce294a4591879ac966", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958218, "uuid": "4aa55bb5-694a-4062-9ab6-a351b261eccd", "comment": "Malware payload (Heodo)", "value": "51c3ee077a64f52b7e29431b94a92363a252e8d39943f0b346e5042f2bff6881", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958218, "uuid": "ca55647a-020a-4dce-960d-a1d01bc526fd", "comment": "Malware payload (Heodo)", "value": "cdeb64cbf666c8105c0ba9f6febd54a245656da6", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958218, "uuid": "a756c2be-428b-43c7-83f2-40a180dc0db2", "comment": "Malware payload (Heodo)", "value": "c53ff118aebb7d44dc98384045bdb0849975d6347d00f4879c100fe63c6c61bb06613c9b26d772ea9bf28d425fee0a19", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958218, "uuid": "e6c23f5a-ded7-40c3-a1f1-b6c70ddd3b26", "value": "T19C059C596B46C0F2C3B53CF0182A42B11D9AFAF2C7B7023B9E84167D9A70DC17768D5A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958218, "uuid": "17d891e8-b480-4c79-b5ea-8d1c2debe778", "value": "cd97bd977cef263c697f451ae2c47380", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958218, "uuid": "c95b4180-9b39-49f7-bc78-b3d25034371e", "value": "12288:V20BXOMcVzpWfmmnDD1X5P8fMYsvFE6NKGfLjx8QvbxafqNPOd4jy:V9XOMc1KmmDhX6svFEDGloyNPOO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647958218, "uuid": "987fe236-e5f5-4621-8c8e-fa04fe745a13", "value": 799232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647958218, "uuid": "65d7e2bd-427e-49b0-b95c-1fb5300e1db5", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958218, "uuid": "a83917dc-ddbc-421c-89a7-4bd09da7cda6", "value": "51c3ee077a64f52b7e29431b94a92363a252e8d39943f0b346e5042f2bff6881", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ee4b7334-aa27-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647984902, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647984902, "uuid": "7ba98f3a-f3a5-4411-80cd-603a00d79e2b", "comment": "Malware payload (Heodo)", "value": "7efdeff79bd2c284633d7a41b4444092", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647984902, "uuid": "5bde18fa-c823-4638-86ea-cd5e35a2c4b5", "comment": "Malware payload (Heodo)", "value": "51d00373d1b092fd5023eaa4a832123a1ffc864b6ec88c1aaf63a28416a7fc4e", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647984902, "uuid": "56460d99-b825-4179-9389-4046c6993664", "comment": "Malware payload (Heodo)", "value": "f432ec36dfa7cccbfa9df3f9c240d0794fab486e", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647984902, "uuid": "3e0478d1-31d1-4d44-8a31-2a04e6b3e9de", "comment": "Malware payload (Heodo)", "value": "f220e193a3f0bec128050579afa5cb6a610a5196a414d3eb89da734893074cacc975a17c9d9525ee7d5e155b48ff5cd9", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647984902, "uuid": "7c6420da-a023-4a2e-806a-35abe1485a1b", "value": "T15A055B3374C18EF5F03A533A44317F7A6397BAA05721CA9F16F3899D29F68829817247", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647984902, "uuid": "eca52bc1-a4dd-416f-96af-33caa5088075", "value": "7be7abf9e13a5f5d55afab99418ceec4", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647984902, "uuid": "26067673-1ac9-4753-8df1-d3e36b759c6e", "value": "12288:Zal2M0pY+qQXOS1jMBisrzhD2vIIvvX8DTC+K8YrA:ZaOY+4eMbhSFvED2+K8YrA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647984902, "uuid": "2850cc87-85a9-46c2-84fc-ae6e3ec714f8", "value": 827392, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647984902, "uuid": "20d2d6d6-60c3-4774-ba38-116dd99b6ed8", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647984902, "uuid": "70cdaabd-2f1b-472f-ab23-86875243d0ad", "value": "7efdeff79bd2c284633d7a41b4444092", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8c75adf1-a9db-11ec-9275-42010a9c0029", "comment": "Malware payload (LimeRAT)", "timestamp": 1647952096, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647952096, "uuid": "9989456d-f676-49a0-b03b-ba04c20ab5e1", "comment": "Malware payload (LimeRAT)", "value": "5f58955c98e1a5543d2cd562eb5dd740", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LimeRAT", "colour": "#53EF89", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647952096, "uuid": "735df7bb-3438-4e4c-b684-60cc0d2361c7", "comment": "Malware payload (LimeRAT)", "value": "51df32383d9f848069f3040408eacf8ed585ec801a9e1473b2dde3a97de3ad96", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LimeRAT", "colour": "#53EF89", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647952096, "uuid": "19bc6ff6-9bee-4a0e-94d8-efde4362230e", "comment": "Malware payload (LimeRAT)", "value": "221f74b5ca434b0f2f80fedf9a34e45cb6c1820d", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LimeRAT", "colour": "#53EF89", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647952096, "uuid": "1fca056c-60f7-44a8-8ec2-df1d87532819", "comment": "Malware payload (LimeRAT)", "value": "0794be37af6a044d350dd48894dce664790870f22254bce327c7682a990e2be985fbfadcfdf016d835e77ba796d26645", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LimeRAT", "colour": "#53EF89", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647952096, "uuid": "71e2a38a-da19-4c37-830b-16891084932f", "value": "T1D1F51202BB998992DBCC4735C0CF0E2017E19F958AB6C75E7E9D92C24713356A91F2CE", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647952096, "uuid": "aa42dcbb-a640-498f-9b4c-350bfb4cb89b", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647952096, "uuid": "ba18c16c-2ae8-4d88-8998-a8889c5b7f6f", "value": "49152:Vze5e4QheyRNtOAs+EXwVMS5MPr/bVTNM6G+/w2Ea4BV:Vzx", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647952096, "uuid": "0d4cafa9-6cc4-40c5-8722-b0115a5f80ea", "value": 3411456, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647952096, "uuid": "803a0626-217b-4599-9a6b-71cece6d562d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647952096, "uuid": "0124fb63-ef0c-4074-b997-a173d0c1e6d8", "value": "5f.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1ead9d9a-aa15-11ec-9275-42010a9c0029", "comment": "Malware payload (RedLineStealer)", "timestamp": 1647976822, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647976822, "uuid": "e3902a7b-6397-4370-b7b7-5fc330444519", "comment": "Malware payload (RedLineStealer)", "value": "d1835c84efc19abc74d835be3b52c0c4", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647976822, "uuid": "29e249a7-f036-420d-985d-4d9d56837863", "comment": "Malware payload (RedLineStealer)", "value": "520a5350f4d7ddae3e42956fd8481d73d0c68237f65c6d271cb47ea686898084", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647976822, "uuid": "529e4de3-61d3-4b02-9425-ef1b1284e5ab", "comment": "Malware payload (RedLineStealer)", "value": "43e4fb3fb40a5e32c612c1b1e696b84b99d2d0e3", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647976822, "uuid": "836ef1a8-ebaa-48ae-b552-f61f8a0fd05c", "comment": "Malware payload (RedLineStealer)", "value": "23c9bbc909ae3012ad38a36131f441e138c21fccca2b447a78a39cb557fb122bae8f2e1bfe82c17b801d31423633c23a", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647976822, "uuid": "b33ea5b8-a016-465e-afca-2ab591b268e3", "value": "T1883633549D08EFCCC8EB5B32B1336917267961EC45D3ABC588FDDCD0EA512E186CA1CA", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647976822, "uuid": "3820cfbd-2a87-4ffe-9199-3bf2020777ff", "value": "fddc083fa31a17c938d0a17ec7cd3025", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647976822, "uuid": "f8d34351-fb61-48e3-860a-04b2671ca015", "value": "98304:YxwOmxNonZlkWzXrkoaUbouj+6+I1x2haFArmbA1Lwuqu1nSuwr9o:YxNmnonZaWzbkoDs0+nIW4Pb4cuqYsRo", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647976822, "uuid": "fdf745cb-5dbb-4518-b2fc-63b3d490cb63", "value": 4884272, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647976822, "uuid": "119152f5-a74d-4353-a6d0-e68e20527711", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647976822, "uuid": "bc555ade-711f-4146-a1d3-405c4adf1e51", "value": "54504534.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "29d6aff5-a9ed-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1647959661, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959661, "uuid": "70c135ff-a283-43a5-a9d2-e24cf0efb991", "comment": "Malware payload", "value": "b6ef1600c1679a99f6c215ac35e0714e", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959661, "uuid": "6af45ba4-8273-4078-a90a-c79038f137ca", "comment": "Malware payload", "value": "526913460335455449dfbca9a9c218e54e95bf7ca3f496e4a605f9304e211ec2", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959661, "uuid": "2568f010-1034-476f-a9c8-dffad5c55615", "comment": "Malware payload", "value": "c2164af4f5ff61e75fa4b183f82a93136fcd79f6", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959661, "uuid": "5db7c67a-399d-4e75-95ec-7cc045689556", "comment": "Malware payload", "value": "8fa2139f15d20cb073014e6a3b423f8b18518af0574416abe8c48cc120f72f090d059cee01cbd50c8dce4b3b3694d871", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959661, "uuid": "040fef12-5ccb-45e3-a517-f8f8095b73cd", "value": "T142D4121671AC8C5CD6CB22701F6FDC966FF4EC64DC26166E1542363CA480FA43B26BB6", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959661, "uuid": "56696cdf-e94d-4308-b479-bd90aa38fad4", "value": "514c554c4eccf8b5d18d8453867113c6", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959661, "uuid": "20c702d7-e7d9-456f-9634-c8df83aeee90", "value": "3072:cJ5EFKOO6OzSmxs8VHgXPc8XASOg17MTvuout0:PFKiOzC8VEXAouuoS", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647959661, "uuid": "65695e3f-6adf-44bd-91a0-b226daffcf29", "value": 634197, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647959661, "uuid": "9bf89628-dab2-4ce3-b19a-4ca1ee84a46a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959661, "uuid": "509b2174-3f6b-4426-a767-2eca2ab485d3", "value": "526913460335455449dfbca9a9c218e54e95bf7ca3f496e4a605f9304e211ec2", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "71dc6e0c-a9e0-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647954198, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954198, "uuid": "2f4e9e2e-31f1-413a-8bbf-ecb851c53ac3", "comment": "Malware payload (Heodo)", "value": "03c76c7159afb985cf499261ae026039", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954198, "uuid": "4f3da400-28f0-4adf-90b4-e2e6dada0445", "comment": "Malware payload (Heodo)", "value": "52ac35659df285a8cabe15cf1cc069cf2c39411b117562adf0b4a858e9c92c50", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954198, "uuid": "431598e6-424d-48ab-acf1-e3b622cf7869", "comment": "Malware payload (Heodo)", "value": "dced2e64c0670701185dc2104ae39d0ba128c6b3", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954198, "uuid": "d1edf6a1-b8c0-4410-8c2f-f6b70e3fb4ee", "comment": "Malware payload (Heodo)", "value": "39f02b5cb7988999753b09e95261ed3a43f734262f5bf17848566b112112e88d9ce5e94960bbd952fed9bbd7f6673369", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954198, "uuid": "0cbc2914-0d16-4ca5-9837-b937a54b6a39", "value": "T10925AE223AD5C07BE2AF16760506E76E62F5FD304B2586C36FD11BAE6E345C29739302", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954198, "uuid": "8ff7fbb9-5e99-4308-b310-b174a1a416ae", "value": "c43d7d6aae03def404d4e73d7d3f62eb", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954198, "uuid": "d30de15d-4f24-49fc-aaf3-b1b2c7d89732", "value": "12288:+LDlVD0Fj+g1dEJgcIzQHBKeWZlQ35tFjNRLU:Ci6fgcIcHB8ZobLU", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647954198, "uuid": "94d870d6-9ef4-4ddb-9130-4e1e90ea4967", "value": 1028096, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647954198, "uuid": "1a6a7cdf-3e74-424c-97eb-19f91d6b02be", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954198, "uuid": "72349dcb-14dc-46e8-b195-fc3c3f2ffe31", "value": "52ac35659df285a8cabe15cf1cc069cf2c39411b117562adf0b4a858e9c92c50", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "af6861a8-a9c3-11ec-9275-42010a9c0029", "comment": "Malware payload (GuLoader)", "timestamp": 1647941846, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647941846, "uuid": "5261fbdb-9a29-4636-8f7f-8854ecec718a", "comment": "Malware payload (GuLoader)", "value": "16a8dcf3352062fc3eb82eb3dc6051d7", "object_relation": "md5", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647941846, "uuid": "4bc53cda-c506-4185-a425-4bb9845c28fb", "comment": "Malware payload (GuLoader)", "value": "5320eda689a2d95c8cbc1d5973075f59f5975b9da02e38e69acb3f566190f4c5", "object_relation": "sha256", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647941846, "uuid": "47b7c70f-2020-416d-bd0d-7908eb039f71", "comment": "Malware payload (GuLoader)", "value": "0c082900af261528795a87475fa75947dd401521", "object_relation": "sha1", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647941846, "uuid": "b03887c2-c655-453c-9074-44c792dd2e33", "comment": "Malware payload (GuLoader)", "value": "f1fb3dbe21eb6286fe1655d69c97978dbc3c45e1d3d5e2732068a8f581c4459e99bad2c392f108ff68ebdcb1ca58bf53", "object_relation": "sha3-384", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647941846, "uuid": "ac6fc821-7f00-46cf-b21c-52514297a3a7", "value": "T1E4D31226365099C933043C6D5D8E87F0FE90C1714483EB446FA9CDDB98BBEA0A8997F4", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647941846, "uuid": "f960f946-b353-4150-b2c1-83bcfb1ded04", "value": "3072:vzv9Wa61jhS8LrGtbgnNy5TWDFGaXfu8E:ZWa63HatgU5jaXfuZ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647941846, "uuid": "5ac84a23-e67e-4123-a07c-c22ca66c672b", "value": 142077, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647941846, "uuid": "36c7f10e-3f1d-4810-868d-e09dc614450f", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647941846, "uuid": "7ee9626f-8c49-4de8-8753-52e5ed3ca7a5", "value": "bewijs van betaling 03222022.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cafde211-aa10-11ec-9275-42010a9c0029", "comment": "Malware payload (BazaLoader)", "timestamp": 1647974964, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647974964, "uuid": "03d51b69-ed54-4686-bc4f-e73ff628ac20", "comment": "Malware payload (BazaLoader)", "value": "d409f6684fb0faedab51b52f3bd4c194", "object_relation": "md5", "Tag": [ { "name": "BazaLoader", "colour": "#16B619", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647974964, "uuid": "58267a7f-e0f5-4e1e-8cf3-627d1e624f56", "comment": "Malware payload (BazaLoader)", "value": "534b5a7b9bf643dfa743c6e533d2275a48c3e926c69042e935f2674cc1222464", "object_relation": "sha256", "Tag": [ { "name": "BazaLoader", "colour": "#16B619", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647974964, "uuid": "2e65bda5-7f3c-4951-988e-2aab6ee5e624", "comment": "Malware payload (BazaLoader)", "value": "bfb48417936a883d42e7fdee24f28ea3d3071732", "object_relation": "sha1", "Tag": [ { "name": "BazaLoader", "colour": "#16B619", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647974964, "uuid": "08054338-7244-4a4b-9a30-7b0069ac2d4b", "comment": "Malware payload (BazaLoader)", "value": "9ac593a7c65810828a4321dd34075f57ea9c5b328c00badfdf7fc549753c979b68047c630e3ec3be4f9d93bb8bd905a2", "object_relation": "sha3-384", "Tag": [ { "name": "BazaLoader", "colour": "#16B619", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647974964, "uuid": "f1beb81e-7af6-4a34-a8dc-a1324eb03290", "value": "T176F4D06A66A837B4F0135474CD674A03CAB17C7127B191EB9793324B8D3ABE4173BB12", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647974964, "uuid": "65aa0f73-0148-4509-a224-20ab29b01429", "value": "64e5d7cce23479085f2b5c15b028487f", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647974964, "uuid": "d89100be-70a7-41fd-9b64-f95f8c8e9941", "value": "12288:jb2Z46I1dVNykv7csRVVPRWYco1fQTBYPjffcvAFF5tyS7HE:jb2o1dXykDrRbPRWPQfRPL0vAFN7HE", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647974964, "uuid": "65abe5c8-c03d-4804-b720-36b188e81efb", "value": 729170, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647974964, "uuid": "c20f7bba-665e-4fb5-8663-73c022d50a73", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647974964, "uuid": "bd90fc84-fe20-4296-801c-3880b374d5ac", "value": "d409f6684fb0faedab51b52f3bd4c194.dll", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4f228d2c-a9ea-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647958435, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958435, "uuid": "0e149613-cbf6-4162-9180-0ebcc00a1328", "comment": "Malware payload (Heodo)", "value": "2156e9a24321aeaea60b00df82d78ef0", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958435, "uuid": "a2c6ef58-ec4b-4192-9bcb-2d6cd2c79c4d", "comment": "Malware payload (Heodo)", "value": "5363e7f946bd57d428c568685a7e75af213f10766079aec91f0e4c0cc443fd1b", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958435, "uuid": "2c78f288-4996-4d2e-8b6e-c1f558bad4af", "comment": "Malware payload (Heodo)", "value": "fe5f54366a9a12981f3b8841ad3843897f12cb29", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958435, "uuid": "538dc72c-3338-42e9-ac29-f32a85b1f715", "comment": "Malware payload (Heodo)", "value": "2031e1e94f1bf884fe924848b99a6de03ad40c0362eea1549f1424b78b69e4661d738cb013531edddc6bd8e36d773e60", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958435, "uuid": "42faddf5-5f2d-4374-aa5a-25eb780eeb00", "value": "T1A7059C596B46C0F2C3B53CF0182A42B11D9AFAF2C7B7023B9E84167D9A70DC17768D5A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958435, "uuid": "3486e091-da22-4e83-8c23-fda5395a14b4", "value": "cd97bd977cef263c697f451ae2c47380", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958435, "uuid": "179297f9-b783-432b-8d69-8b58c2b333a2", "value": "12288:V20BXOMcVzpWfmmnDDlX5P8fMYsvFE6NKGfLjx8QvbxafqNPOd4jy:V9XOMc1KmmDhX6svFEDGloyNPOO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647958435, "uuid": "8d90b201-6c40-4aa2-963a-aada52671b57", "value": 799232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647958435, "uuid": "e3f50429-a13f-4b9b-877f-2e51d6335faa", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958435, "uuid": "62f333f1-3d3b-4d90-b874-c24c4b589df6", "value": "5363e7f946bd57d428c568685a7e75af213f10766079aec91f0e4c0cc443fd1b", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "88e0d69e-a9ed-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647959821, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959821, "uuid": "0c6ad500-bf3f-452c-b7dc-eb9c25f466c1", "comment": "Malware payload (Heodo)", "value": "28b0495819a9dab6837aa5096bf1ccf4", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959821, "uuid": "d89e6b9b-d512-4c69-b32d-3622c1529181", "comment": "Malware payload (Heodo)", "value": "53d6bbf007157984f6f3b6f8780d2cb4dad77ed592f61b2a74ae325f660fe398", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959821, "uuid": "c41b9599-8d56-4196-9d05-36a290f14f48", "comment": "Malware payload (Heodo)", "value": "506c7b3172dd96f107d34d7e2908c434ff449528", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959821, "uuid": "1de6dc72-514a-4260-8e03-c754026bf5ae", "comment": "Malware payload (Heodo)", "value": "612f511a129b8809054c9b262bfeea2005e162a02622886f49636c9384ad76fce5ab9b587d23219a2c1fbd070724669f", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959821, "uuid": "ad12e0eb-5580-4cee-b09e-306173d19284", "value": "T1D4B4194F1E989172F0CF28776C22FB65F1EBB8009319B8116EA81B4CFB25B715961D4E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959821, "uuid": "4cb0ef54-29e0-401f-9a87-1822a3e7adbc", "value": "ea66334e3c2bfce2838f2a75dde8dc63", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959821, "uuid": "57c582fa-24d3-4612-9ec6-1015b637154e", "value": "6144:8JZToYE666spbEgoZhZO1tEI+rB7FNXtwN2B5mq8dbSNQ7dqNThMx:8v/goZoQlF/wN2PmBzdqNTWx", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647959821, "uuid": "3304632a-6078-4d90-9ee8-f2112e70e568", "value": 516096, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647959821, "uuid": "04892fce-90a0-4f58-a708-a82013a5f292", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959821, "uuid": "6ce99b03-7e96-4ec1-931f-cdce9874cf13", "value": "53d6bbf007157984f6f3b6f8780d2cb4dad77ed592f61b2a74ae325f660fe398", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e55dcc0e-a9e2-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647955251, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955251, "uuid": "f0f650e6-87f3-485b-852d-0c40da4d58cd", "comment": "Malware payload (Heodo)", "value": "21f6d0a6650dc2ee935b9dd9dcdd8e43", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955251, "uuid": "2802fc2a-9f06-4403-a5ee-1060288d2efc", "comment": "Malware payload (Heodo)", "value": "545c718d79b788e80339a861f4875f7f33aeb984cb753221304d1a5a58084cb5", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955251, "uuid": "609220fa-b0fa-44a6-afab-4435c39a42b0", "comment": "Malware payload (Heodo)", "value": "49fc7b1ab645da246862f2ddf38917335ee418ab", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955251, "uuid": "ad2c4c33-7724-4189-836d-0717bfc89b59", "comment": "Malware payload (Heodo)", "value": "e79a8d6cd872e7387871f5e7f3e14ec3de023d37f37deed6a404d1320a9c85cb9b8903de7592c473336a444e447361c7", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955251, "uuid": "caf9833d-b86e-4fc4-8ac2-e48c09a8ef1c", "value": "T1A0D41950735AE1B7D0429CB58D1A82B5A90F6CA14A2471F3BBDE371DEB789B017213CB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955251, "uuid": "a872b0ab-fd8d-4ffc-8e99-7c4db28dfd22", "value": "463401f61c44b0d918f1e23374db995b", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955251, "uuid": "40a999b2-92e1-4949-99a3-11d16eaabccf", "value": "12288:DjN/Z2wkRrA9CRDC8ElAjHDsndSyHOrNvEP0Oua:dEHR+CRIyfsMyHOpJL", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647955251, "uuid": "b74294a1-d88a-41b3-b881-0f969861d89a", "value": 613888, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647955251, "uuid": "39d6d9c8-8571-4ccb-8b07-d6c0c3f90637", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955251, "uuid": "848882c5-a926-4bb6-898e-5750207833da", "value": "545c718d79b788e80339a861f4875f7f33aeb984cb753221304d1a5a58084cb5", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "dacc1b12-aa27-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647984869, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647984869, "uuid": "e14e33f4-37b7-49d1-a758-bb31bb82d9f8", "comment": "Malware payload (Heodo)", "value": "e2e5f7a89c7c6b45c41ee40d287a15d4", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647984869, "uuid": "fdd4be1d-b0f2-4d9e-9752-0c94d47230d6", "comment": "Malware payload (Heodo)", "value": "54f885552c407fe708cfaaeca132183f298ebc51be6a7686957162ba82d162f9", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647984869, "uuid": "d8515c8d-b312-4bc3-bce5-9c8ce6c49f15", "comment": "Malware payload (Heodo)", "value": "236d50179c108a7c82ecdd31e5c62ebc468e328a", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647984869, "uuid": "83f470a4-df3e-4f94-a2e0-67a8c48b564e", "comment": "Malware payload (Heodo)", "value": "5c74394f1d2ef4c20668db6426bc5dd8bea120a684af1fc5e75d22cb9fdeb4a1b8b53facb28509368f2c805e1198bda1", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647984869, "uuid": "1bcd1efa-af64-4c0e-a0ea-8d9bbdcb7d1e", "value": "T127055B3374C18EF5F03A533A44317F7A6397BAA05721CA9F16F3899D29F68829817247", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647984869, "uuid": "9262c89b-bc73-49ea-a7a3-89ce97cfbd20", "value": "7be7abf9e13a5f5d55afab99418ceec4", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647984869, "uuid": "3096d76d-8a51-43c6-a5f9-4e76dfc1e6ef", "value": "12288:Zal2M0pY+qQXOS1jMB+srzhD2vIIvvX8DTC+K8YrA:ZaOY+4eMHhSFvED2+K8YrA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647984869, "uuid": "00bc82fb-a93b-48e3-937e-2fcc6d47bebb", "value": 827392, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647984869, "uuid": "a76afae9-53f4-4375-9e64-1cb8a4fa3108", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647984869, "uuid": "368f2bc1-36c2-4e20-a3ef-66c3c6873d76", "value": "e2e5f7a89c7c6b45c41ee40d287a15d4", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9e8ab1d3-aa23-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647983050, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647983050, "uuid": "1b166fe0-0874-47a7-b3b7-c18f411b64d3", "comment": "Malware payload (Heodo)", "value": "8a950c5b9653011ca3a05e6cc22c14e3", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647983050, "uuid": "f37dcbb3-5aa5-4ddb-85a7-d96559099337", "comment": "Malware payload (Heodo)", "value": "54ff5b421a402bc03d2691c0d4a24bba8f6436d1f58df999449ca89b390fd203", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647983050, "uuid": "05bf593e-427e-4c08-a25b-a08c99094146", "comment": "Malware payload (Heodo)", "value": "c9c7781c99e363a3978912762361373fcc4da81d", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647983050, "uuid": "f530a576-9ffd-48b4-917e-658e8ef07309", "comment": "Malware payload (Heodo)", "value": "3b529607ff2a14c607679dbdcfeed714d67e4c92376e6780c4769e2e5336466227e9ce1d220812bb91f26eca08a152bd", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647983050, "uuid": "c050e688-8c47-4188-82c1-d60b0905b27d", "value": "T19F055B3374C18EF5F03A533A44317F7A6397BAA05721CA9F16F3899D29F68829817247", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647983050, "uuid": "b049eef3-9946-4550-b3a4-9e2348c38cbe", "value": "7be7abf9e13a5f5d55afab99418ceec4", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647983050, "uuid": "5a179eaa-c1ce-43a2-97e8-4c1a188c1cdb", "value": "12288:Zal2M0pY+qQXOS1jMBpsrzhD2vIIvvX8DTC+K8YrA:ZaOY+4eMQhSFvED2+K8YrA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647983050, "uuid": "a01415f4-9244-4404-b94e-1c0363a75987", "value": 827392, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647983050, "uuid": "a136b414-a496-44af-a4b8-45e215463068", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647983050, "uuid": "041e1d57-7e66-4459-95c2-9361ecda276d", "value": "emotet_exe_e4_54ff5b421a402bc03d2691c0d4a24bba8f6436d1f58df999449ca89b390fd203_2022-03-22__210404.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "491c7a07-a99e-11ec-9275-42010a9c0029", "comment": "Malware payload (RedLineStealer)", "timestamp": 1647925783, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647925783, "uuid": "e537bdd4-4cfa-430c-8174-dec01340ffa5", "comment": "Malware payload (RedLineStealer)", "value": "f0504ac5e26b7725cd1c3da7f49df549", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647925783, "uuid": "1cad312f-9109-49df-bea5-33c13cd85de4", "comment": "Malware payload (RedLineStealer)", "value": "5523eab65402dc93db826d206d8dda04d6444f1bbd910060d2d5554232f8ba1f", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647925783, "uuid": "cc8be7a7-168c-436e-ab60-6c40dfcfb305", "comment": "Malware payload (RedLineStealer)", "value": "930f18d6ff25079bf4d2ee4dddb5e5401ecb4066", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647925783, "uuid": "3121b333-fd26-4506-b74a-b3180a753af3", "comment": "Malware payload (RedLineStealer)", "value": "50a062361cb9a93869782ffed05e561cf06a9772cd33eb92bb2862e3c8df4f92f374953a5c2b77d4f97f1af57cdae954", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647925783, "uuid": "b3f9dca2-c5a8-4145-8a03-d26fc94a85a7", "value": "T1ED36332E1A00E5AED54BA735474DBDF576229B2060CDA01F897F19B728B8CF078496CF", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647925783, "uuid": "14ae42bd-dea1-4c2f-8994-0f911f77f2c7", "value": "fddc083fa31a17c938d0a17ec7cd3025", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647925783, "uuid": "93558675-a173-4fea-a7f1-95eb044e592a", "value": "98304:t95VAXsAPYweJnYPBcQ+O1WYcE/COVmtSKvDKEQ/tTA3rZB+bpWWdDC:r5OY3nmBVF1WYcE/wvDa9kP+lWYW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647925783, "uuid": "175072f4-56cc-4b06-8f22-cf28053d3809", "value": 4897280, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647925783, "uuid": "26c98d3a-27fb-4473-b311-202a20ea11f2", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647925783, "uuid": "ed225777-6b67-4829-bf21-aee36562b893", "value": "43939865.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7fcc9a05-aa12-11ec-9275-42010a9c0029", "comment": "Malware payload (RaccoonStealer)", "timestamp": 1647975697, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647975697, "uuid": "b0f927ff-0e74-4e13-86d9-fbd57f1d2ae5", "comment": "Malware payload (RaccoonStealer)", "value": "3d5dd911a0345dec809782512d23dda3", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647975697, "uuid": "a8731eba-0642-4ed0-9b77-2a9097a2e81a", "comment": "Malware payload (RaccoonStealer)", "value": "5551acf69e2dfecdfaaf1d327d308bda79cdd40864a8d4ecfd6d47bfa6f0f68a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647975697, "uuid": "4bbf0f79-60b0-441f-be61-8b2c719099a2", "comment": "Malware payload (RaccoonStealer)", "value": "e483e260f36988ec777c94fdd32fe6e5d44c0d60", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647975697, "uuid": "b327d381-fad9-4e7b-99cb-a57e25b00af7", "comment": "Malware payload (RaccoonStealer)", "value": "d3f04e037f67ff6cf03207c11650af5f6a99e444de5e3d5f93204b56c973fd330b880cb6f4f156838dcfda457db2650a", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647975697, "uuid": "ff47fa23-5d14-40fa-a80a-2eb700badddb", "value": "T1A2B412287621C236C16364303974C360577BB6325B76D29BBB5927395F307C3AABA31B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647975697, "uuid": "b440c7b7-d18e-463a-9e0d-7ac1e68c0a50", "value": "90ff780668c661ffef63d2b7c92679cc", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647975697, "uuid": "8bbb57fd-d381-4c9b-a84c-6ff27fe74f39", "value": "12288:JHjVsAFqs46JYytXI6Vh0WSTVfOgbSeuGlQT:JDBFqsbvhw3+eK", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647975697, "uuid": "b7663781-6f06-4b0f-be77-08341d259fca", "value": 536576, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647975697, "uuid": "631d2054-59c8-4b1f-b2ad-9c8ad05d4e8e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647975697, "uuid": "d9114bdc-38d4-4db4-a8b3-044552b22848", "value": "3d5dd911a0345dec809782512d23dda3.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5841d582-a97d-11ec-9275-42010a9c0029", "comment": "Malware payload (RedLineStealer)", "timestamp": 1647911635, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647911635, "uuid": "92da89ce-b528-415d-8f5c-b765511db243", "comment": "Malware payload (RedLineStealer)", "value": "55ed7cf6abeffa5359cbae4298a4a671", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647911635, "uuid": "6d8395f3-4aae-4c5e-b052-8bc2ad21f715", "comment": "Malware payload (RedLineStealer)", "value": "555f9877823f5f80c071719d9b384857f29eaee4fafd6aa1f921994fb412bf36", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647911635, "uuid": "533466f2-ac21-4439-9114-7c2a0daf4b83", "comment": "Malware payload (RedLineStealer)", "value": "ec1849741f4f5609b685373cdc64e2ccde1de0e9", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647911635, "uuid": "d78d96eb-c822-4411-a67a-a1149a56249c", "comment": "Malware payload (RedLineStealer)", "value": "8876721f09c77df55fe4e2f49d65a26d3d8027bfda56f4be1fcbe805f659fa2474950b0df18b7172c0d4088121d5bd48", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647911635, "uuid": "53fe7d62-f671-4b03-bc74-e6d3c67109f1", "value": "T1CBC4236ED7013F1EC24956F01BB3B71E00AD663AF9A45A569251270B6E08837FF068FD", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647911635, "uuid": "865e56f1-ee09-4a31-9f50-c50076647f76", "value": "445554923421947cbff896012e27345a", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647911635, "uuid": "d5711ba7-9117-4d87-9f85-a45deb327c1b", "value": "12288:xkqNIoEdVKIlVB4ab4F0+c/4OIImdUQS03ULaHNqrxlKIQNoMI1mcOeOvqlvU:uqNjEdYIlVB4aE2l6vUkEaHNYK3q1ZOR", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647911635, "uuid": "a02b80a7-380a-4f48-b382-485d8b077af6", "value": 570880, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647911635, "uuid": "dbbad8f3-a38c-4821-b4c2-d778acb07155", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647911635, "uuid": "df6eb81e-7dc5-4719-b3a1-c2a574bbb9bd", "value": "40593763.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d0513508-a9e9-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647958222, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958222, "uuid": "320e6f83-0067-4027-b106-cf900793f006", "comment": "Malware payload (Heodo)", "value": "7ebf29cbe114389ee13d04b7a87663e6", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958222, "uuid": "1e8bb6fe-5f2f-475a-8b95-2801d2a55e34", "comment": "Malware payload (Heodo)", "value": "55d1efbe1c8c3184d5dbf1e9efd65efc2f779e726c7ab288b51d7729494a77f0", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958222, "uuid": "684ca31a-fea8-4ba6-8b56-75bc386c7eaa", "comment": "Malware payload (Heodo)", "value": "89898884c306e52c61bcb51ecf7f8ee5a8ad6a31", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958222, "uuid": "dfc6d68f-f916-4f8e-833e-62830e7cea26", "comment": "Malware payload (Heodo)", "value": "3a885125a8eefd26a7a3b22332f1581f81b4e9d9efa4aa389f022c1df4a4df58d301aa21ca22986a24048b6a12537525", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958222, "uuid": "53ee777e-f25d-42ba-84e7-3951737e860c", "value": "T128059C596B46C0F2C3B53CF0182A42B11D9AFAF2C7B7023B9E84167D9A70DC17768D5A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958222, "uuid": "f7927bfa-076d-4f48-9a30-9602680e0771", "value": "cd97bd977cef263c697f451ae2c47380", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958222, "uuid": "02c5d26e-0b25-40cd-87a8-86fd4529f633", "value": "12288:V20BXOMcVzpWfmmnDDQX5P8fMYsvFE6NKGfLjx8QvbxafqNPOd4jy:V9XOMc1KmmDEX6svFEDGloyNPOO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647958222, "uuid": "5a78f850-2e29-4538-84c0-88e2ede38de0", "value": 799232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647958222, "uuid": "3ea4808e-bf12-4c76-bec6-64b8c790373f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958222, "uuid": "4d9a4f20-99e2-41a7-b952-a1ea5d5b57c4", "value": "55d1efbe1c8c3184d5dbf1e9efd65efc2f779e726c7ab288b51d7729494a77f0", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5b1509e4-a9a0-11ec-9275-42010a9c0029", "comment": "Malware payload (Babadeda)", "timestamp": 1647926672, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647926672, "uuid": "ea83a00c-5036-470f-9dba-e66e53a2863d", "comment": "Malware payload (Babadeda)", "value": "1fc3873caf7ea38f7124dbc937aa3318", "object_relation": "md5", "Tag": [ { "name": "Babadeda", "colour": "#2F44B8", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647926672, "uuid": "6dcc42b7-3ab6-4567-9762-bdda2932c5d1", "comment": "Malware payload (Babadeda)", "value": "55d3824935af6618ca3acfa8929c8f3725e2fb462b40c064bf9d666dff935acc", "object_relation": "sha256", "Tag": [ { "name": "Babadeda", "colour": "#2F44B8", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647926672, "uuid": "35b52566-ca67-4517-81d6-8818120e6b6b", "comment": "Malware payload (Babadeda)", "value": "58fa4bfeea5202009ce12610a51f80c01ebaebc2", "object_relation": "sha1", "Tag": [ { "name": "Babadeda", "colour": "#2F44B8", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647926672, "uuid": "0819991b-db4e-4308-bd52-0581e4319b27", "comment": "Malware payload (Babadeda)", "value": "21ec325165711a476e1c5d1dbb40cfdd7f4647ce438fb52bb3103670ed18f75e7eee431aac17214da93e11d65797530c", "object_relation": "sha3-384", "Tag": [ { "name": "Babadeda", "colour": "#2F44B8", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647926672, "uuid": "eae0c3ca-a59f-4c4e-bbeb-e538f14a2c6a", "value": "T168840292A6E405F3EAE1097101F6F02BA939E3549B649DC7E39E78415E42BC0D7342FE", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647926672, "uuid": "8c98f902-2c1e-4691-9314-19265deede3e", "value": "5877688b4859ffd051f6be3b8e0cd533", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647926672, "uuid": "73e6e9eb-3fd1-4a78-9462-c56bcf6e0656", "value": "6144:WzBkLL2NTBS896zeJv3uZbOfTzKtTJr7xindO3K0VTJk0PcWh2iNxr/KX0:WKyNTI896C+ZbOfqFJr7MdP0VTJDPc8z", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647926672, "uuid": "5e5af774-b81b-48b5-865a-324729ccb8fc", "value": 379800, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647926672, "uuid": "d9b6e794-5540-4c42-85fa-49d8a6bffdd4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647926672, "uuid": "a71ddc33-6c77-4c32-a933-e74a89d2f38b", "value": "74356107.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d15844db-a9ed-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647959942, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959942, "uuid": "c8555fd6-b9f4-4dbf-ba03-da1093272e15", "comment": "Malware payload (Heodo)", "value": "955ee41401c41622f5853cd9f29f39e4", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959942, "uuid": "3fc0f0f4-43ea-4ec6-b9d6-73ec0a19a5db", "comment": "Malware payload (Heodo)", "value": "56029c5472b13505206b1e2bc1359b44c860427ec4843e7f460d176193f28fe0", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959942, "uuid": "5c21a8ca-19a7-4740-81ee-f4182b0d1c70", "comment": "Malware payload (Heodo)", "value": "ac7e22a38f1ece69ae4e2092f687885addd01582", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959942, "uuid": "22ce7b7d-9d11-4058-bc91-6bffdc13061b", "comment": "Malware payload (Heodo)", "value": "4bdda743bfb7a072106e8825b57e210aa5158dff2a5233b6cc2efe7016ee19a804bb44f671eca352200a80a5bdb66808", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959942, "uuid": "05c1debb-9133-462e-a572-a8c5fd79a76d", "value": "T1DFB4194F1E989172F0CF28776C22FB65F1EBB8009319B8116EA81B4CFB25B715961D4E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959942, "uuid": "7dbeecee-eb5f-444b-a067-78a8f6cf55e0", "value": "ea66334e3c2bfce2838f2a75dde8dc63", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959942, "uuid": "61a7a18b-778d-4876-8f3c-9485cb9f394c", "value": "6144:8JZToYE666spbEgoZhZO1tzI+rB7FNXtwN2B5mq8dbSNQ7dqNThMx:8v/goZo3lF/wN2PmBzdqNTWx", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647959942, "uuid": "c3f618d9-020b-4446-a9f8-83b17a93cc4f", "value": 516096, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647959942, "uuid": "b838de53-0f72-4f28-acbb-99df960e7bf1", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959942, "uuid": "9e279fbc-8ac6-4802-853f-1d0edba6dd85", "value": "56029c5472b13505206b1e2bc1359b44c860427ec4843e7f460d176193f28fe0", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5367c03f-a9e2-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647955006, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955006, "uuid": "3919a662-871e-43f7-816f-60a5b14dd9d2", "comment": "Malware payload (Heodo)", "value": "c666696436324adb3f1e3d53a8e53f48", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955006, "uuid": "5691613c-872a-47e9-acb2-a6f76038c9ba", "comment": "Malware payload (Heodo)", "value": "566c5711fa8245794ace4f777bd6595ca8f7e2811e169c5f5d62e5107b7f682a", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955006, "uuid": "65fa820c-852c-4f3f-b0b4-43a7238825b2", "comment": "Malware payload (Heodo)", "value": "daf41f0a10d95bcb718130d3f451864b989b49b7", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955006, "uuid": "16170c50-5b2f-4988-a711-c9862b1787b6", "comment": "Malware payload (Heodo)", "value": "dc255df6b0c7f383967100847fc2fd9dce3e6de2baeadb68cd74cadada0ba76bdaa5a3d745fce9d53a2a1764cb17741f", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955006, "uuid": "defe79d8-26f0-4d6e-96b4-0bdb5677e323", "value": "T14DD45B11A5538073C7FB25F2CAF163B766DAAB91C72B452E02A8C07F7924E437752E21", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955006, "uuid": "ab4d61b6-8dbd-4564-982c-eb15594dd951", "value": "c7be10fff3b5624b64714e5733abbf40", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955006, "uuid": "cca235eb-d1fe-4119-babb-328acf26ea32", "value": "12288:UWBpwupxl0OeL/grxkGzO+r9AjCb/XKh:Psupxa/gb2mbvKh", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647955006, "uuid": "442ab855-c586-43f2-9dfb-0c10e7ebbc85", "value": 599040, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647955006, "uuid": "992bd6c0-554f-42bc-baef-080bd09d71ab", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955006, "uuid": "5d172df1-ecc8-439a-95d7-da1d4a238e45", "value": "566c5711fa8245794ace4f777bd6595ca8f7e2811e169c5f5d62e5107b7f682a", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "205ba3e9-a9e4-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647955780, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955780, "uuid": "5f4059cc-7ce5-4730-b5ca-b76093315279", "comment": "Malware payload (Heodo)", "value": "89d197bd8788b5097ec3ad5322ec4c8a", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955780, "uuid": "15db4ed8-0aca-470a-beaf-c60fc5f57332", "comment": "Malware payload (Heodo)", "value": "566fdf387ad275c56e0126ea0e49b5ef240ebe8d7573f946013f19fc58c0b811", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955780, "uuid": "f333c2b4-2835-4c3b-b1b8-0402c0afa083", "comment": "Malware payload (Heodo)", "value": "ec6506b95eb603d73620d670ab925c356b61a032", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955780, "uuid": "cf7036fb-9466-4d16-b000-2a5f929a1985", "comment": "Malware payload (Heodo)", "value": "3dc36d005e57a81429e166417a520080bf14cb3d220e9d3a00e18da12c1821e99778497311d7fa7412b9630afc97da72", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955780, "uuid": "9b7b88df-c9ab-480c-9ecb-3e6722000650", "value": "T108D41A30BD5BF0F8C48A1BF46A05CA59620B7EA05625B0A372EE774D6F321334D39796", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955780, "uuid": "d18aa5ba-1b73-4871-82ff-f2f093b204ae", "value": "b193e4975b360aaa9ff34a6f93823ae8", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955780, "uuid": "b5c9d692-dede-4ee0-9335-ca124b40ca10", "value": "12288:ZxpNJJJ2NHPoczJOOtIhxf3foRXIa5EPwvA:Zx2gczJOFf3fnaFvA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647955780, "uuid": "e809c375-25c8-43ad-9be2-1d4f53b33c34", "value": 618496, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647955780, "uuid": "2c702e79-e119-4a5b-a765-bfbbccf4ca26", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955780, "uuid": "0666cf8e-f7cc-4b3b-9442-a08445d07731", "value": "566fdf387ad275c56e0126ea0e49b5ef240ebe8d7573f946013f19fc58c0b811", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cf455ac7-a9ea-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647958650, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958650, "uuid": "c5e3757d-d2fb-4842-a7f0-a7cf5a29774a", "comment": "Malware payload (Heodo)", "value": "232f27f47a7942a67a3333cdf5d255c8", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958650, "uuid": "8d03219d-7143-4f5d-bca1-1ecddf96cbda", "comment": "Malware payload (Heodo)", "value": "56702346794ad758a05d930fd02aaee45af561fb0f9c1f729186e8e9efdfd7f8", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958650, "uuid": "0c93f350-5511-47ca-8c11-f5fff36bce49", "comment": "Malware payload (Heodo)", "value": "5b57e8b386db387b1738e246f9ac6747ccca6bb1", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958650, "uuid": "e5a8768d-d9ce-4a96-b515-b23a01372ba7", "comment": "Malware payload (Heodo)", "value": "7da26dc28b1c53412f806315dde6d82d6bbf50741e674fe6f567494878438e48e45b85aee31b9bc00d30bdd577acea6f", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958650, "uuid": "269747f9-975c-4050-8bde-e7efd6e98274", "value": "T1AE059C596B46C0F2C3B53CF0182A42B11D9AFAF2C7B7023B9E84167D9A70DC17768D5A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958650, "uuid": "0c1329d4-8aa9-4754-8cb0-89e656b8b0a4", "value": "cd97bd977cef263c697f451ae2c47380", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958650, "uuid": "67085d6d-fbb5-4ca1-a11b-90ff70c8843a", "value": "12288:V20BXOMcVzpWfmmnDDnX5P8fMYsvFE6NKGfLjx8QvbxafqNPOd4jy:V9XOMc1KmmDLX6svFEDGloyNPOO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647958650, "uuid": "b6a0ed46-6ca2-4bda-89ea-11934d9ac120", "value": 799232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647958650, "uuid": "956f5857-0bb8-4f56-a2bf-4266a1e18a2e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958650, "uuid": "746ecc9d-86e2-4f90-80ab-d7d193458747", "value": "56702346794ad758a05d930fd02aaee45af561fb0f9c1f729186e8e9efdfd7f8", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "984cb0cd-a9e3-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647955551, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955551, "uuid": "88cfbaf2-3dad-45d0-80f1-4a71c61c5615", "comment": "Malware payload (Heodo)", "value": "03301f8eb4ebc7276abd196d33780e24", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955551, "uuid": "dc504b63-96a8-471c-a0c3-1003061a9cff", "comment": "Malware payload (Heodo)", "value": "5670e62c448adfac0505940e6a035e3be2f7c1d5e756caa07227a9a780117234", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955551, "uuid": "db2be7fa-ec33-4bab-99b2-8f031de9cc47", "comment": "Malware payload (Heodo)", "value": "75aa408d00ce0ba47196221d80fddcf183c9cbae", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955551, "uuid": "ef99637b-0001-4797-8c1f-08538f5cd75e", "comment": "Malware payload (Heodo)", "value": "55c68210f8ecf05b9761cfc9d384c65a731e1dad30ae7b649ac80644df5d0d0ff546d0297cd5a14a420ac8ecf5fb8b86", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955551, "uuid": "b2d05da9-902e-4f6e-b161-0dfaf048254c", "value": "T19BD46B03BFD3F0F6C12F0F394505D608989A7AC6A62A45A3539C6B9FED770138D36652", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955551, "uuid": "9d39b0e2-c693-4c56-ab0e-b519f3ff6604", "value": "987fe31a9a4cd6eac4ce656a05c3724c", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955551, "uuid": "7a0af775-b0ff-473e-8ace-741eb091b663", "value": "12288:QXvRLpX4HMAus65r7xMxWXb6Sw5BxfmRgnI:Q/Rt4HMA+r7x2BlmeI", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647955551, "uuid": "a61f6c9c-1fb7-452d-b9ec-664a97a8c305", "value": 614400, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647955551, "uuid": "0569ab39-eb7f-4d52-901b-21d32af95e4a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955551, "uuid": "4f1f0b81-2470-49a9-9ffe-1b845a0bf891", "value": "5670e62c448adfac0505940e6a035e3be2f7c1d5e756caa07227a9a780117234", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "51be321b-a9ea-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647958440, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958440, "uuid": "57ac4727-b42d-477c-9c95-633055e300e5", "comment": "Malware payload (Heodo)", "value": "e11147150a69565d100d809f17fd5925", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958440, "uuid": "0ba5c5f2-b9ac-4ce5-8ed4-983f0659c06b", "comment": "Malware payload (Heodo)", "value": "5697c67a79c39686a91fd0841c8de339fd241b658ad43658180322591c90866a", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958440, "uuid": "0db9eb8c-1eaa-4720-939d-171446fcc9b4", "comment": "Malware payload (Heodo)", "value": "9331897b7cefcd2d5d53b9e2454bab1f5c55c43e", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958440, "uuid": "3f387a22-bcc1-4e35-ac51-2679f1ae9d55", "comment": "Malware payload (Heodo)", "value": "b16db1d991936b08cafd9fea8137db9271352aa1d4eead24a934777b7a64e8fc2c89a030976dd4cf5f89f75bfb8c7239", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958440, "uuid": "beacef4b-75d7-4511-91ea-8deb4a3ff686", "value": "T136059C596B46C0F2C3B53CF0182A42B11D9AFAF2C7B7023B9E84167D9A70DC17768D5A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958440, "uuid": "d23f4db3-93e3-473b-b121-b589533924bb", "value": "cd97bd977cef263c697f451ae2c47380", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958440, "uuid": "d43bf725-72e1-4e87-9a30-26b4bd21521d", "value": "12288:V20BXOMcVzpWfmmnDDRX5P8fMYsvFE6NKGfLjx8QvbxafqNPOd4jy:V9XOMc1KmmDlX6svFEDGloyNPOO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647958440, "uuid": "e581db5f-8451-4f06-b030-32c6813a18dd", "value": 799232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647958440, "uuid": "00ebae6b-2df0-4dc1-ad5f-f7e3f65c1bfb", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958440, "uuid": "5996b4c6-1f15-4524-9cfa-321fc8868966", "value": "5697c67a79c39686a91fd0841c8de339fd241b658ad43658180322591c90866a", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3ed0e181-aa16-11ec-9275-42010a9c0029", "comment": "Malware payload (RedLineStealer)", "timestamp": 1647977306, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647977306, "uuid": "df1771be-819c-4726-969b-06b9f2ca5cde", "comment": "Malware payload (RedLineStealer)", "value": "9d5fc65c60b35b9c0c4f77665c9e8a98", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647977306, "uuid": "8aac440a-a134-4077-8715-39f8c5a4007d", "comment": "Malware payload (RedLineStealer)", "value": "56c500731c1693b3dbbb81d3f55ac6639ae551f397a7744f3628b43645c62e05", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647977306, "uuid": "75e7795a-d2ae-4a8b-9772-4a8f77e387b1", "comment": "Malware payload (RedLineStealer)", "value": "532eb6aae69336ed34a4785e24a1089867f9a8f4", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647977306, "uuid": "7833b9df-2674-4d46-9a68-32e0db533e79", "comment": "Malware payload (RedLineStealer)", "value": "803bb37d511c206214d820ffe4ef34100d84bb9a0851ed03fcdac28b0e4a4e03b1afd0d2335abafeb10870400616ea95", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647977306, "uuid": "20c7d622-83cf-4e6a-b090-98e7a3b33718", "value": "T19E363327A9503DC1D1E3893E13215A388061B2D55F811B13D2BFC5EC6D6BEE53CBAE4A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647977306, "uuid": "34144584-58af-42d1-8951-c66785a76442", "value": "fddc083fa31a17c938d0a17ec7cd3025", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647977306, "uuid": "f095c2a4-962f-4b29-a146-07f04d9e4326", "value": "98304:cNNJak3JX1uHW7i6H08QvB6Tso0AxAHi5od9qUgPgck:cNMkZX1u2G04IMi+jW4ck", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647977306, "uuid": "e66321ae-aee2-462a-b99f-64692075e2ab", "value": 4889904, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647977306, "uuid": "e8c381ec-f026-461d-b0a8-edaa8c7d8530", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647977306, "uuid": "97dc0edf-8cd0-4054-aa74-6057f75b8b50", "value": "97600692.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7468b9ae-a9e0-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647954203, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954203, "uuid": "e3718e75-21cc-4624-8abb-6350e37e51a2", "comment": "Malware payload (Heodo)", "value": "6e580938b0e55d5d7eb2410ad4d32f77", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954203, "uuid": "964aeb3d-fa03-4b1c-b868-2a1e8fa5294a", "comment": "Malware payload (Heodo)", "value": "56cc2ab5e2924c5c69e757f6328366c68c1e2a84402cb1532fce4ce2ff567e53", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954203, "uuid": "7277280a-7e40-4dc7-a02a-fddb7acb8cd4", "comment": "Malware payload (Heodo)", "value": "bb7d1b2a502aa423beef80ee74e33299e6eb3db5", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954203, "uuid": "e035c381-af9e-488e-baf6-1d1b94500504", "comment": "Malware payload (Heodo)", "value": "5d3f99522a2e3372bf1d9dfc4e36932a545168a65e3d953c93d0dfddd755bf5296fcfb58ef90024434ad8cf1fd2702fb", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954203, "uuid": "52d057ec-6b4d-4bba-89bd-51214f9d0001", "value": "T11A25AE223AD5C07BE2AF16760506E76E62F5FD304B2586C36FD11BAE6E345C29739302", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954203, "uuid": "47bce3fd-8165-4e0e-8959-44bcd2a9768d", "value": "c43d7d6aae03def404d4e73d7d3f62eb", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954203, "uuid": "543549ac-2122-44b1-938a-2119bd00607b", "value": "12288:+LDlVD0Fj+g1dEJgcIzQHBKeWZlQN5tFjNRLU:Ci6fgcIcHB8ZebLU", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647954203, "uuid": "fbb5903f-2480-434e-9697-7d790fabb302", "value": 1028096, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647954203, "uuid": "9bfb2180-d381-4bcd-b7b8-77732f1eacc6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954203, "uuid": "ef7badbc-4806-4637-8e0b-f87e30ad8793", "value": "56cc2ab5e2924c5c69e757f6328366c68c1e2a84402cb1532fce4ce2ff567e53", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8bafe318-a9ed-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647959825, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959825, "uuid": "01b3da55-981f-4b8b-adeb-e092f86b2a56", "comment": "Malware payload (Heodo)", "value": "87528b2de528af51fdc6aa01f9815683", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959825, "uuid": "804e3e1c-1f32-430f-8ccd-2582fbe47efd", "comment": "Malware payload (Heodo)", "value": "56de92e18f3c36cd85ffb34d7fa796af06e4c1f8b5482f6d8235b9b2bbc11f4b", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959825, "uuid": "b22e54ee-9f94-4198-9b32-5f7a717307a0", "comment": "Malware payload (Heodo)", "value": "4932ac815a8eb92cddc899bf78ba275a59463931", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959825, "uuid": "505ee5af-6ce4-4d85-9ec0-3168184233bd", "comment": "Malware payload (Heodo)", "value": "bd8f7e3b40fe12ad653d7f03182c708684279fcdaf563661c6e8e4d531878a6d68e4e152c8902931e0da30d50783e64e", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959825, "uuid": "a96f41de-73ed-49de-9128-dfa2a593e920", "value": "T1E8B4194F1E989172F0CF28776C22FB65F1EBB8009319B8116EA81B4CFB25B715961D4E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959825, "uuid": "84628dff-c8ba-47f1-858a-7659f2e0d743", "value": "ea66334e3c2bfce2838f2a75dde8dc63", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959825, "uuid": "4fa44504-efea-46e7-8969-9f45c25bd1e2", "value": "6144:8JZToYE666spbEgoZhZO1toI+rB7FNXtwN2B5mq8dbSNQ7dqNThMx:8v/goZoQlF/wN2PmBzdqNTWx", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647959825, "uuid": "6c9f656a-db1e-40c1-a2f0-9bf7ba561aa4", "value": 516096, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647959825, "uuid": "29e1705c-695f-4b70-90d1-5b0266938858", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959825, "uuid": "c28c6e63-b3ef-4d03-8156-e78e8da46a21", "value": "56de92e18f3c36cd85ffb34d7fa796af06e4c1f8b5482f6d8235b9b2bbc11f4b", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6773a8af-a9e1-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647954611, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954611, "uuid": "808063f0-a721-4c89-8019-c635a8fab395", "comment": "Malware payload (Heodo)", "value": "080a25fe6919448a3872012af1416bcc", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954611, "uuid": "cae9f699-0333-4e72-997b-ec7f57295836", "comment": "Malware payload (Heodo)", "value": "56e5b875ec0ee3f905bdf20c85152e74647cd13c69bbab7898111852fb50c15b", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954611, "uuid": "f49644ea-86c1-46cf-bc31-808c13285f79", "comment": "Malware payload (Heodo)", "value": "8c4f0defad6710ad05413eb51bf0a4e199d69401", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954611, "uuid": "8eeea2c4-70b0-4a08-8cd0-b4700e97890b", "comment": "Malware payload (Heodo)", "value": "6f9a683163105da1dded8c16072912ff7381c7603269a7925be1022883eca8e52c2c2499b0201426ae7ebbb2e2165059", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954611, "uuid": "7ab7c7ab-fe73-4fc7-ba47-21545b71c6a7", "value": "T1B2E4BE6176C2C0B6C15F017A5946E31D62E5AD609F3896C3ABD4AFBFBFB50C29D34202", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954611, "uuid": "70e729b7-0d36-455d-beb9-e9d9131bbc6d", "value": "5529db874583b5635436baabaebb4b71", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954611, "uuid": "0bf784a5-7192-4622-be13-3c227672867a", "value": "12288:Z6ZLutvgrwV8RQc5W1yS0ezL9J6XKLe/vyzfANcN/kJhXx5y:qza8RQc5W1P0Q9sXKLLzflBkn", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647954611, "uuid": "59470936-93de-406a-9282-d45b4c211c90", "value": 679936, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647954611, "uuid": "91c7adb8-9b44-4b70-a650-15e4774029fc", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954611, "uuid": "254b9bff-ab55-49d2-bf07-2d0f9afa76aa", "value": "56e5b875ec0ee3f905bdf20c85152e74647cd13c69bbab7898111852fb50c15b", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "19b8b5c0-a9ea-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647958346, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958346, "uuid": "9c750c41-2ac5-460d-b5cd-548e3fc3c549", "comment": "Malware payload (Heodo)", "value": "fe3ca5bbc1bfd5a70f6f1f665e9a0e9a", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958346, "uuid": "fc317004-75a4-4c3c-b74b-3749b61b8645", "comment": "Malware payload (Heodo)", "value": "572a82b7bc261cd409db302ffa2247de6466e2588aa74f2d137453208a3977ac", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958346, "uuid": "64ef1b06-6b56-465d-88f8-0b8fcc129762", "comment": "Malware payload (Heodo)", "value": "7e9fa19efa5c1d6ddb9f0d3967295369646759d5", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958346, "uuid": "a252e1d5-3a97-46b2-b1dc-b6e9a57191d4", "comment": "Malware payload (Heodo)", "value": "4118ef2df1455ad505b5af7665da1d84f7289b696cae5a64eb71f8bea348265576d7a2cfa8b504b4551a13e4144a1fcb", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958346, "uuid": "c5e59ab0-8e07-40bd-a95f-e5a8a1bc740d", "value": "T166059C596B46C0F2C3B53CF0182A42B11D9AFAF2C7B7023B9E84167D9A70DC17768D5A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958346, "uuid": "4c7b56b5-ea1d-40e0-a791-2a50a2252988", "value": "cd97bd977cef263c697f451ae2c47380", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958346, "uuid": "1f173fef-40bf-4b9f-b46d-bee2bfb2360a", "value": "12288:V20BXOMcVzpWfmmnDDDX5P8fMYsvFE6NKGfLjx8QvbxafqNPOd4jy:V9XOMc1KmmDXX6svFEDGloyNPOO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647958346, "uuid": "e3add2e2-2145-44dd-aad4-c6c3e1f492d1", "value": 799232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647958346, "uuid": "3d345bc3-2572-4bf0-b64e-06da7bc4edc2", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958346, "uuid": "3d7420f6-ac52-4e03-b764-5c06237d864b", "value": "572a82b7bc261cd409db302ffa2247de6466e2588aa74f2d137453208a3977ac", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "afd05308-aa10-11ec-9275-42010a9c0029", "comment": "Malware payload (Formbook)", "timestamp": 1647974918, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647974918, "uuid": "3f21a6a1-e9f5-4d35-8b70-39dcf2ca5beb", "comment": "Malware payload (Formbook)", "value": "87a279473871f4e4c4b1fb33e9ca74ea", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647974918, "uuid": "e8f4ac3d-db08-4b9d-888a-fb99a52629f1", "comment": "Malware payload (Formbook)", "value": "573340e7db5b08254ff95f02f3f2ecc9b24db1f8cb35d75dcffe71d6b35d74fe", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647974918, "uuid": "842086b6-6f85-4807-a67c-da2160a01753", "comment": "Malware payload (Formbook)", "value": "5cc7c15ecf502df61c2edd0ad5cdc1f3ce156ed1", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647974918, "uuid": "f9d1ee28-9d75-40ed-8341-20bc63ab5fec", "comment": "Malware payload (Formbook)", "value": "e9adf1bdc673650ee08f6d3ce2bfad0bb92c0aed1fb9b85eb9b86daa86a7d357f6eb1723a2c98c7fa12394b0db9572c7", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647974918, "uuid": "af085c2e-e22f-4d9b-8dac-59e407a05c69", "value": "T15D341203FBC084A3F78106351E729BB8EBF945CD3279950B9F841FAD6638A535766702", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647974918, "uuid": "32b14f24-2c9c-4a92-ae9b-25c7e180cd9c", "value": "7fa974366048f9c551ef45714595665e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647974918, "uuid": "22de7404-193d-47d2-969b-67fd857344ee", "value": "6144:rGiiGW9jRnMD5fAk+VqdFELgz7Cp7ClK9Yu47s+b1iT9k:uG+ZGX+cQLqueMk", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647974918, "uuid": "f2559e2e-4e35-46c0-a2d1-ec850e2d7218", "value": 248284, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647974918, "uuid": "8f139fdc-3fec-4aae-8b51-2a9c9913e69a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647974918, "uuid": "c88511b2-1559-4188-a284-d9335ed379d8", "value": "87a279473871f4e4c4b1fb33e9ca74ea.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1019ad63-a9df-11ec-9275-42010a9c0029", "comment": "Malware payload (AgentTesla)", "timestamp": 1647953605, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647953605, "uuid": "29bf019b-aaf1-4977-99bd-8bb4bdb70816", "comment": "Malware payload (AgentTesla)", "value": "244f47419e102b64426b803ce6cf65c6", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647953605, "uuid": "0353bc8e-4132-42bf-9601-9e5e060cf20c", "comment": "Malware payload (AgentTesla)", "value": "579a6c5d265c717ce934723947c28b6c95b14e1fcc2c69cc8e69ec3c26eb7625", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647953605, "uuid": "4957809f-f095-4ee0-87ee-8a9a7dc8cede", "comment": "Malware payload (AgentTesla)", "value": "81ef6be08211716273f71a7ade97fce844ec3e6e", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647953605, "uuid": "e4434b88-7fd4-49c5-b3c6-5b627f41cec6", "comment": "Malware payload (AgentTesla)", "value": "5eacbad54cf4fb6047604ce5618ade6001ce10b1998219e1d609ded994ffac1ab89eda31510d7718296a2a5d67e5f678", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647953605, "uuid": "e2cb55ec-9ed2-4ffe-bbef-3f7a2b437f66", "value": "T165453AAD325472EFC877C072CEA81D64FA50B4BB670B4907A55307999D0E887EF940FA", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647953605, "uuid": "78193184-2718-44d6-9add-ca87acbcc928", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647953605, "uuid": "c7f2c4e8-1f99-4b9e-a75d-7f66e59b2048", "value": "24576:Vyg7DYFwa8Fj8JjhwzgKz2r7dgZTCF58W3zrG6G+4f9d:R7Ja8FgJjhwcHdgZTq7zfNk9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647953605, "uuid": "f4da4e1f-dd78-4790-a42e-2efb35bdc584", "value": 1165824, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647953605, "uuid": "4859ab7a-4446-4997-9087-76fd6cead41c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647953605, "uuid": "47d25848-afc0-4fdc-898f-944f078b1f1e", "value": "Balance Invoice.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "57b3e630-aa15-11ec-9275-42010a9c0029", "comment": "Malware payload (Smoke Loader)", "timestamp": 1647976918, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647976918, "uuid": "8568537f-84ba-4d59-98cf-2197c7f7b847", "comment": "Malware payload (Smoke Loader)", "value": "778f174d7483a70a1a8e327ae3d4fcb8", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647976918, "uuid": "c2d593ee-f425-499c-bccb-14eebf9cc5b0", "comment": "Malware payload (Smoke Loader)", "value": "57a0e2fcfe386ee249288200e072f2f809adcc2b475a6104feab914ccbb35bc4", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647976918, "uuid": "f0d037ce-42fe-4e3f-b6dc-097c79677020", "comment": "Malware payload (Smoke Loader)", "value": "39c283908dd2e16c0952d67ff1e42b003509214e", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647976918, "uuid": "b746422b-fa86-43ef-94cb-1c2442625abb", "comment": "Malware payload (Smoke Loader)", "value": "36885d17bebd4f4e78e86fcfd8f8e4720e5bece8d20b37e842468fb10688da161948a5b6b829c6a89b8e24509a6c04ac", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647976918, "uuid": "cfaa446f-1cbc-4763-97e3-b047e2e1196d", "value": "T1883523C97BD791FDC8A9D537C7022B318D04E9A2714E132A0A9356EF6F046056E62EF3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647976918, "uuid": "ab599ca9-45fd-4df1-afb0-6628fde4f218", "value": "79b3362178937bf9559741c46bb9e035", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647976918, "uuid": "adc9c8bf-8487-4541-9767-de574a5e7ac0", "value": "24576:v+nc7RW8BSH9+bDopgaOoE79uIDGk2f3IVmMkWZ7eX9SI:vllLA0bDopgn9VI/YZki7el", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647976918, "uuid": "785251bb-71f6-43f8-9460-2e13cdcf9f3c", "value": 1076456, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647976918, "uuid": "a6d87b92-f685-408f-817d-113ab996d07c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647976918, "uuid": "b880961b-da89-4ca9-87ac-0ecf5214dc44", "value": "55642604.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6a2daee0-a988-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1647916390, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647916390, "uuid": "28feaf60-dd1b-4883-bb8d-1e7963574983", "comment": "Malware payload", "value": "a9db9d2b254eb642b2a7d699f7cf93ff", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "injector", "colour": "#F39A69", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647916390, "uuid": "801aabbb-fbfc-4258-af39-ccecf06aafdc", "comment": "Malware payload", "value": "57e89b5cebf4c009c5b5ffa8186b51d750ce3c8cfa4c7337573f3a7c1e953f19", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "injector", "colour": "#F39A69", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647916390, "uuid": "f07b0953-0690-47a0-a877-d947efa40c81", "comment": "Malware payload", "value": "e9c4823dc029366b2ffb9d932e7d54400ab10474", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "injector", "colour": "#F39A69", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647916390, "uuid": "a8332d81-1714-427e-aad4-10ed8c445bf3", "comment": "Malware payload", "value": "9a9fb6ca9d1572e3f38c39b582a3dd8b1da594d72954965d47021e0761e5508647109e53f177cf360ef9676ef57620ff", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "injector", "colour": "#F39A69", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647916390, "uuid": "ce219a7f-d000-4845-9dea-260f050ff056", "value": "T19A322C1D1FD80772FDFB473A5DB6AB1402B5F2016A23CE1F58E8421D5DA72648E227E1", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647916390, "uuid": "bcd2ee0a-dde7-4663-84b3-db201593ebc3", "value": "dae02f32a21e03ce65412f6e56942daa", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647916390, "uuid": "5a6e5cdb-f814-46d5-b6ed-97ad4e8bcb5f", "value": "192:Gx59InkTFrBtD/JmVMGe39pVGx/1apPHm/+921xkUDqa7UxMBAZV:Scnk5rjUMGijVGxtimW92rkw7UxH", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647916390, "uuid": "c84bf2e8-3420-4a4d-b996-14ed901c7213", "value": 11776, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647916390, "uuid": "d2b625fc-e2ff-4779-917d-92008ec1f134", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647916390, "uuid": "0a409607-3761-4f74-bfc7-b30b2ddcb86b", "value": "steg2.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7b4f76ee-a9de-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1647953355, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647953355, "uuid": "0c474519-e381-446d-b776-31964b47a7c3", "comment": "Malware payload", "value": "addd4ca627c5dc3b44c0cbffb9e54ea3", "object_relation": "md5", "Tag": [] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647953355, "uuid": "0b27419d-f934-4a5f-aacd-5ea40748f330", "comment": "Malware payload", "value": "5830ca7b93aa03ca7fb3502f80d9296357e9bd489c7f10a641e88b1464927fa7", "object_relation": "sha256", "Tag": [] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647953355, "uuid": "f1c7c577-14ef-42bc-8027-33f61eee95ed", "comment": "Malware payload", "value": "841b793015ca0e2fff6b9401af06bdec90036dca", "object_relation": "sha1", "Tag": [] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647953355, "uuid": "0d25dd75-6543-4c79-bc26-fc2d8431bcaa", "comment": "Malware payload", "value": "448833788766aa3a9df0d2a95ffdd299a440d976e38e002a77f66f39bb72a72d51f553c0517322e8fd079291ab22b2fe", "object_relation": "sha3-384", "Tag": [] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647953355, "uuid": "96584cb9-4e03-4f4f-90ed-f369c794ef04", "value": "T1C374AD63038667B9F6CC1ED9C64F221630F1E5527961024CAFF31AE7FD3AE84A674225", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647953355, "uuid": "4e1da6d0-bb9b-4545-af2f-33045c9016fe", "value": "3072:WiBDmFF5glCLmZUmY9hZxxB0FDcCMhNPi6bSi:6PilCKqmYl3eFxkPi0", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647953355, "uuid": "55c8bedf-3746-49e2-8719-d50003d70088", "value": 354455, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647953355, "uuid": "f7d4734e-ff67-4665-9725-a73b610d2e63", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647953355, "uuid": "174eeb77-b1fc-4956-8120-d42976ec40e9", "value": "mob786.dll", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "dcdb0461-a999-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647923884, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647923884, "uuid": "3db68e55-5015-4b8f-8694-ebe73baf5e17", "comment": "Malware payload (Heodo)", "value": "c846edc9d7a87826e0a5cacbb2850f15", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647923884, "uuid": "5399be66-b819-4955-9270-862888470e31", "comment": "Malware payload (Heodo)", "value": "586077e1c3c8d9c65ce32b5371e6074aac8465b1c29311a928d36c06db11d9de", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647923884, "uuid": "aae56849-900e-4a23-918a-f8666dbbf17e", "comment": "Malware payload (Heodo)", "value": "4da1d0a1e7f1e5cb169f8c809ae15ce03f5a858c", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647923884, "uuid": "d111f49c-cd41-4b0e-8550-4fe22766e0ac", "comment": "Malware payload (Heodo)", "value": "00dfa3e45bb6ec559131311b4ea7e72910edc42ab57daaf94583fd3dcaf733728af71b4a7bb46b30d1215c36aec6f6a5", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647923884, "uuid": "ce874f82-daf9-475e-a4cf-37928d489192", "value": "T1B974E651A5538073CBFB25F2C7F552B76AD59B91C72B452E02A8C03F7A28E437762E20", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647923884, "uuid": "5ddf15c2-6ff8-4317-826d-d1d8fa9c1e93", "value": "6144:U/L5tYtXZ1BpFHyFjJmP/RbV1M2lvMOeL/grx2f:UWBpwupxl0OeL/grx6", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647923884, "uuid": "1b01e5ad-373e-408a-8bf6-7c5d0901447e", "value": 359972, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647923884, "uuid": "0a9c42d5-b528-4ad3-b787-9ea1e47381dc", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647923884, "uuid": "21281970-1b04-4c09-9b4a-748b61af9e60", "value": "emotet_exe_e4_586077e1c3c8d9c65ce32b5371e6074aac8465b1c29311a928d36c06db11d9de_2022-03-22__043759.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d36da404-a9e9-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647958228, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958228, "uuid": "e95997b1-c7a6-428a-845d-4b3ace610128", "comment": "Malware payload (Heodo)", "value": "19482d422a3bb3ae31303bb400da33ec", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958228, "uuid": "dd15d0d7-7cfe-4c8e-84aa-0e99c1201967", "comment": "Malware payload (Heodo)", "value": "58d71d0d9ad78c9a907f4f55b3ef18b932c7d67cc7c64517865fd2c4efbe1e92", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958228, "uuid": "63b10f96-4ba0-497c-9d05-9f0d3b351014", "comment": "Malware payload (Heodo)", "value": "468f8d654fbe197bdd1979dd20cc2d5876716ae2", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958228, "uuid": "92b53a1a-42ad-4aa3-93c4-6b7d61c17688", "comment": "Malware payload (Heodo)", "value": "62224ec641519506703b0c9c256b5dec7bdf4f8283d28bca1b94ee0d5511fbf0701f623a4559aa3d3f10646c7ce77c14", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958228, "uuid": "44fb7a8a-4e2c-49a5-ba17-0321028c7e19", "value": "T14B059C596B46C0F2C3B53CF0182A42B11D9AFAF2C7B7023B9E84167D9A70DC17768D5A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958228, "uuid": "29470d99-ff03-4563-bf2e-a212e5f76962", "value": "cd97bd977cef263c697f451ae2c47380", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958228, "uuid": "343ff575-6fa7-4918-81d4-9e69ce0c85b1", "value": "12288:V20BXOMcVzpWfmmnDDDX5P8fMYsvFE6NKGfLjx8QvbxafqNPOd4jy:V9XOMc1KmmDPX6svFEDGloyNPOO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647958228, "uuid": "22003344-264d-4058-a2ed-39b2ad0e82ee", "value": 799232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647958228, "uuid": "20c64cef-8fa1-4048-a737-1104222becac", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958228, "uuid": "f0a1792d-1235-4555-8a5a-d47a9fabe428", "value": "58d71d0d9ad78c9a907f4f55b3ef18b932c7d67cc7c64517865fd2c4efbe1e92", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2c0a3453-aa05-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1647969973, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647969973, "uuid": "13b3cf82-38d2-4b1f-a661-57c494a58eae", "comment": "Malware payload (Mirai)", "value": "c7487cfa16ed3acf1d2c4a67056ac072", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647969973, "uuid": "3327d22f-77ae-43dc-a49b-9609ec1752e2", "comment": "Malware payload (Mirai)", "value": "5933b6ca7371e7f6ad9d252449c7b0740fa69ffcddc0fe5b9173b12db7e898fe", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647969973, "uuid": "584dde1e-1f3f-41a5-80b2-df29377a2d7e", "comment": "Malware payload (Mirai)", "value": "fd3b48e062e58b740e61f76aaef6f80b766069c3", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647969973, "uuid": "10371174-b2ff-466c-a76a-7584760dfaf1", "comment": "Malware payload (Mirai)", "value": "fad3dd75a5fc3e823beae4de30553ab8ac1efeeb4c0dadb59953dca1adf240785b5ac38c078b48db25b25afb3d2df77e", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647969973, "uuid": "c8dbe0be-573c-46f4-9535-0ffc7c475e22", "value": "T123C2E1CFDC1E3AADD6ACC871844D0BA06614F1D2F25A174CA702BEC9EF65D1376088E9", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647969973, "uuid": "fb9f6faa-3203-484c-8aaa-50f86639b379", "value": "384:KR2kEWesSAZsbO1TgnOyh33aZ8AW7+6QsbkFG28igKRvMpE6c4lSKdRWGVCzhMhc:229A6O10O+qhWptknnRvMeBWSKrWMc", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647969973, "uuid": "70a92dd2-eada-4bca-9f47-e1e5600a922d", "value": 28100, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647969973, "uuid": "cfeb2dff-bfe3-443b-afe1-970983b949b5", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647969973, "uuid": "615ab803-3f19-4c4f-bca1-b1689d12661d", "value": "c7487cfa16ed3acf1d2c4a67056ac072", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "25ef0f53-a9b8-11ec-9275-42010a9c0029", "comment": "Malware payload (AgentTesla)", "timestamp": 1647936891, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647936891, "uuid": "9fbc2b94-1422-4ae5-a281-61271cd896f7", "comment": "Malware payload (AgentTesla)", "value": "f30291fe4194893e28418892f2a24009", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647936891, "uuid": "bb3f30b2-60ef-4de4-b90a-4b7e19babb92", "comment": "Malware payload (AgentTesla)", "value": "59776aeed92ab1a3d508358e5042e3cae20f5d7ae85e6c1e7bc3d97024ef5698", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647936891, "uuid": "f2dc6ff3-af2e-47f3-abc3-ddcbf7255be7", "comment": "Malware payload (AgentTesla)", "value": "5e073f531c07166477ab7d015e7fc06d05a5e8da", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647936891, "uuid": "11a089b8-dc06-424d-8029-54c53c0e3b93", "comment": "Malware payload (AgentTesla)", "value": "dc5005bd21ea4aa47d252c215d687cac769969d9a8cc45cbc272173693da4575a87e8cc4cb40877327d8060830b44404", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647936891, "uuid": "804219bb-f03a-4a78-bf0a-9e148164458b", "value": "T194352345F660C522CA1D1E75197257410BB8E92EA833D38F381531EA1BFFBA8C68774B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647936891, "uuid": "12f77c24-6d34-4f9c-a87d-7e912dcb57bc", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647936891, "uuid": "9f3c1240-077e-4803-b1fb-54ca87dd0c36", "value": "24576:uoh0dlhpj9HQltIbQHebJz3nc0gv99WSWdc9Znlf:uoh0PhLHO0TgvXWSWq", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647936891, "uuid": "df7f18e4-f63b-4ef5-85e4-5074b146da85", "value": 1071104, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647936891, "uuid": "f414483c-9b86-467f-8466-d7b6d0d1843f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647936891, "uuid": "9bc1604c-d5b7-4af5-ad33-183c90241887", "value": "Inquiry.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ccb47994-a9e1-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647954780, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954780, "uuid": "8775b007-cc0d-4b2d-a5e1-e8beb3244123", "comment": "Malware payload (Heodo)", "value": "2d51e5d9dea84067459e65c636aa279d", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954780, "uuid": "a500764a-9db3-4e7f-bf41-74fb69270dd7", "comment": "Malware payload (Heodo)", "value": "597f6acc9aa9002d1e48f0c44766e6760fce6ab240f42707974968e7c39bc24e", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954780, "uuid": "7d943934-6747-44f6-afe8-5427991078d7", "comment": "Malware payload (Heodo)", "value": "854ec3c95879145496c93b7e4957688f42e08ef3", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954780, "uuid": "c50e17d6-a235-409b-859e-4cf624634fc8", "comment": "Malware payload (Heodo)", "value": "8962dd5b2f898bb55447b7afebc235d49fc2c399364efeff8e099dcb3e5802f327e72e9b8de9ca9b6a67886185ead7a7", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954780, "uuid": "0788660e-7ae4-4342-83b7-40f8d2c3d32c", "value": "T131B40706B152B13DC24BD0B96E0167A951AED9FD0BB137A3AFA813CC06A34D5735DBC2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954780, "uuid": "8265fcb7-2420-4fb3-8bd4-b324039621cf", "value": "42fe0d732d1bb90c6a7a1bcfb8ef88aa", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954780, "uuid": "74cb0c74-e0a6-4752-af73-b4d9230bffa6", "value": "12288:AASStHx1vVHO+1Hx54Pg0p9n4WNL7XE0UdX:ecHfv4qxqnp9l7XE0", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647954780, "uuid": "c71c3dd7-bb64-4e35-ba88-a27d22393147", "value": 532480, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647954780, "uuid": "d93c580b-8d14-46af-aa28-a9d65c0f290f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954780, "uuid": "9c87250a-11c6-4437-b849-55000dd736be", "value": "597f6acc9aa9002d1e48f0c44766e6760fce6ab240f42707974968e7c39bc24e", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d6255d46-a9e9-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647958232, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958232, "uuid": "e6acb67a-6ab1-48cb-858a-1937a726093b", "comment": "Malware payload (Heodo)", "value": "6e3587082334254a5694357863b38c0e", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958232, "uuid": "73d02f9f-47d1-4485-bd8a-c49fe12cb7cf", "comment": "Malware payload (Heodo)", "value": "59d766f91eaad76f6f31ca9f09ca233c2736ce07fabc12488361714b3212cbc5", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958232, "uuid": "ea78d060-aef4-4f24-af26-386329ac0d4e", "comment": "Malware payload (Heodo)", "value": "bc423d96d49d9418ae16b26e9f20373fbcdea916", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958232, "uuid": "8630d053-5e45-4537-bcb5-5cbb9237e36c", "comment": "Malware payload (Heodo)", "value": "dd9851e877158ca9af6315380ee312d2e43ae63737fba939f32f41efc7bf6df9db77af4ace55447057a540617ee28bce", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958232, "uuid": "97c32301-3b49-40ab-808b-7619f1fe0151", "value": "T112059C596B46C0F2C3B53CF0182A42B11D9AFAF2C7B7023B9E84167D9A70DC17768D5A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958232, "uuid": "b1bbf770-a3b4-47e2-9b14-8d2450528cb0", "value": "cd97bd977cef263c697f451ae2c47380", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958232, "uuid": "f0a06659-0c4b-4239-861d-fe456dd43217", "value": "12288:V20BXOMcVzpWfmmnDD1X5P8fMYsvFE6NKGfLjx8QvbxafqNPOd4jy:V9XOMc1KmmDBX6svFEDGloyNPOO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647958232, "uuid": "26ef272f-04f1-4cf5-9b4d-8c9ac5f9d98a", "value": 799232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647958232, "uuid": "43cbe6b9-1794-4312-88a1-fbbe9b65e6de", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958232, "uuid": "e4f9e93b-b881-4128-b3bc-39b10b210d20", "value": "59d766f91eaad76f6f31ca9f09ca233c2736ce07fabc12488361714b3212cbc5", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d8a7ba2c-a9e9-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647958236, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958236, "uuid": "17bcaed1-d64b-4c60-a8a7-a0ea18ac8c08", "comment": "Malware payload (Heodo)", "value": "be56b25309c62f9588c8341f6a6c08e9", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958236, "uuid": "b05ebe4d-414e-47cf-a083-089de92d2e48", "comment": "Malware payload (Heodo)", "value": "59e3a1b0353655e171f9cb0e1414482ef37a3af650d15244fbf3eb54c8d4cb6d", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958236, "uuid": "70ba3fbb-5482-414f-9bd3-2c8cb0cd0910", "comment": "Malware payload (Heodo)", "value": "cf50d880f65a25e98fe6f4ba65e6910a5e8ee340", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958236, "uuid": "0a354c25-f2b8-4285-831b-6c518e4418a6", "comment": "Malware payload (Heodo)", "value": "9d5164a16dcac29d727442e01c1b881407ad03072d88d9dc4566bbf56436a9619703ea9eefc2eced9b105c1fadc5a178", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958236, "uuid": "5a2334f8-f6d9-4f84-90bb-d30ba7dcb4c5", "value": "T186059C596B46C0F2C3B53CF0182A42B11D9AFAF2C7B7023B9E84167D9A70DC17768D5A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958236, "uuid": "12e12031-991f-4c6f-9bec-e1b9602dbfe4", "value": "cd97bd977cef263c697f451ae2c47380", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958236, "uuid": "a308d04b-5e6f-4657-ab0a-fd4efce76e90", "value": "12288:V20BXOMcVzpWfmmnDDfX5P8fMYsvFE6NKGfLjx8QvbxafqNPOd4jy:V9XOMc1KmmDTX6svFEDGloyNPOO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647958236, "uuid": "00339f61-c97e-4058-8be5-5e3d9a6de800", "value": 799232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647958236, "uuid": "f8f97eba-9264-4f95-ad26-d24553433677", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958236, "uuid": "4845f627-dbdb-4eee-8edd-654cde34936d", "value": "59e3a1b0353655e171f9cb0e1414482ef37a3af650d15244fbf3eb54c8d4cb6d", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2fc5a770-a9e9-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647957953, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957953, "uuid": "e6a4946b-e32e-452b-9851-7f5f091b8d88", "comment": "Malware payload (Heodo)", "value": "0aebb8d3b24028680fa48d37e4fce3d0", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957953, "uuid": "7795ba4a-0d99-432a-87ac-d77daa87a087", "comment": "Malware payload (Heodo)", "value": "5a039cba8fd785c245ed0e427e2091ae7eca9301e70f7ae6dcffc86932af0d44", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957953, "uuid": "6555dfa0-a94b-4ac1-95c0-bb3ab046dc6d", "comment": "Malware payload (Heodo)", "value": "9d1f4d9d90b6253c83188a101d898d5a0290c8f2", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957953, "uuid": "83c5c3cb-9ceb-4414-9663-d0b5090cfa98", "comment": "Malware payload (Heodo)", "value": "c79f4c7b82c57019e8d96680e323ed64eebe04e9a165907eca0143ba99cade7827bfd3be84239625f86876e21b68bfc0", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957953, "uuid": "2b76b49a-b907-4487-9218-b3fd74ef0ff2", "value": "T138059C596B46C0F2C3B53CF0182A42B11D9AFAF2C7B7023B9E84167D9A70DC17768D5A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957953, "uuid": "91726e20-daaa-43bc-a11b-b218cb3da973", "value": "cd97bd977cef263c697f451ae2c47380", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957953, "uuid": "d79a3b52-da12-4ed6-b79e-0d25ea4c88da", "value": "12288:V20BXOMcVzpWfmmnDD1X5P8fMYsvFE6NKGfLjx8QvbxafqNPOd4jy:V9XOMc1KmmD5X6svFEDGloyNPOO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647957953, "uuid": "68f42281-db67-40b3-b704-00960456871b", "value": 799232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647957953, "uuid": "5b22117f-2c0a-498b-b8c1-d1a6b07aa820", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957953, "uuid": "12de04dc-8fe6-4570-b566-ae0da55a3794", "value": "5a039cba8fd785c245ed0e427e2091ae7eca9301e70f7ae6dcffc86932af0d44", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "328e6f84-a9e9-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647957958, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957958, "uuid": "907a50f7-996d-4061-83e2-5ee748d12288", "comment": "Malware payload (Heodo)", "value": "fcad0a1f04a42fcb9ce1327a2412ddb6", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957958, "uuid": "7bf3b5c2-59b8-401b-a06b-1b9427dfe91a", "comment": "Malware payload (Heodo)", "value": "5a124cd4fedee29f4529db51498de2f46b9dd12221b8b96e9fcd243236ccc4dc", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957958, "uuid": "25bc4637-8ca4-4d98-a0ce-a8ea25e299f3", "comment": "Malware payload (Heodo)", "value": "2b89cd68d04d9b370eebd6f212f84c5e0f7b5ccd", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957958, "uuid": "c533c9a1-44f9-4005-9ee5-6e9dece4acea", "comment": "Malware payload (Heodo)", "value": "5547e268d440f9c1e7a3ac69d1cc7eb00581f69e7fb18432bca612efd82f2aa77d22181f144043879addcfd7c30877b5", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957958, "uuid": "8b66d260-7507-491d-b1ea-0e33754e5e1b", "value": "T14F059C596B46C0F2C3B53CF0182A42B11D9AFAF2C7B7023B9E84167D9A70DC17768D5A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957958, "uuid": "c68fcbd9-572b-477f-ac28-f5d1b3a4ef09", "value": "cd97bd977cef263c697f451ae2c47380", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957958, "uuid": "09118358-b766-46a1-bbe4-02e004a5207c", "value": "12288:V20BXOMcVzpWfmmnDDjX5P8fMYsvFE6NKGfLjx8QvbxafqNPOd4jy:V9XOMc1KmmDnX6svFEDGloyNPOO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647957958, "uuid": "f8c84a63-98dd-47aa-8bb2-334282118483", "value": 799232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647957958, "uuid": "2202a5fb-2b60-4938-90bf-625c5cc0546e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957958, "uuid": "1622cc06-a0ea-4622-a977-070eb210dfdc", "value": "5a124cd4fedee29f4529db51498de2f46b9dd12221b8b96e9fcd243236ccc4dc", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6809ae92-a9b6-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1647936143, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647936143, "uuid": "7a901520-6d07-4fd7-a6f8-83cb596007c9", "comment": "Malware payload (Mirai)", "value": "0e09f68fe5a4f6fc192113aa5455cca9", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647936143, "uuid": "935300ed-7e02-4066-82b9-556bca5ce538", "comment": "Malware payload (Mirai)", "value": "5a923bdaf4342d52c5509006be61599eeed869c9c5f43631603f86dc3a653c62", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647936143, "uuid": "b3eec729-7cb9-4bcf-b04b-ba909af4c458", "comment": "Malware payload (Mirai)", "value": "471913096efd01079aeb2e289c8b94f7552f950d", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647936143, "uuid": "941f8d8e-bd35-4a19-bc24-2050d1035c27", "comment": "Malware payload (Mirai)", "value": "a2981b8405e6b3007cd2a439a527b99fae4db8a91901cd87da799601a5f25aceb96a04aecec80b22a3191c6fb1745b9e", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647936143, "uuid": "e5efae59-8f8a-4604-bea5-576537fe02c1", "value": "T1AFA3A20A6FA05FF7E8AFCC3746AA1745248D641A21A83F75BD30D818B25B64F16E3874", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647936143, "uuid": "e526bfb9-b140-43d3-b554-1614dd310ecd", "value": "1536:VnwQ+ts/XDTrzMn8twgSOBmdj+sUOPU69:VwQ+ts/XDTrzwdj+2l", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647936143, "uuid": "0135130c-f349-4a60-9c8f-83da1b0bca35", "value": 100736, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647936143, "uuid": "b78c758c-fc01-4f20-8152-28dded2c5bfe", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647936143, "uuid": "6813577d-e809-4a14-b0fb-ae3a253aef49", "value": "0e09f68fe5a4f6fc192113aa5455cca9", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0a49d98a-aa17-11ec-9275-42010a9c0029", "comment": "Malware payload (RedLineStealer)", "timestamp": 1647977647, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647977647, "uuid": "f05fd546-1b79-4fc7-adb9-ea9de034a1cc", "comment": "Malware payload (RedLineStealer)", "value": "e006875365471cb3d19fc60652531bba", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647977647, "uuid": "a0df9280-3f4d-4c20-9fb7-00fe6d2803d5", "comment": "Malware payload (RedLineStealer)", "value": "5ab8f6c79de5cb95a47240c83d90d578818e5b7e4794dae21cdb2238363fafc9", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647977647, "uuid": "bbfd2e30-0c9f-494f-9910-4ce2c5fec834", "comment": "Malware payload (RedLineStealer)", "value": "a55476b838b220be4ab0d486b4e5856cfd64ca51", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647977647, "uuid": "9443c984-31d9-4ae5-9be9-5afe52afc072", "comment": "Malware payload (RedLineStealer)", "value": "d4bd8b7f80c57f69a31cf5a8eabe1f48653d57067e248e03bcd6078a251520d72aae746a92fb47564883321823b23f68", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647977647, "uuid": "820a7d04-7866-4b46-b95e-930793661106", "value": "T10B3633BB5AB904E5C79A157DCAB4A25253CC1038E8EEA16F781F64CDD31089FFC68235", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647977647, "uuid": "c9a8ab24-c73f-479f-9573-c1f9b09539b1", "value": "fddc083fa31a17c938d0a17ec7cd3025", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647977647, "uuid": "f552da3d-9031-4e51-b831-675fe8171866", "value": "98304:oO/XXGqtj2hZraUuO5FrwZEi4cermEALIq+zC+QZSIvKux:oSXGqT5O/MiiXerm9T+++QZSQKq", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647977647, "uuid": "36c36549-8daf-4c71-9225-7ae3c29dd3fd", "value": 4882432, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647977647, "uuid": "2407ad02-4baa-4ccf-9129-b8f41872d881", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647977647, "uuid": "2d7050c9-122f-4406-8228-d51831e098cd", "value": "98549461.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "19de1adf-a9ed-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647959634, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959634, "uuid": "7968f458-8ad9-41bd-922f-2971bf097129", "comment": "Malware payload (Heodo)", "value": "0eca6e6236d4b444c856b62091e57088", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959634, "uuid": "936b688d-3423-4a29-8cdb-1e29627585f3", "comment": "Malware payload (Heodo)", "value": "5b3098d7ec73c82e102cc9c47b34519b2d9624fb6ce42af369048006a5b0373c", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959634, "uuid": "a83e0967-66d1-41a7-a007-8e6e8ebb0496", "comment": "Malware payload (Heodo)", "value": "440df600093e0a36a046325a64c769cd264326e2", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959634, "uuid": "c14e8581-04ae-4638-b82f-d3284649d4a0", "comment": "Malware payload (Heodo)", "value": "b7398b0d78b779c88ec163b26d0c4f9c96dbcfe3a308721baf4fdb133576f84d17e1baf96a5f6928b62ec52959eb4691", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959634, "uuid": "200d9ca1-1aaa-412e-ab81-eed161f074a7", "value": "T1D9E4AE607B81C0BAC31E30B50517A37966E9A9709F3897C7BBD46B7F6E740C19D3821A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959634, "uuid": "4bf46b48-1c8b-407f-ad01-d9a66093e1e2", "value": "cca9170027b8a1c09e4e49e3efdfdd6a", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959634, "uuid": "a4678e13-a8f8-46f7-9d8e-819c993d5760", "value": "12288:JzpSPnEifD6xu1XRiTFIy30ZKm0X0sD12m1yMu0mPVOXNZ:JzpSPdDBQTFIy3mFW0a1/cNVY", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647959634, "uuid": "4cced9c5-34a2-4241-b3cf-4b17bf3228da", "value": 660992, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647959634, "uuid": "9e09f3b4-5efc-4850-90ba-40c3e9bd8643", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959634, "uuid": "8c9d8e0a-f60f-491b-93c9-b8534682ec1b", "value": "5b3098d7ec73c82e102cc9c47b34519b2d9624fb6ce42af369048006a5b0373c", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5bc61952-a9e0-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647954161, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954161, "uuid": "6b500924-5701-4fed-a6f9-c45c71840317", "comment": "Malware payload (Heodo)", "value": "0758ba05cd3f4a2c7d880ca6a337b1e8", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954161, "uuid": "ca561754-b17d-43bf-be4c-6ff2911360b9", "comment": "Malware payload (Heodo)", "value": "5b5e71b35f479dfd3524a4433295155cb6884e4c1ce5ce9463e48a46aff6d0c1", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954161, "uuid": "7095ead0-f986-499d-8e42-811c811a9ed6", "comment": "Malware payload (Heodo)", "value": "2f5ba8e417b1a719a86085218058bfac824e525b", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954161, "uuid": "c7fa939e-fe78-4d4d-b13d-30e87cfaa0d5", "comment": "Malware payload (Heodo)", "value": "f13ec72ee7f862b5bc64812493875e3e14e277974656f730ba23a5ce0f95746555ba34bd1deccfb62880d79e72895d59", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954161, "uuid": "ee8dee80-f538-4c5c-8e28-ed5c5f20667b", "value": "T10725AE223AD5C07BE2AF16760506E76E62F5FD304B2586C36FD11BAE6E345C29739302", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954161, "uuid": "f7e0fdc9-fecc-4b34-be90-301b949e24ae", "value": "c43d7d6aae03def404d4e73d7d3f62eb", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954161, "uuid": "dbcc3feb-b441-4ef6-aea8-a149389ec734", "value": "12288:+LDlVD0Fj+g1dEJgcIzQHBKeWZlQU5tFjNRLU:Ci6fgcIcHB8Z/bLU", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647954161, "uuid": "9d9e588b-28c5-494c-ae05-22c9ea1ee7d9", "value": 1028096, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647954161, "uuid": "5b37d656-daa4-4ba5-b49f-57153bd7fa16", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954161, "uuid": "682474af-218c-4bad-9454-bfa2f7605941", "value": "5b5e71b35f479dfd3524a4433295155cb6884e4c1ce5ce9463e48a46aff6d0c1", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9a820781-a9e2-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647955126, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955126, "uuid": "fbab50f1-c251-4eef-85e6-b8cda4fcc236", "comment": "Malware payload (Heodo)", "value": "12a4bb710e381fac7273d0b09fcbb838", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955126, "uuid": "f2a5084a-b76e-4a13-8edb-6de2b46a0376", "comment": "Malware payload (Heodo)", "value": "5b7605058a7c9f91a1eafc4c78c96f9a00bf89ab0b0b486cec8b41532ff2cb4c", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955126, "uuid": "b34c5843-a52e-45ad-9ddc-3e1c87b995b2", "comment": "Malware payload (Heodo)", "value": "34505871b182630854dbb7128d5a0be157ea75c8", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955126, "uuid": "845bbf16-a0f4-4aa8-9b4a-e65c5eb40e1c", "comment": "Malware payload (Heodo)", "value": "cd8a96d4bdc129cd7938365bfe52196e057ebb1803ddb3033383b1aab672a55ff3787897d1ba67f41b584c137de6dd17", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955126, "uuid": "21d09748-6b67-4248-8b4c-ebb111710d70", "value": "T153D41950735AE1B7D0429CB58D1A82B5A90F6CA14A2471F3BBDE371DEB789B017213CB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955126, "uuid": "1df2ffdc-f33c-4e4b-9736-de199d926db1", "value": "463401f61c44b0d918f1e23374db995b", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955126, "uuid": "c708d547-14c8-43f4-81b3-701ec4f7923e", "value": "12288:DjN/Z2wkRrA9CRDCsElAjHDsndSyHOrNvEP0Oua:dEHR+CR4yfsMyHOpJL", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647955126, "uuid": "d23b20cc-d21d-40cc-98dd-37819510fccf", "value": 613888, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647955126, "uuid": "556a69ed-d7fb-4b75-8503-40c66c9c46b9", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955126, "uuid": "2ed7d2e9-e40f-4945-b308-ed0a0431bcd5", "value": "5b7605058a7c9f91a1eafc4c78c96f9a00bf89ab0b0b486cec8b41532ff2cb4c", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "324cfb92-a978-11ec-9275-42010a9c0029", "comment": "Malware payload (RedLineStealer)", "timestamp": 1647909424, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647909424, "uuid": "a742adce-fa9e-4229-8656-a690df0f943f", "comment": "Malware payload (RedLineStealer)", "value": "f087ef00414bb1cbd2ebfd97c2d429b8", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647909424, "uuid": "d407ae90-caee-4c80-b9e4-8fb60f968e12", "comment": "Malware payload (RedLineStealer)", "value": "5b8fca166c86a2037320ed0a7a72b63437e54cb56bd3c120bc4c21a5cccc81e6", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647909424, "uuid": "9d0d7550-3cfc-46fd-a1f9-af682a79fadc", "comment": "Malware payload (RedLineStealer)", "value": "b97d457f120fb2cde9c21ff961b421abb3313118", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647909424, "uuid": "5aea76ee-fd82-4e11-a000-abd952f5adff", "comment": "Malware payload (RedLineStealer)", "value": "5113895e3df2b3eaba0b345ac256d9e169b9c6d5954809bf296ca07441ad98e83f5bbc94fb6ea4dddd74bd77fa7b8b2a", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647909424, "uuid": "ba764eb6-b475-4d98-903f-3f03d43c6e77", "value": "T106740222B6D0C432E0D640317F25C7A49B3EB8315AA4DE87778667EE0F313D5A9B9346", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647909424, "uuid": "57f905b3-1ecf-4455-8f1e-459206e9c899", "value": "67e4fe6a415d07af81753b9154f04b82", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647909424, "uuid": "d08ff9a4-8b39-4512-8149-3beeda437864", "value": "6144:da/Ga+VwigrWSyIcLDZgYLEw702WejjvCOXOkU4:d0++ig6SyNDZ1gw029rXOkU", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647909424, "uuid": "85a42638-b099-4f26-ad22-5c0248d881c5", "value": 368128, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647909424, "uuid": "e3eaa5f3-9dad-4b59-8b91-5d47db33d2c2", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647909424, "uuid": "650275fd-0979-46ed-9a52-12e386efa5cb", "value": "f087ef00414bb1cbd2ebfd97c2d429b8.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "dd743a13-a9a7-11ec-9275-42010a9c0029", "comment": "Malware payload (RaccoonStealer)", "timestamp": 1647929898, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647929898, "uuid": "61b80c4b-4540-4f9e-af38-355ebc74a937", "comment": "Malware payload (RaccoonStealer)", "value": "378d0a6dff462ef6c69f8df3d881417d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647929898, "uuid": "ae368092-03cd-4584-b54f-d2950016b283", "comment": "Malware payload (RaccoonStealer)", "value": "5bbb1d94191a073a18a77febe1aa777a77966bd506fae11b30e8fe45c0068ac2", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647929898, "uuid": "3e8e14ac-1ac4-4c63-b3aa-b14ccae9150f", "comment": "Malware payload (RaccoonStealer)", "value": "5f9e578b7325f7e09397126296f2d9571a654597", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647929898, "uuid": "385fdfad-82cb-4a8d-9d92-82fc3b2d9399", "comment": "Malware payload (RaccoonStealer)", "value": "638de108b1d966ea0b42cc8cfc787448d5cce9c4413af27821f460169c7931365fec9a0ec2aec913cb24b224388c2f0c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647929898, "uuid": "8e8bbb48-9a90-497e-9366-939642f219bf", "value": "T123B412212351C334D9596838A936C2716A3B78351135CA4FBB06AB7F2F713CB97B271A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647929898, "uuid": "82117f63-28dd-407f-8e0b-53b471c61adb", "value": "d7711116627162a16abc82040806bb37", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647929898, "uuid": "25bcfc23-b862-4317-8d7e-ae49b44e0faa", "value": "12288:lZ2YbaYHMauHQktG8M9FYEVKlTB97tNP:lDWYsLtGrwlT/7z", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647929898, "uuid": "fb05de0e-17f9-47ac-9193-3ebdd1c5ca12", "value": 524800, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647929898, "uuid": "6ecc159d-503e-47a5-a57d-1851d28e73a4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647929898, "uuid": "3184016c-6501-493b-9988-626fc1116311", "value": "378d0a6dff462ef6c69f8df3d881417d.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "47a117f7-a9a4-11ec-9275-42010a9c0029", "comment": "Malware payload (AgentTesla)", "timestamp": 1647928358, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647928358, "uuid": "62223ea2-9877-46e5-8ecb-0758bae747cd", "comment": "Malware payload (AgentTesla)", "value": "5f2266f12326663ac3af2262602454b3", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647928358, "uuid": "2fcee33e-f9e1-4b26-8295-d8b136ec4085", "comment": "Malware payload (AgentTesla)", "value": "5bbe20646d38c2bb4bc38650649633c5a78522a6ea2f09f04cb6be0f3075544e", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647928358, "uuid": "b1f6ed45-4bae-4184-a2c8-4887eaaf7258", "comment": "Malware payload (AgentTesla)", "value": "2d99c2ec11999abe23673b50f2417c1611f189d3", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647928358, "uuid": "4cdaafd9-4c9f-4f99-a15e-4b9e90cca5af", "comment": "Malware payload (AgentTesla)", "value": "e4838be992b234ca83e60a73de64af3c7284cb8be752ee5fa21aab0bf5ab8ffa8594ec222485fd1065365e6f4f43467a", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647928358, "uuid": "9fca6b79-fa35-4d03-b2a6-fd35895147a8", "value": "T1D5C25192D2CCAEF9E85A06765E73BD14123BEDB998719D1D3C5DB0255A332832073A0F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647928358, "uuid": "f2eb69d1-86a4-4498-975b-0da7881c7f36", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647928358, "uuid": "05b8689c-adc5-4bea-8f30-2ab63855f6aa", "value": "384:g4Kw+mJyzlN7obqObp7ffwxvvqh8jD34ORgc1KXuv5yDTi45+:g4Am7bDd4ac1KXs5yDTiL", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647928358, "uuid": "34eec280-62b7-4c7e-bec2-d25966ed1a5b", "value": 26624, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647928358, "uuid": "16ee3e58-de41-47e4-bf40-0bda2132ce4b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647928358, "uuid": "2c0f641f-a699-4950-9673-7e9d150527e3", "value": "BPC-0040910-pdf.pif", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c7cfd8a8-a9f1-11ec-9275-42010a9c0029", "comment": "Malware payload (IcedID)", "timestamp": 1647961644, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647961644, "uuid": "9e533873-f2f4-4cd8-b606-dbf13203c45c", "comment": "Malware payload (IcedID)", "value": "e051009b12b37c7ee16e810c135f1fef", "object_relation": "md5", "Tag": [ { "name": "IcedID", "colour": "#819B92", "exportable": true, "hide_tag": false }, { "name": "iso", "colour": "#ED4E86", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647961644, "uuid": "e11e4e31-3723-4bb6-b9da-f5717625f3e9", "comment": "Malware payload (IcedID)", "value": "5bc00ad792d4ddac7d8568f98a717caff9d5ef389ed355a15b892cc10ab2887b", "object_relation": "sha256", "Tag": [ { "name": "IcedID", "colour": "#819B92", "exportable": true, "hide_tag": false }, { "name": "iso", "colour": "#ED4E86", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647961644, "uuid": "5c3e2e4f-c867-4147-bbd3-7c33e9b4ed3e", "comment": "Malware payload (IcedID)", "value": "415b27cd03d3d701a202924c26d25410ea0974d7", "object_relation": "sha1", "Tag": [ { "name": "IcedID", "colour": "#819B92", "exportable": true, "hide_tag": false }, { "name": "iso", "colour": "#ED4E86", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647961644, "uuid": "e4d9616b-ed46-45fc-97b4-7486e18947cd", "comment": "Malware payload (IcedID)", "value": "8bbb8c6c839f2391343b05082b1753a9395618b36798cac2e4a2fb9e4ea18a03575ac4893f2406c2ea49cc214aa43e05", "object_relation": "sha3-384", "Tag": [ { "name": "IcedID", "colour": "#819B92", "exportable": true, "hide_tag": false }, { "name": "iso", "colour": "#ED4E86", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647961644, "uuid": "c32236fb-1dad-499f-89e2-008d91fe2844", "value": "T164247C17B7A100EBE036817488932A96F333B9514974DF6F739C86A61F673B0DD2AB50", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647961644, "uuid": "dc2de8f7-26fa-4ff0-80e1-2d0284fbcaf0", "value": "3072:P87HcvgjYsFth26h2F11uvFYGAdttuasSf3QHM5TTdfytylU2K:6iloNovud4dtoabfyoS", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647961644, "uuid": "93ce4ba7-98f0-4a28-86e1-af0cf7116bfe", "value": 215040, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647961644, "uuid": "d0a67463-7114-49bb-a8a9-894606002b80", "value": "application/x-iso9660-image", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647961644, "uuid": "3785b54b-9c81-4743-8c12-4847c3f83db0", "value": "docs_invoice_173.iso", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "42c11ce0-a9e2-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647954978, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954978, "uuid": "a9ae126e-5c83-48f7-aa1e-c83e5ac80773", "comment": "Malware payload (Heodo)", "value": "2faa8fddc3b81380502221207dc09673", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954978, "uuid": "f9d143a1-9315-47bb-80b9-7ad341943be7", "comment": "Malware payload (Heodo)", "value": "5c174a2706864e49b7e970e1faf7903277cba53151781457492ee6b2bd956c95", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954978, "uuid": "eb974595-2dad-461f-9b9a-85ea535be177", "comment": "Malware payload (Heodo)", "value": "553e6e3a94bfb7f9ff9f88bf70650cb5fcfa2999", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954978, "uuid": "b771e5b8-96b3-4819-968e-22097afdbcc6", "comment": "Malware payload (Heodo)", "value": "796fd17c93e2ea55a10b809ec87d27ac3e664d18adcf222729762635fa89a2a03001ab73f841224f5d718e6640618803", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954978, "uuid": "a46296ea-1fc8-4c51-8c71-7a1ef2e25194", "value": "T16BD45B11A5538073C7FB25F2CAF163B766DAAB91C72B452E02A8C07F7924E437752E21", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954978, "uuid": "1d93df84-7a94-456c-aa48-b710e066532c", "value": "c7be10fff3b5624b64714e5733abbf40", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954978, "uuid": "ff441221-a63a-4465-bbb6-8b31a5831ad3", "value": "12288:UWBpwupxl0OeL/grxSGzO+r9AjCb/XKh:Psupxa/gB2mbvKh", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647954978, "uuid": "3e58a33b-249d-4c8e-8ff9-fd68e3d5b1ad", "value": 599040, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647954978, "uuid": "33199fdd-adfd-4dec-a81c-380fe931254c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954978, "uuid": "db7af900-9cd8-4eef-8ee0-e96d15f71b68", "value": "5c174a2706864e49b7e970e1faf7903277cba53151781457492ee6b2bd956c95", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fe88d637-a9e1-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647954864, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954864, "uuid": "c7ee0067-aae6-4206-b9c1-22973cb219e1", "comment": "Malware payload (Heodo)", "value": "b5ec08c3258a4d32fe28a1337902b2ef", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954864, "uuid": "b0c6455a-5f53-463a-b349-a5bc30df7133", "comment": "Malware payload (Heodo)", "value": "5c1b76ff126f2b7b0434aca5874b8abf894d81b7dd4bda86e82dab5f506bddbc", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954864, "uuid": "2c733003-ec2c-4c16-a051-8aece7fc15cf", "comment": "Malware payload (Heodo)", "value": "b63df6b780e9300adf0c62efe55327ea9282ad48", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954864, "uuid": "fe37ee4f-e2cd-4399-9ffa-7d24ea86776c", "comment": "Malware payload (Heodo)", "value": "25fb2f23b43071c61d388915d885dda517cc695c1b264c408efbf856abfcb37035d67ebcb72e314e3e311d17721dc6af", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954864, "uuid": "d0e60740-83b1-4576-9354-76dd1dc61639", "value": "T1CBC47D1173C390F0C6576578840FE615AC7BB83C6B18857EB14B62AF4BF78909A346FA", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954864, "uuid": "ae8563aa-c171-446c-a112-6898103a9254", "value": "c7be10fff3b5624b64714e5733abbf40", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954864, "uuid": "53feea9a-e835-41a4-b19a-73aa87974355", "value": "12288:S54yM33d3q3Z7BoggreNmF+U/9JckIAGfUeb:SKh3831Bo6N6+ADckbeb", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647954864, "uuid": "ca3619fc-dd3d-4399-a352-2c6e887a9d43", "value": 580608, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647954864, "uuid": "924f266c-71d1-4cd8-9e44-00edc297e0bd", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954864, "uuid": "0abf035d-c606-4b91-8931-b01e9cdcce91", "value": "5c1b76ff126f2b7b0434aca5874b8abf894d81b7dd4bda86e82dab5f506bddbc", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bf79bc10-a9df-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647953899, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647953899, "uuid": "6ca76413-5881-4607-94fa-eaa3ac072e0c", "comment": "Malware payload (Heodo)", "value": "8e67a83a18a3579a6741e3a39d1ecf39", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647953899, "uuid": "ceed906f-b9c4-4051-8052-471b53cee082", "comment": "Malware payload (Heodo)", "value": "5c20325219fd6239a33219646fc6260fd7a98c5493737adee4c1e82b354522f1", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647953899, "uuid": "15ee3bb1-5d15-4e9c-add0-bd7226a03891", "comment": "Malware payload (Heodo)", "value": "01924dc5b3f7ab88746fcd410b5edb4d3160640d", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647953899, "uuid": "0ca5fc08-c873-46e3-87b4-abd611a97529", "comment": "Malware payload (Heodo)", "value": "0acaccee6af6c97f80c6250025cfb7d93777d0cf7c3e5e02c44dcc30fea29d34b5fd4d01ac31583269fc422f221e2eba", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647953899, "uuid": "d2ac3150-e872-4962-9dbc-520e4949f718", "value": "T16925AE223AC5C07BD2BF16364506AB6E62F5FD304B359AD76BD02BAD6E345C28735302", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647953899, "uuid": "38db0a35-eec2-478f-b1b4-0e24cb2b5d0e", "value": "c43d7d6aae03def404d4e73d7d3f62eb", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647953899, "uuid": "d0116a51-fac8-4022-ab71-32c86e929a75", "value": "12288:3EfTTMN0tPXuuddE6R4eehQv1mR4z+ZCnQ2v02gesq3MOeqxyo8:3EfTfvuaR4rhQdmuqL3HcMOeWyB", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647953899, "uuid": "1f94d877-0347-4a53-9ffe-a7ec0b5a0ebf", "value": 1036288, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647953899, "uuid": "c77f6b2e-364a-46f9-be4e-7ed6565b118d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647953899, "uuid": "13bc0700-c6e7-40b5-8db4-2b5e2e3361f7", "value": "5c20325219fd6239a33219646fc6260fd7a98c5493737adee4c1e82b354522f1", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "35144757-a9e9-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647957962, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957962, "uuid": "6777484a-db0d-4273-8f14-822c0b22be7a", "comment": "Malware payload (Heodo)", "value": "156bd763f8fd1b56750fd5d9587ef8fb", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957962, "uuid": "19f2b310-9571-4464-843e-7e0ca36d0ec3", "comment": "Malware payload (Heodo)", "value": "5c632035bb72b687ad5f73201f1f505e980887895dc1b4436e6573c0e37636ab", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957962, "uuid": "3cb8721a-7dd7-4c70-97d5-374b8ac1723c", "comment": "Malware payload (Heodo)", "value": "24751b9ce425c4adacce3833bfd935b0165d0220", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957962, "uuid": "6134957c-5733-42b2-9bc7-c506ef4ec3d8", "comment": "Malware payload (Heodo)", "value": "b0a51b351168450ef90067c3d49d9d7ffcdfa562f1ab950935ab0f99e5a8d89ad4c94bb2c027634a90ff6688d92dd6d1", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957962, "uuid": "0481e5e4-9a19-4c02-9d89-fa86c2607747", "value": "T1ED059C596B46C0F2C3B53CF0182A42B11D9AFAF2C7B7023B9E84167D9A70DC17768D5A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957962, "uuid": "6f93cb0a-3edb-43ea-930e-2c3a684efbce", "value": "cd97bd977cef263c697f451ae2c47380", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957962, "uuid": "3714a633-37d5-4271-ae1b-0e41f8bd4189", "value": "12288:V20BXOMcVzpWfmmnDDFX5P8fMYsvFE6NKGfLjx8QvbxafqNPOd4jy:V9XOMc1KmmDZX6svFEDGloyNPOO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647957962, "uuid": "eda9f30a-ff8b-4171-b6ce-a1297dba837d", "value": 799232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647957962, "uuid": "17bda6ce-93c4-45f1-9831-c85839e44707", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957962, "uuid": "b1066b24-b185-4522-a244-f000935640f6", "value": "5c632035bb72b687ad5f73201f1f505e980887895dc1b4436e6573c0e37636ab", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ae11562d-aa19-11ec-9275-42010a9c0029", "comment": "Malware payload (AgentTesla)", "timestamp": 1647978781, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647978781, "uuid": "50c6dd1e-8028-4785-ab3d-1af05d062802", "comment": "Malware payload (AgentTesla)", "value": "d5dc28f044e2c0c1c69ca66543db2102", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647978781, "uuid": "01cc391d-d6ca-4bd0-bbca-e57bf40ed0fb", "comment": "Malware payload (AgentTesla)", "value": "5c8b80c90e1aad723cbebb1e110cac63de2af4fae610edf928c9d1e29a9c4354", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647978781, "uuid": "8386e21f-292b-4927-8e69-870986bcde65", "comment": "Malware payload (AgentTesla)", "value": "48547eba91592bf6fde8b70a99c51da097387819", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647978781, "uuid": "7d09f781-f9c1-4c6b-9e73-60e61cfc980d", "comment": "Malware payload (AgentTesla)", "value": "4fb70fd872b79b479838da31c19476425378d488b5e9a144fe2789cc02414dc5070561c3aa3c7d65a41066eb94279d57", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647978781, "uuid": "d04a41e8-f5f7-4c75-a775-5d3767c11ca3", "value": "T1283533DA06B89B77EA371FB008B42B8193B914462616E2AEDD6724C7D5FFB0107127C7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647978781, "uuid": "6e83e32c-8f8c-48ca-96d7-0420913de0c8", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647978781, "uuid": "4080fb12-0c65-4387-90af-e518c3f516c0", "value": "12288:vRohv+5Btc6FGrqWm1drwcVQ0Q6LKaQllio9VRU3G/xeAVjU9h9dzUYYS5uwSbjb:pohvKc6Wm1KALzApWSPidzSwyj61rwm", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647978781, "uuid": "0721acae-761b-4a40-a3df-407b52565245", "value": 1155584, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647978781, "uuid": "d5cb78f3-1faa-488b-b0fa-b1c8373069b3", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647978781, "uuid": "fd970a0a-a081-4e98-9861-abedbe9102c5", "value": "QUOTATION.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c5bfda3f-a9cb-11ec-9275-42010a9c0029", "comment": "Malware payload (AgentTesla)", "timestamp": 1647945320, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647945320, "uuid": "b64f0cf4-7642-46e0-8dce-733b9d905664", "comment": "Malware payload (AgentTesla)", "value": "3344711c665ef776e9db34988d155819", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647945320, "uuid": "5a8de9e2-9e91-4e7e-af2c-f31f79d462fa", "comment": "Malware payload (AgentTesla)", "value": "5c8ca5a4ac13b243e0cf1fe32639b2e4af070c5ae9622d1f5828c9693faf0833", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647945320, "uuid": "ef4329d5-2802-4c2a-8d6e-9e74e4452adb", "comment": "Malware payload (AgentTesla)", "value": "996f4e8c59d27a34082779bbbec05ab69d13149c", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647945320, "uuid": "1e2272d4-8bf9-46f8-9033-cd6a0cfa8aeb", "comment": "Malware payload (AgentTesla)", "value": "a6a290c0d9e28a3703a9e245f4018f91cd1f8f268e1c974c0cfc17ede629fc3828fa65172e61d6699061b16bf10946be", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647945320, "uuid": "657d79b1-ba35-4c41-ac56-cbb33910512b", "value": "T1003523C43FA8E62BC2650E336690E22457B8E4866953FB5FEDC22615216D78CC7D3B07", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647945320, "uuid": "e1c8a7e4-5038-46ca-9db4-17e45064c3df", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647945320, "uuid": "bae4785c-6870-4a8e-9782-c217736fc6f5", "value": "24576:HohCYlYVDPqqKBti2q9+2gLSZPBwaiUggMrK13mFt:Hoh3CJqqKBZq9+2gwPfggMr6Ct", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647945320, "uuid": "3a781760-4cb0-4de5-8d3b-f166f485c379", "value": 1063424, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647945320, "uuid": "445a22ae-8c21-457d-b2c9-b182d57b6b70", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647945320, "uuid": "c6bd15d5-548f-4b89-94b5-fbe0ae3fc96c", "value": "Inquiry for New Order 21271.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e1185134-aa14-11ec-9275-42010a9c0029", "comment": "Malware payload (RedLineStealer)", "timestamp": 1647976719, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647976719, "uuid": "19aabef2-a1da-4337-913b-01ff70754df5", "comment": "Malware payload (RedLineStealer)", "value": "8137a7929d7ffe77212879446a6cae8f", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647976719, "uuid": "53dd20db-a3ba-4f63-8842-0e6b0bc213da", "comment": "Malware payload (RedLineStealer)", "value": "5c8d83be3f8d349f02d0624b9373256f5e80e7a299d281340145c092209a1a00", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647976719, "uuid": "d0315eb8-cc7c-44e1-9b51-5f4cea89d91b", "comment": "Malware payload (RedLineStealer)", "value": "87bfa70f3b83dac5a34aa7b1f27e30e87000a050", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647976719, "uuid": "d8a2a712-7d62-4cbe-b105-b78edfe77525", "comment": "Malware payload (RedLineStealer)", "value": "92e7e6aaa7f5384bfbb6948374ce6e3bd04517e0fa6b644239a2cd2c0f6bb5268d6e12b2a97fd4d0df63d943148ae6fc", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647976719, "uuid": "c6fcc68c-acfc-4e8f-963f-963ae1d5d493", "value": "T15A26236343250196E0A1CC3DD637BED131F707978B82BC7A86EAB8C515365E0B763A93", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647976719, "uuid": "13d7fc92-e0e0-4d84-819c-6b3566753ab4", "value": "b2ec5e305a410e6442f3911ef61575a5", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647976719, "uuid": "73774e4d-2228-45b5-aa53-7f11d3c1e35e", "value": "98304:uzG813kkHDl2ULQ5GU9RmypzgNbEMqB1B5vC4PMps2W:uKkHDlPLYgNbEMAasT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647976719, "uuid": "211468a0-8c11-4a00-8396-feb91dff4926", "value": 4763800, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647976719, "uuid": "8da9a4ef-8863-4e08-841c-f76ecc41a1a9", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647976719, "uuid": "b1cd4696-dc51-494e-82ef-e4b0739ba56f", "value": "52278679.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "38681442-a9e9-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647957968, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957968, "uuid": "400525b5-2e3c-4707-94db-f4be5648f0bf", "comment": "Malware payload (Heodo)", "value": "9f5e428ce3ed34a1acd44e58e44d76e4", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957968, "uuid": "31208b42-5d25-4009-8d91-22cf9d907f88", "comment": "Malware payload (Heodo)", "value": "5cb560bee642c48ae3065a475a316165496439798d80f20fcdb6a51809fa8591", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957968, "uuid": "d7c00651-e9b0-4c38-a499-71048c7d6cac", "comment": "Malware payload (Heodo)", "value": "e6b556e01b08a053783a4af056d660ee28b4f862", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957968, "uuid": "9de4a931-2d00-4fba-b332-ad404c5f34fa", "comment": "Malware payload (Heodo)", "value": "1b9f35f0db0ae349d3a533f8691474e4145acc0dc9c1d34d5783efd185593c675cda78ce6e6ba460d0e4b5a4f0aef2a1", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957968, "uuid": "f60ef974-1e15-4ad9-b3f8-40041e2b7158", "value": "T163059C596B46C0F2C3B53CF0182A42B11D9AFAF2C7B7023B9E84167D9A70DC17768D5A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957968, "uuid": "be98bae0-37df-4b49-b87d-83560f5126ed", "value": "cd97bd977cef263c697f451ae2c47380", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957968, "uuid": "f8b8ec34-df01-472b-be72-0fe7ab655a11", "value": "12288:V20BXOMcVzpWfmmnDDKX5P8fMYsvFE6NKGfLjx8QvbxafqNPOd4jy:V9XOMc1KmmDGX6svFEDGloyNPOO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647957968, "uuid": "9b0c7c0e-68c5-4535-95b5-6fde5da48183", "value": 799232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647957968, "uuid": "b94d2397-3b2b-42f8-8e46-9d578db6061a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957968, "uuid": "11fc99ed-d747-42e7-b685-d69bbb2a6b5f", "value": "5cb560bee642c48ae3065a475a316165496439798d80f20fcdb6a51809fa8591", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "25cf5a32-aa0b-11ec-9275-42010a9c0029", "comment": "Malware payload (Formbook)", "timestamp": 1647972539, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647972539, "uuid": "ad8e2dc8-0a2d-40df-914f-3cd228229af0", "comment": "Malware payload (Formbook)", "value": "3a5bbb42a8e9bdd5d80220146db4fe8e", "object_relation": "md5", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647972539, "uuid": "a1ca0350-3791-4a7a-a650-76f7eb139741", "comment": "Malware payload (Formbook)", "value": "5cc1fcbd0b9614020cefa407d33f02e1a1ef41b5759182c47c95d9b00d1c0264", "object_relation": "sha256", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647972539, "uuid": "4e531472-a76a-4ada-9070-ecc3d50f35c2", "comment": "Malware payload (Formbook)", "value": "1bc8f9ee46de05585d7431c1d52fe026a4103b4f", "object_relation": "sha1", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647972539, "uuid": "fe17fa46-7b7e-461d-8fd3-90ef816f5372", "comment": "Malware payload (Formbook)", "value": "f73480d8567f2b2fa7b18049bc87483ba91b304cd1e319f96f8e7a57b9bab6e25039bf6346f7546f2b417219ed7e206b", "object_relation": "sha3-384", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647972539, "uuid": "e658bdf9-5256-4ed7-a254-f86b94236375", "value": "T1630402E776D6B689C64390B809F08C3160BADD0921BE8265A2C5718DE273F1507FF27B", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647972539, "uuid": "3f7fe272-bd3d-4899-9caf-889c6bcbb728", "value": "3072:eL0O1GKVn7EF8m+JNkK61E2gyz0myTtHm0Y9gYmbJ4kfB34aXDotzNeQfngoDTC7:M0OLEmVNbuE2gyHKmT8TJ46obhfngoDs", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647972539, "uuid": "63ddeb1d-0b14-434d-b485-cd1c8b093dfc", "value": 186856, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647972539, "uuid": "a40245c9-4070-4077-a48f-bbe5876429bd", "value": "application/encrypted", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647972539, "uuid": "021a8fff-289f-4863-81fb-7d12dcf67c4f", "value": "Awb_tracking_receipt_0322202291319800000000000000.xlsx", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5e06e675-a9e0-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647954165, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954165, "uuid": "023aacfb-3c02-4098-84b2-8e08f9328173", "comment": "Malware payload (Heodo)", "value": "0041981dacf9a6b9445ca2a81b76bd3e", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954165, "uuid": "4046482e-6441-44eb-b81d-a8838ad5766a", "comment": "Malware payload (Heodo)", "value": "5d0be9af8c729ea0e632e2153af1bd80a4318315ba417804d76493a2a29b8b30", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954165, "uuid": "0f358bc3-966e-404a-acfb-fe8ee464c30b", "comment": "Malware payload (Heodo)", "value": "5929ebf047cba3d4b2922412135a3167b836805c", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954165, "uuid": "12c6e35e-9de0-4047-8a1c-0ce28b09af8a", "comment": "Malware payload (Heodo)", "value": "cc2b96850036bfdc3a0bc183de9d97770c6175d8be2adde6309d20c30bf91feb1791dd5a6fda7e740928a6dee4cb202a", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954165, "uuid": "19205066-a59d-4d95-9a3e-789f236c419c", "value": "T17325AE223AD5C07BE2AF16760506E76E62F5FD304B2586C36FD11BAE6E345C29739302", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954165, "uuid": "7b62f68a-76f7-4704-b89d-c4f63f2b486b", "value": "c43d7d6aae03def404d4e73d7d3f62eb", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954165, "uuid": "a69920bd-7ddf-43c4-b890-5e85e8200b7b", "value": "12288:+LDlVD0Fj+g1dEJgcIzQHBKeWZlQu5tFjNRLU:Ci6fgcIcHB8ZNbLU", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647954165, "uuid": "36476972-ac58-4e43-8839-e308731d10c9", "value": 1028096, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647954165, "uuid": "e1696b05-8246-4632-a70d-eee860a10118", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954165, "uuid": "098ca6bb-dfff-44f3-901c-6d7b23358778", "value": "5d0be9af8c729ea0e632e2153af1bd80a4318315ba417804d76493a2a29b8b30", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2c0f9443-aa16-11ec-9275-42010a9c0029", "comment": "Malware payload (RedLineStealer)", "timestamp": 1647977274, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647977274, "uuid": "fc4c1dc6-fca6-476a-bb3d-271f6814d6ca", "comment": "Malware payload (RedLineStealer)", "value": "b7dd71ba4089487fd9c3567508c46f11", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647977274, "uuid": "6656b41b-b2f2-48b5-9352-1cbf2c5e5e5e", "comment": "Malware payload (RedLineStealer)", "value": "5d13a1b16c6eed5d9c618572745ba00fb44f99ca0c9e5771f07be7a2a33b5a1e", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647977274, "uuid": "af20ab75-fae8-43e2-a112-b5e195fed485", "comment": "Malware payload (RedLineStealer)", "value": "05b421de45f7be83d86c4344beb0df119ccc7b62", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647977274, "uuid": "cb807474-3427-4267-a23a-ba3394c5f5b7", "comment": "Malware payload (RedLineStealer)", "value": "9001a8af67a5b0a8ccec311f3d9024f4bb3ee5d66f1bb959d69281515416668b962e76e024bd9ef28706ff34c3f6fd6b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647977274, "uuid": "6d96f8a8-a847-4e78-842b-c312fbf20459", "value": "T126363339E90EF710D56E30F6462C071BB518F7E8275A147293A5928A5C38CFF88D869F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647977274, "uuid": "56e078ac-39e5-4640-9998-05115d145a07", "value": "fddc083fa31a17c938d0a17ec7cd3025", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647977274, "uuid": "71280477-0bac-428a-a2c9-d86f072cd34d", "value": "98304:da8NFj90NCZpqCdYlik4hQSK5ntDMtPhEEBgSvEwl9KI:da8N1aNCZQsYz0e5nxMtJHBvEC3", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647977274, "uuid": "947c1881-3832-4966-979a-4184271dceb5", "value": 4890624, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647977274, "uuid": "81034c6e-27a3-4c25-818c-bd6d84f236a6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647977274, "uuid": "57f44cf1-2af0-4703-8189-d3f099a16342", "value": "58040445.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c1e1ec89-a9df-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647953903, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647953903, "uuid": "585f05aa-a148-47ef-be49-d57b35c633b1", "comment": "Malware payload (Heodo)", "value": "6c0cbd7c6c793d8bc307b629c2cfda36", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647953903, "uuid": "89c0b533-f008-4d40-b690-0ae8be510c74", "comment": "Malware payload (Heodo)", "value": "5d769c847620dfa77aeeb4d74ec57d79a5b58a8c8fe8e9d704f7b8f50a9beff1", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647953903, "uuid": "1da414d1-ef0e-4e93-91b5-9f23a7b17d99", "comment": "Malware payload (Heodo)", "value": "9f9476f2e7c44ae5ca7febd4af7269ce4617b219", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647953903, "uuid": "c06e59c9-f34a-4d7f-93e7-3d011e4ff44c", "comment": "Malware payload (Heodo)", "value": "45b3a48c267f46bc3a91badab9770413e83e42c1000694d97a8c3c0343b98c137244a1b47fb855d0b28442f9eb956073", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647953903, "uuid": "5c64912d-8340-49b9-bb4d-4f63e7263627", "value": "T1F725AE223AC5C07BD2BF16364506AB6E62F5FD304B359AD76BD02BAD6E345C28735302", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647953903, "uuid": "1c689566-4c6d-450e-98cb-c5fd4b7357ba", "value": "c43d7d6aae03def404d4e73d7d3f62eb", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647953903, "uuid": "155f7f02-fda7-4d04-809e-5c05653dd895", "value": "12288:3EfTTMN0tPXuuddE6R4eehQv1mR4z+ZHnQ2v02gesq3MOeqxyo8:3EfTfvuaR4rhQdmuqu3HcMOeWyB", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647953903, "uuid": "19b386e2-c7db-48cb-9102-04652a2cf8ed", "value": 1036288, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647953903, "uuid": "b4211743-5fc4-427d-8283-02b8e49959d9", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647953903, "uuid": "c9f9ebf1-bebd-4a69-88e0-a21fb4c2c54b", "value": "5d769c847620dfa77aeeb4d74ec57d79a5b58a8c8fe8e9d704f7b8f50a9beff1", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d72457a9-aa16-11ec-9275-42010a9c0029", "comment": "Malware payload (RedLineStealer)", "timestamp": 1647977561, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647977561, "uuid": "77d27312-c8c1-45d7-be09-17fac65ce654", "comment": "Malware payload (RedLineStealer)", "value": "f1d4a910600e55cdc855c285df8db1ee", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647977561, "uuid": "f199e0d3-ba3c-41c6-8869-14256d94a368", "comment": "Malware payload (RedLineStealer)", "value": "5ddd70926a7bafe4e2e8eaf95305c83f6c107ad5c79c244b136ec50d005dc3c9", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647977561, "uuid": "e72b4d35-c843-4ca9-b5a9-1d31c9772f5f", "comment": "Malware payload (RedLineStealer)", "value": "98bc92b35d7dde4c73ac2c31a689387fb624246e", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647977561, "uuid": "fcf7cf43-a587-43a6-aa92-72040b49575c", "comment": "Malware payload (RedLineStealer)", "value": "858a7e803a13bc48f2a42c71e80ce8e7e7757b3b5b5485172162f488ecd257b7a2dbfd325b3695efc13af3c97b7b2b6a", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647977561, "uuid": "8a4e7cf7-988b-4e61-a238-0e73e898124d", "value": "T1223633C94DF6361ACACBBD3053BF3602B1E233BC9D8508A94D11B746CDBEB236149656", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647977561, "uuid": "71eaedea-fac7-4a3e-a33e-7cd88893567f", "value": "fddc083fa31a17c938d0a17ec7cd3025", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647977561, "uuid": "a87490b3-01db-4ef4-b6d0-99f8632071cf", "value": "98304:i/glWaoyvBBs3f3zzGWXQ308z3CK+MYid6b0wq:UWTBsv3WWyHi0D", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647977561, "uuid": "488553f3-834c-481a-b502-a63448e0d95e", "value": 4886528, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647977561, "uuid": "bf1dd9aa-3853-4cf6-a89b-79818e685224", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647977561, "uuid": "ef618f8a-d5f8-4cf2-88aa-e46ec80d26f0", "value": "64205975.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "85578033-aa15-11ec-9275-42010a9c0029", "comment": "Malware payload (Loki)", "timestamp": 1647976994, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647976994, "uuid": "d9c98678-86e9-4fbe-acf2-6f008d9d1a83", "comment": "Malware payload (Loki)", "value": "870aa9612a876f941251d308a242cf8a", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "Lokibot", "colour": "#9C190D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647976994, "uuid": "70c82de1-52da-4296-a411-fdf7a9c3a140", "comment": "Malware payload (Loki)", "value": "5e0dfb1cf53ddc34073824e78e2a7a4bbd539760f9bbf2b14cf50e9c4ac333e9", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "Lokibot", "colour": "#9C190D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647976994, "uuid": "205f3e38-fd3b-4999-a96b-3d59d6923c4c", "comment": "Malware payload (Loki)", "value": "8ce86b0711ad54919165486f41c1e2b88ad47101", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "Lokibot", "colour": "#9C190D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647976994, "uuid": "6f80dfdd-20bc-4d81-827e-430f6963be87", "comment": "Malware payload (Loki)", "value": "ab8d0dd56e61b41aa1b774a165450bad4899a231b35d9a58d9f23420f42df6983a5b322902ff0d7b3582f66111854d85", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "Lokibot", "colour": "#9C190D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647976994, "uuid": "c4b610a0-a1e3-4cb6-a0d9-3c01a656f89b", "value": "T1EF34121733E0E5B7C2E205742DB6AF79E3BFC39852E54647A3C01E7B5D98342881B682", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647976994, "uuid": "46766f0c-aaec-45be-a5b8-e3470acdd003", "value": "7fa974366048f9c551ef45714595665e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647976994, "uuid": "ffe04e0d-af88-4ba8-a819-ac3de9f57787", "value": "6144:rGivWOWqbGculLUF9fOUF4U71D1Cgjg8hDI4RNMrcT:qOWUhROUjNHIYNMrcT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647976994, "uuid": "832ef024-9360-4910-a02b-0cb4e2fb530e", "value": 242929, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647976994, "uuid": "12ef82a7-b31c-4fcf-b8a6-fbd983d77ce0", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647976994, "uuid": "39a6e795-edb2-4ca2-b3f7-3b87fe4fb967", "value": "vbc.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ab299d2a-a9e1-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647954724, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954724, "uuid": "57955413-c055-4e27-b3bf-be8defb63410", "comment": "Malware payload (Heodo)", "value": "b8fce08c58919b0132b419236cc79199", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954724, "uuid": "ace669d8-2cf3-455f-86fa-f5b947a2c165", "comment": "Malware payload (Heodo)", "value": "5e43bbb6b8624bfec2292b9a2da7ecda070b5f4a1dd3dcd7215c94b38a65b7db", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954724, "uuid": "65bb2453-df4e-4559-a9a7-5269859a02ac", "comment": "Malware payload (Heodo)", "value": "6d8e2806ea991fcbf738c28e95d73046e52b1067", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954724, "uuid": "61cf9725-69cc-4f17-af14-c5916f8904f6", "comment": "Malware payload (Heodo)", "value": "dccd9e1dda8798775fd983b9f5028b0729e40c359ffcbfcd57b96921f1c15dd8809fac68e31bd510dac8139cc7c53a6c", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954724, "uuid": "39ab6675-df1c-41b4-8a16-a256b664063b", "value": "T11EB40706B152B13DC24BD0B96E0167A951AED9FD0BB137A3AFA813CC06A34D5735DBC2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954724, "uuid": "8059afad-aa34-4672-8899-71232c2e9c48", "value": "42fe0d732d1bb90c6a7a1bcfb8ef88aa", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954724, "uuid": "06babf32-e3a9-45aa-99cc-0149ee3fd659", "value": "12288:AASStHx1vVHO+1Hx54eg0p9n4WNL7XE0UdX:ecHfv4qx3np9l7XE0", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647954724, "uuid": "3ad99697-4cb9-4887-885b-1654516b7aa3", "value": 532480, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647954724, "uuid": "b08a67d8-2271-4c29-9ae7-a3e57558c1e9", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954724, "uuid": "7d944173-4341-4b2c-b21e-e76484caedb7", "value": "5e43bbb6b8624bfec2292b9a2da7ecda070b5f4a1dd3dcd7215c94b38a65b7db", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9e0d259d-a9e2-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647955132, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955132, "uuid": "844629e4-b60d-46e4-b786-2c8a95f7caca", "comment": "Malware payload (Heodo)", "value": "114428cb8b6d2d32408708e6f652a5fe", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955132, "uuid": "768b4b05-8511-4800-ad2b-c8e79d154050", "comment": "Malware payload (Heodo)", "value": "5e51bd084b3c257bfe0f057186717d141e364d5f3eee7de315c91dace013fb9b", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955132, "uuid": "54ecfec8-1da8-467b-b5e2-5e7e32b7e21f", "comment": "Malware payload (Heodo)", "value": "f132f5443f2b746bef9ef4b66cf907035220f307", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955132, "uuid": "3234c834-f219-45f5-b987-2b4e5a9128cd", "comment": "Malware payload (Heodo)", "value": "c8eb0f144faf9f5456d41753e599262f63c7b10b29f6f2a396c969aacf4b0363f1d866f44e1b80ddfb4a40bdeec9ae0c", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955132, "uuid": "fdc7a13b-e804-4dbd-be18-1d8e4bf6df77", "value": "T1FFD41950735AE1B7D0429CB58D1A82B5A90F6CA14A2471F3BBDE371DEB789B017213CB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955132, "uuid": "bf3fcb7f-9de5-4f4e-87cf-074fb006d44f", "value": "463401f61c44b0d918f1e23374db995b", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955132, "uuid": "82672be5-cfc9-455e-a9d1-2667f7430e70", "value": "12288:DjN/Z2wkRrA9CRDCpElAjHDsndSyHOrNvEP0Oua:dEHR+CR/yfsMyHOpJL", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647955132, "uuid": "1e543e9f-a619-46cd-86c6-df1f845f79fa", "value": 613888, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647955132, "uuid": "c6466946-a209-4e9f-8838-f2611e953bd1", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955132, "uuid": "93371fb2-d61d-4411-bd6b-6ec50f051cab", "value": "5e51bd084b3c257bfe0f057186717d141e364d5f3eee7de315c91dace013fb9b", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3b986515-a9e9-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647957973, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957973, "uuid": "93c36f5f-a3ee-47c2-9d5e-76ab5049bdea", "comment": "Malware payload (Heodo)", "value": "69de553df896afcae6c52e1eae23beb3", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957973, "uuid": "affe7252-83c5-4b3e-b082-83b3c60eb4bb", "comment": "Malware payload (Heodo)", "value": "5e972bce83d9f4492260f157dee45693e90d91657ff7c7c607401756bd30e061", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957973, "uuid": "d0412101-4cda-4de3-8d6c-43254e5ff462", "comment": "Malware payload (Heodo)", "value": "82c28d0b3ad826cc7761d4486e4f7b870b8e9b58", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957973, "uuid": "cff61ab4-5345-45fa-bfad-b5ede700b05a", "comment": "Malware payload (Heodo)", "value": "42f0b4e6efd042f15e8335c3c4e892111580daf8fd985f80a10856e895783d636e87c09371db2a796c37a4eb15162ef5", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957973, "uuid": "b22c7387-8fdf-4612-897f-9b3b99843eab", "value": "T153059C596B46C0F2C3B53CF0182A42B11D9AFAF2C7B7023B9E84167D9A70DC17768D5A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957973, "uuid": "a4aed0e8-4587-465a-b276-bb0bda4cc98f", "value": "cd97bd977cef263c697f451ae2c47380", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957973, "uuid": "a24a0fe9-52bb-41d2-8f6e-74ef79ce1151", "value": "12288:V20BXOMcVzpWfmmnDDhX5P8fMYsvFE6NKGfLjx8QvbxafqNPOd4jy:V9XOMc1KmmDtX6svFEDGloyNPOO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647957973, "uuid": "096aea45-1198-4af8-8c56-fa0c9351e339", "value": 799232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647957973, "uuid": "bf17dd87-cc62-47d4-aa76-2d2f9b1f1b3b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957973, "uuid": "786001cb-ebba-4424-9d10-7fde5f036343", "value": "5e972bce83d9f4492260f157dee45693e90d91657ff7c7c607401756bd30e061", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d4e0a96d-a9c3-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1647941909, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647941909, "uuid": "236063fb-a80f-4959-ac99-7e6fa3804517", "comment": "Malware payload", "value": "186089f858455736929e3f06a9171d7b", "object_relation": "md5", "Tag": [ { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647941909, "uuid": "198c75c0-e8cd-4b71-83d4-7e3aa431ca79", "comment": "Malware payload", "value": "5e99b7787fc76ab0cf83fe9843bce42acf3374640d923dee69daa10947ca64e0", "object_relation": "sha256", "Tag": [ { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647941909, "uuid": "6ab582f3-eeae-44e7-a436-2704e2bdd21b", "comment": "Malware payload", "value": "141df459c8fcb05e90cf2dab8dd9f745e7f6082d", "object_relation": "sha1", "Tag": [ { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647941909, "uuid": "ff1a9743-49f8-402b-82e7-3deaf7b9d290", "comment": "Malware payload", "value": "a73546cd0ca402537c0996066dcb54c38aacb28d7660e41d7d76a75709ab9f5d14fc3d27907e5bb37b3f3209157bccfb", "object_relation": "sha3-384", "Tag": [ { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647941909, "uuid": "7d816895-0a5e-4c65-9f5b-aea58c4af4d9", "value": "T1B7166CE2B284A13EC06A0E3E5D37A75C993B7A712E328C5A17F4484C8E355437B3E657", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647941909, "uuid": "724a4f5a-a4f9-4509-b7db-bbc3541a07d9", "value": "49152:8BM0THwxUwBhW/djSEoLvZOvFKegMjnJC2TtwEsmOStpYSuA:F0THwx7f44lMjnJCEwhmLtpYHA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647941909, "uuid": "8b2dbaa5-00ae-4bce-bce7-07ae76427462", "value": 4194304, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647941909, "uuid": "62b16338-d09a-4e56-b6b4-093ad0416d4a", "value": "application/x-msi", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647941909, "uuid": "6e41695d-d5d7-4da6-afbd-6fbb275c4177", "value": "Readynow01.msi", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "430ab559-aa04-11ec-9275-42010a9c0029", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1647969582, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647969582, "uuid": "d26f5345-5cf1-4279-baf2-0967191769db", "comment": "Malware payload (SnakeKeylogger)", "value": "b45c9623aa906c134bf6a987ef2979d2", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647969582, "uuid": "ab8e046d-c8e5-4893-b547-6eac7237c1e2", "comment": "Malware payload (SnakeKeylogger)", "value": "5ec6a0d19a4333966e28f063d24376c1e071ee0d4580e85153fd354ac239c8ab", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647969582, "uuid": "582abc13-2875-4af6-a48a-77b48d37f9f5", "comment": "Malware payload (SnakeKeylogger)", "value": "70ac8da3c73d0f781e7642564c8a7062db749b8c", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647969582, "uuid": "d33cfad8-2d57-433f-99e5-0537d5fc8c6c", "comment": "Malware payload (SnakeKeylogger)", "value": "9711145ffe25941813a1b5e118e621e88c93c76f600f1f0392e23d61c92f8efe768a2c48b257767112d32ee6be083a66", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647969582, "uuid": "2fca83eb-6a29-4650-8730-a1f2167cfaff", "value": "T135953384FB19C282DB7A0CB14A12A2411779EE19372BF75ABDCA5676049D3CCF363781", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647969582, "uuid": "a8179915-ff0d-4f70-bcb6-08046920391b", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647969582, "uuid": "6c211aaf-86cb-4dfd-a4b5-8a22fc08bdc9", "value": "49152:Coh6oPE/eWfUfS2fEuc0dqdE8TN5qpCKvKhmf4yj:DNc/12fEuc0Ezu0+KO4", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647969582, "uuid": "64438b1a-9858-4cab-9534-7750b63367ed", "value": 1891840, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647969582, "uuid": "a07af9f8-e79c-4296-9bb4-b1008fee092e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647969582, "uuid": "de976fae-dc5f-4ce1-a1e0-873e2b885fe3", "value": "Hesap Hareketleri 1.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "dd8bd7b3-a98f-11ec-9275-42010a9c0029", "comment": "Malware payload (RedLineStealer)", "timestamp": 1647919590, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647919590, "uuid": "a24c7ae0-65f9-46c0-add7-b42391a60db1", "comment": "Malware payload (RedLineStealer)", "value": "e0acb236155e0be5ea720fdcb88acaa5", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647919590, "uuid": "1479130f-392e-4f05-8780-6aeadc01f5d1", "comment": "Malware payload (RedLineStealer)", "value": "5ece2d8cb49bcb40fa6e2b19ed202312a8f332ebf72c735bf123771984131900", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647919590, "uuid": "b9c6a697-11dd-43c2-bce6-fa7ae46eae10", "comment": "Malware payload (RedLineStealer)", "value": "ca9f7803a43a07c0bc6553a9b621a8841f5fcfc2", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647919590, "uuid": "0313827d-0649-4f4b-9a17-5444a451e54b", "comment": "Malware payload (RedLineStealer)", "value": "b9c1393e8e79254068e22ed034440f996c9a6af27ce17f3dc31fd169de28f8826cf95e632a5f4f2f3218ab6da144ac72", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647919590, "uuid": "d49ba54a-353f-4496-8820-91ab6a4dbd25", "value": "T1F574F1657390C032E89758763929C3B15A3FB5315AE6854BBBC913AD5F702C2F9B230B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647919590, "uuid": "89f27f40-d095-4913-beed-6f97a9900f56", "value": "67e4fe6a415d07af81753b9154f04b82", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647919590, "uuid": "f7791c40-0945-4063-9761-f31753ca422e", "value": "3072:TDa/hl4f+VmIhZTF2tgSNhupeihUV1mKGkzW/kQJ7rszrHqsROl2zdS9gfHGRmrP:Xa/kf+Vz6NyO6JL8rhLdS9gUP9ACgd", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647919590, "uuid": "1dd1e0fe-1e2d-4060-a6c6-7cd4f89dfcc1", "value": 368640, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647919590, "uuid": "30575fe7-7ccb-42be-8faa-14ca7b045f71", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647919590, "uuid": "9206378d-6b51-4525-b387-6fbf75513378", "value": "e0acb236155e0be5ea720fdcb88acaa5.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "80295030-a9e3-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647955511, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955511, "uuid": "d5d28860-be2c-4462-8d7b-b717132e2009", "comment": "Malware payload (Heodo)", "value": "2ecdbf6530a3b5891dfa18474f861baf", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955511, "uuid": "a6ab8f12-f7d4-49da-866b-cb452f44c5bd", "comment": "Malware payload (Heodo)", "value": "5f475e52f6463619b721116772a67e228d4f8f7347ddc9ac3e9cae29808bf897", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955511, "uuid": "327e2efc-c68a-4329-8303-c886bc616c81", "comment": "Malware payload (Heodo)", "value": "0f6761e531dade6560679327035ce06a2b770258", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955511, "uuid": "3d13327a-b6f0-4ac2-a652-619671843357", "comment": "Malware payload (Heodo)", "value": "4bbb218148c149e4f323cde9531f5d9661317a1d9d2c5307c1a75f4dd26f8577feb1ee63263844e1a1bef0fb0fb2e3d2", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955511, "uuid": "cae4a9dd-43f7-4562-bd04-705887f6e8b9", "value": "T18CD46B03BFD3F0F6C12F0F394505D608989A7EC6A62A45A3539C6B9FED670138D36652", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955511, "uuid": "f935ccc4-64a1-4811-b5ec-7e172de9b789", "value": "987fe31a9a4cd6eac4ce656a05c3724c", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955511, "uuid": "f1f29cb1-c4db-4465-af77-c30f799294a9", "value": "12288:QXvRLpX4HMAus65raxMxWXb6Sw5BxfmRgnI:Q/Rt4HMA+rax2BlmeI", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647955511, "uuid": "f9d9bc28-5e5d-40b3-8919-2cced46032b1", "value": 614400, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647955511, "uuid": "8a728aab-bcca-42df-a88f-d4c42037b211", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955511, "uuid": "7ed08937-e5a5-44f1-8b04-e74aabb0319a", "value": "5f475e52f6463619b721116772a67e228d4f8f7347ddc9ac3e9cae29808bf897", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a10137f7-a9e2-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647955137, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955137, "uuid": "03088c1c-f45a-4373-8e7a-d9b6d3ff5e50", "comment": "Malware payload (Heodo)", "value": "a63b6da88ba9d7e6145e158bc4fcefcd", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955137, "uuid": "8b7d8620-87e6-4bd6-a9e1-6a58d3dff4be", "comment": "Malware payload (Heodo)", "value": "5fd88e34d041d240ccde7641ebb4336f07c310bca3daa09f29f75b9de6b7a994", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955137, "uuid": "ec6a56d3-f425-418b-a196-a5112e00a972", "comment": "Malware payload (Heodo)", "value": "204495293d8c570f06176f9a0ea29888bca53cab", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955137, "uuid": "b8a9c794-4dbe-4507-9f88-9097c296b354", "comment": "Malware payload (Heodo)", "value": "11227638142ccc7c5fbdf3e478542659c3c38195f3bf1a097678db2b308c00fb0b05dbc7241efb0f5c9c5637ce9f4dc4", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955137, "uuid": "69b4cc74-5fd0-4bf1-b44f-0b3402b7d484", "value": "T1B8D41950735AE1B7D0429CB58D1A82B5A90F6CA14A2471F3BBDE371DEB789B017213CB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955137, "uuid": "8c700ecb-8a67-4b2d-b6a4-baf685948581", "value": "463401f61c44b0d918f1e23374db995b", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955137, "uuid": "b9d4284a-bba4-43c7-a7e1-0a971cacee6d", "value": "12288:DjN/Z2wkRrA9CRDCaElAjHDsndSyHOrNvEP0Oua:dEHR+CRGyfsMyHOpJL", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647955137, "uuid": "95e2f745-b3b7-4aa2-8531-1c466389febe", "value": 613888, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647955137, "uuid": "86cf0309-ec20-4506-a4e1-1ba761be270a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955137, "uuid": "4580bfc9-0286-4ad3-be34-a3085444538f", "value": "5fd88e34d041d240ccde7641ebb4336f07c310bca3daa09f29f75b9de6b7a994", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3e6dcb5a-a9e9-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647957978, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957978, "uuid": "0ba5a897-1dc5-449e-835a-d01225155d16", "comment": "Malware payload (Heodo)", "value": "012896cd8192c80bd6a02602e4ca3402", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957978, "uuid": "f78ce9d8-a36d-41c2-b660-b3d43a0cd202", "comment": "Malware payload (Heodo)", "value": "5ff89aafdde3486871706bbf9478961edff22582419bd6fff4e8ffecb91c24b9", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957978, "uuid": "70883dfd-dec8-47c3-a6a3-8afd8023e8b2", "comment": "Malware payload (Heodo)", "value": "33d93170ce22d07c0c197edfffdde95c7c91aab9", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957978, "uuid": "f65600f9-d8bd-438f-94ef-01301b17d7cf", "comment": "Malware payload (Heodo)", "value": "b9615457439531f5942b2184bc9784e94033876489fd0ec190aa451e77ab818f9da41a840afe3574ad955a30a35b753f", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957978, "uuid": "5df27132-db58-4205-9947-7cbf44003f96", "value": "T16A059C596B46C0F2C3B53CF0182A42B11D9AFAF2C7B7023B9E84167D9A70DC17768D5A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957978, "uuid": "01a3563c-1a95-4869-8d79-4095c9fc30d9", "value": "cd97bd977cef263c697f451ae2c47380", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957978, "uuid": "17b8dfff-315b-413d-a819-e9b2ba106b07", "value": "12288:V20BXOMcVzpWfmmnDDhX5P8fMYsvFE6NKGfLjx8QvbxafqNPOd4jy:V9XOMc1KmmDdX6svFEDGloyNPOO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647957978, "uuid": "5bab74c1-17f7-4f8d-9855-44746036dfcb", "value": 799232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647957978, "uuid": "a6cc41a8-2922-4265-9889-523a4aeec3d6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957978, "uuid": "00a8105e-52e6-44aa-a576-101263d64e59", "value": "5ff89aafdde3486871706bbf9478961edff22582419bd6fff4e8ffecb91c24b9", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "dacf710e-a9e4-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647956093, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647956093, "uuid": "8c20b0da-d4a9-45d0-9dc7-b3d700c1377f", "comment": "Malware payload (Heodo)", "value": "0964451423c5bb057f57946c7b4ab5e9", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647956093, "uuid": "d4268704-0f1f-48b0-a05b-3212775f9af4", "comment": "Malware payload (Heodo)", "value": "601088ce274c0acd18303ac9d5a6d332f3d692dd43ee8755497d2f1e14287de5", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647956093, "uuid": "b3eb2db8-4ed0-46f8-9e6e-27c2b51f3f2f", "comment": "Malware payload (Heodo)", "value": "fc39185fe2e10e80ab2baf72fd1dc89cd55a3248", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647956093, "uuid": "c83aa930-936f-43f1-8ad5-c92b61be4883", "comment": "Malware payload (Heodo)", "value": "5a9048fa4076b83f717bfab9bd8b173a0b6c8fb596bc9c30333067d06d7a88eff263975fbd2f7c40090ce150e072c511", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647956093, "uuid": "ef87b9b1-8e11-47a2-a9cb-77241caccff3", "value": "T1D8E4BE6176C2C0B6C15F017A5946E31D62E5AD609F3896C3ABD4AFBFBFB50C29D34202", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647956093, "uuid": "c92855e0-cb4e-444e-bde4-0c643927565c", "value": "5529db874583b5635436baabaebb4b71", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647956093, "uuid": "b5daefb2-e0f9-431f-88d0-07fc37be8900", "value": "12288:Z6ZLutvgrwV8RQc5W1yS0ezL9J6XK3e/vyzfANcN/kJhXx5y:qza8RQc5W1P0Q9sXK3LzflBkn", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647956093, "uuid": "7700c622-3ede-44d8-89b1-b1b6bf43dc3f", "value": 679936, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647956093, "uuid": "8b171d4f-cd19-4380-aa31-8996d69952d2", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647956093, "uuid": "203d84f0-6336-4253-9589-e44a551eb45f", "value": "601088ce274c0acd18303ac9d5a6d332f3d692dd43ee8755497d2f1e14287de5", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "70cb2fe7-a9ea-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647958492, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958492, "uuid": "74dc9b51-dc47-40ea-9a9e-56048d5761cc", "comment": "Malware payload (Heodo)", "value": "662230284a5fe090c3d976fb15b6f3c0", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958492, "uuid": "3693511b-700e-4ffb-82e5-9bcafc09bcb0", "comment": "Malware payload (Heodo)", "value": "60119ba4df9665ac88df56b90c5f038f3a4d398f029b37568825c92d21849f48", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958492, "uuid": "13bc4bf4-798b-4770-88a9-54dad5a7651a", "comment": "Malware payload (Heodo)", "value": "7a4c0611ac4f6e3abebf21724a8aa2171fd6063d", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958492, "uuid": "842165a5-9405-40fd-8f51-25f8e1aa9236", "comment": "Malware payload (Heodo)", "value": "4478993ee044de2a8d9ff62283429b0197ec7c18ccad370d1f5f176b20d9bec1c6c0aa1f187aeaecae6f721a8ed334ed", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958492, "uuid": "2e8da5c3-b69c-483e-8b62-b7240247e9dc", "value": "T151059C596B46C0F2C3B53CF0182A42B11D9AFAF2C7B7023B9E84167D9A70DC17768D5A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958492, "uuid": "070e0b97-a94d-42e2-b9e6-1d5a319527b0", "value": "cd97bd977cef263c697f451ae2c47380", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958492, "uuid": "f18a88e6-a766-49c7-babe-c39c0299850c", "value": "12288:V20BXOMcVzpWfmmnDDQX5P8fMYsvFE6NKGfLjx8QvbxafqNPOd4jy:V9XOMc1KmmD0X6svFEDGloyNPOO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647958492, "uuid": "1a543bcb-7619-499f-8c84-a80c03f1b0a3", "value": 799232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647958492, "uuid": "c53dd744-5b5e-4338-9896-25742a0f6665", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958492, "uuid": "3887c9e6-59d4-4407-8b9a-4e183b4ccc99", "value": "60119ba4df9665ac88df56b90c5f038f3a4d398f029b37568825c92d21849f48", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "50813194-a9b0-11ec-9275-42010a9c0029", "comment": "Malware payload (NanoCore)", "timestamp": 1647933527, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647933527, "uuid": "2c935789-8488-4e45-8b10-ab2c76a05858", "comment": "Malware payload (NanoCore)", "value": "f4228ad9ff723cd3863c48afd2ea13ab", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647933527, "uuid": "3b896228-dd1b-4b96-9623-f4645e2e615d", "comment": "Malware payload (NanoCore)", "value": "60ba62b4651216ba9c8af5883d8317009ea6e0e9c9819f40d6297cdfb1116787", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647933527, "uuid": "8403714c-5c4b-4502-bd9a-eb26ccc144bc", "comment": "Malware payload (NanoCore)", "value": "1891970ffb2e21b39e46155493836939acdfc483", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647933527, "uuid": "89a2fa2c-9677-4ff5-ba44-13f90ccf8e8f", "comment": "Malware payload (NanoCore)", "value": "298a20f40a1a77d019e825633e6b3d1c629f413114c61066185fb8d1aaf7c2ea967ddcf19ec53d030360bc71f9bb479a", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647933527, "uuid": "640cbd35-6bed-4b1e-9ede-9f2d47291542", "value": "T1AB2523446A88D9B2E5BC1B30D5E4471C1378EA2294B3F76DDEC63ADD89DFB616200B43", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647933527, "uuid": "0dcd7184-4cae-41e4-8f76-3d089087edec", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647933527, "uuid": "19ef1dbc-a94f-4ef4-a761-5c6448aaef78", "value": "24576:k/oh7DDd/LFo5SgeJVW8gc1V85cs4u6WVFySWXECVWGdU:k/ohfJ/Wy4AV/pNUOWGdU", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647933527, "uuid": "64f3f9cf-fae6-48ef-bcd9-6824caf19d1e", "value": 1036288, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647933527, "uuid": "e61174d9-50b5-4e42-bb08-9e155ebe4a08", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647933527, "uuid": "783bc3a2-7cdc-4a5e-99a4-db1433ea95a8", "value": "URGENT ENQUIRY.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "dbb977d5-a9e9-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647958242, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958242, "uuid": "099c8cf1-803a-4150-bc42-b8fb3e5d82cd", "comment": "Malware payload (Heodo)", "value": "1c2a199220264bcdc50f34937f2ad697", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958242, "uuid": "1644ce8b-ea30-400c-ae99-6f6f35c84f95", "comment": "Malware payload (Heodo)", "value": "60f192da0c57ad766785e355a5a4fdca0c6caa33b289735533cc74bbe1f99b81", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958242, "uuid": "5794156b-ffc8-49db-994d-88b64020f2f1", "comment": "Malware payload (Heodo)", "value": "a974019de5bf31e4294bec70f9a20ae963e59dac", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958242, "uuid": "b145211e-4c14-46f4-918a-c083b17c0416", "comment": "Malware payload (Heodo)", "value": "19881a2e1a6c05136e3cb4b3d5f1a2f252b9afe09797a0aea85c41da1ec956ff1c4b3db7c8ed31ee7661ba7474c91380", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958242, "uuid": "082f0594-85e2-4323-b264-01c9322fe709", "value": "T1E2059C596B46C0F2C3B53CF0182A42B11D9AFAF2C7B7023B9E84167D9A70DC17768D5A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958242, "uuid": "04bf7725-55a1-4adc-a0df-2e02d879743c", "value": "cd97bd977cef263c697f451ae2c47380", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958242, "uuid": "74336b81-6b06-4ff1-9566-58256b3c236d", "value": "12288:V20BXOMcVzpWfmmnDDAX5P8fMYsvFE6NKGfLjx8QvbxafqNPOd4jy:V9XOMc1KmmD8X6svFEDGloyNPOO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647958242, "uuid": "7e70e43d-17e5-486a-806b-84d5adb22ec9", "value": 799232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647958242, "uuid": "e2d54610-c508-4ff6-b15e-ca646e4f2c67", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958242, "uuid": "dfe4ba5b-20db-49f6-bcf4-c0572d4273ac", "value": "60f192da0c57ad766785e355a5a4fdca0c6caa33b289735533cc74bbe1f99b81", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cf048fdb-a9e1-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647954784, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954784, "uuid": "992f4f2d-40f5-4a7c-ae5f-63f5671fee40", "comment": "Malware payload (Heodo)", "value": "d63a3c26c24a55d1df20458549d95ccf", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954784, "uuid": "d6659033-eda3-4298-ba69-2c45d16bfde9", "comment": "Malware payload (Heodo)", "value": "610d2efe0d80b4963bcb36449fe9244638d0d32933cf3317b9c9a10021a7827c", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954784, "uuid": "b12d1b77-33e1-4a23-8f4e-348522590c23", "comment": "Malware payload (Heodo)", "value": "1c6fb42c026060631a38bbb82610fadf0375bded", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954784, "uuid": "056c746f-215c-4911-94c7-76bbd9ebfcfc", "comment": "Malware payload (Heodo)", "value": "9817ca16dd46c2717cf9c7248b85fba0e5caf7b4fa93c237bf1fb255b45eb79dab5413baf7bcec29e903ed72df9edf3f", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954784, "uuid": "03ad1d14-0f59-4dcb-bd12-59eb2f1e083d", "value": "T15BB40706B152B13DC24BD0B96E0167A951AED9FD0BB137A3AFA813CC06A34D5735DBC2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954784, "uuid": "d076f2cf-6d35-4572-8191-39eabc17ad78", "value": "42fe0d732d1bb90c6a7a1bcfb8ef88aa", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954784, "uuid": "7cc10b06-fe99-48b5-a4c4-67b034158817", "value": "12288:AASStHx1vVHO+1Hx54Lg0p9n4WNL7XE0UdX:ecHfv4qx6np9l7XE0", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647954784, "uuid": "2b034d6d-2bff-41ca-9a97-9966c490836e", "value": 532480, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647954784, "uuid": "9e3845e4-3ffb-46db-b537-1196e753d182", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954784, "uuid": "7728b219-6bb9-4f3a-8804-a7331d6c6727", "value": "610d2efe0d80b4963bcb36449fe9244638d0d32933cf3317b9c9a10021a7827c", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ca27f18b-a9ea-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647958642, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958642, "uuid": "d135beaa-00b4-4574-af99-8ec38576f3cb", "comment": "Malware payload (Heodo)", "value": "8c58e7a8ed979764b1c530e5d4f4be34", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958642, "uuid": "78c7c493-1a13-46f5-80df-db5ff4c632c8", "comment": "Malware payload (Heodo)", "value": "614647752c114472a02408601c540feae7204304a265594e5da14eda0fbb3407", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958642, "uuid": "c665f13e-155b-48f5-b790-674bb060f687", "comment": "Malware payload (Heodo)", "value": "be95958c6c7a57f470e578f99779f08b786fb807", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958642, "uuid": "d7288872-7e4b-4482-96cc-23b4b07d9eee", "comment": "Malware payload (Heodo)", "value": "1d4b0a6cbda9e79eebbf08b93878c2117ac2411d489788a89575e6273a316854340c4a1d387b0f7658f10e565eefb5ee", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958642, "uuid": "58d672fe-f8ae-486b-a9f5-338d0b717adb", "value": "T13A059C596B46C0F2C3B53CF0182A42B11D9AFAF2C7B7023B9E84167D9A70DC17768D5A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958642, "uuid": "14e4bdd4-292f-4206-8455-a2471aee452e", "value": "cd97bd977cef263c697f451ae2c47380", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958642, "uuid": "7d547858-c029-4fd3-96c1-8fc438a1c92b", "value": "12288:V20BXOMcVzpWfmmnDDPX5P8fMYsvFE6NKGfLjx8QvbxafqNPOd4jy:V9XOMc1KmmDTX6svFEDGloyNPOO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647958642, "uuid": "d125ab18-6ca3-411d-b6b0-94109874c6e7", "value": 799232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647958642, "uuid": "1d39242b-96aa-4261-a969-2a0a138258ab", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958642, "uuid": "cf3ba59e-131f-45ab-9380-2a797b3c3b9d", "value": "614647752c114472a02408601c540feae7204304a265594e5da14eda0fbb3407", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "95f1312e-a99f-11ec-9275-42010a9c0029", "comment": "Malware payload (ArkeiStealer)", "timestamp": 1647926342, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647926342, "uuid": "bf3c6428-6d5e-4d6b-8864-f640bea19d9d", "comment": "Malware payload (ArkeiStealer)", "value": "e30f1572a978bfb9812bcfbd0d21dbf5", "object_relation": "md5", "Tag": [ { "name": "ArkeiStealer", "colour": "#21CE25", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "stealer", "colour": "#CABE3B", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647926342, "uuid": "31eb570c-e369-48d7-8c9d-955dc9328486", "comment": "Malware payload (ArkeiStealer)", "value": "61538a671d14b6d55f2c9ad9b668bed9972192a0a6f7d0e2d3889f109e30f7c7", "object_relation": "sha256", "Tag": [ { "name": "ArkeiStealer", "colour": "#21CE25", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "stealer", "colour": "#CABE3B", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647926342, "uuid": "5a29f400-8062-4b98-8458-87994bc74614", "comment": "Malware payload (ArkeiStealer)", "value": "7beec9577301cc4d821e6110321f95ba2f3213c2", "object_relation": "sha1", "Tag": [ { "name": "ArkeiStealer", "colour": "#21CE25", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "stealer", "colour": "#CABE3B", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647926342, "uuid": "71615b0e-9d6f-4523-8c2d-f501f7577b87", "comment": "Malware payload (ArkeiStealer)", "value": "3ab4e016f40bfd8955573988ca0b2df96ac0c80c938d11480f9f21e2a700cc9981a5494c2faf8c65c77186a7722687bf", "object_relation": "sha3-384", "Tag": [ { "name": "ArkeiStealer", "colour": "#21CE25", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "stealer", "colour": "#CABE3B", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647926342, "uuid": "22849714-ce3d-40f9-a241-d5c266a9b406", "value": "T189B429EC71A271FEC8D7C1B5E9641C69AE103C7E830B11175017369AA93EE87AF570B2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647926342, "uuid": "30ba1cb6-753d-495c-8019-f4fef6acc20a", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647926342, "uuid": "de954f3b-8155-480d-b211-f795ab70633f", "value": "12288:IxUX99D1yZySs3El5hwDpIyp4jRKbAL3Z1un7EnX+RdreOHoue04TiPEAmD:I699Z0E3EClWjRfi4s", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647926342, "uuid": "1b440d7c-5a8e-4b37-83e9-1638c4563f68", "value": 521728, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647926342, "uuid": "f3441dd8-b526-46dd-81c6-fb7c846445ca", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647926342, "uuid": "9c6b02a8-65ae-4d8f-a2af-ecc551b74b4b", "value": "49519781.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3f5afd93-a9ed-11ec-9275-42010a9c0029", "comment": "Malware payload (DarkComet)", "timestamp": 1647959697, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959697, "uuid": "152b5b7b-8028-427d-80b8-3cd587bf0b99", "comment": "Malware payload (DarkComet)", "value": "1d3a5387ac1c40855788502ee7cfa041", "object_relation": "md5", "Tag": [ { "name": "DarkComet", "colour": "#CC1453", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959697, "uuid": "4781053b-b9b9-47ab-b90e-a3f083d357aa", "comment": "Malware payload (DarkComet)", "value": "617f65a378e539bc5e9e3f1f0ac83071b3eaf3d7bea81d2e280b46043b12bf8e", "object_relation": "sha256", "Tag": [ { "name": "DarkComet", "colour": "#CC1453", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959697, "uuid": "132ae0f9-0ae3-4e33-9274-3c7b85bd9a10", "comment": "Malware payload (DarkComet)", "value": "e844f4a6c821ba35b9b82a7dc22b3d7bf50f649e", "object_relation": "sha1", "Tag": [ { "name": "DarkComet", "colour": "#CC1453", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959697, "uuid": "36622dc9-3ce9-483a-ba4e-1139fa26813c", "comment": "Malware payload (DarkComet)", "value": "97319164e197aedb2685da729f161e2f63e1c731e8e57ceadcedd60a5a396e604d6a6719bf080d48f609c5fc229dd158", "object_relation": "sha3-384", "Tag": [ { "name": "DarkComet", "colour": "#CC1453", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959697, "uuid": "384d8958-c51f-4a02-adc3-9ca0107249ea", "value": "T163B4D0B1F144FC62E8D60DB1E11F36B117466F6AC898392F7584BD2E7CB3B45C0A291A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959697, "uuid": "56ed9a77-7906-48c0-ae66-5365915ef0c8", "value": "f2d24d034ad8ae86f9dd9c6c9707e46f", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959697, "uuid": "9afa2a65-4649-4024-8609-25c9178fb77d", "value": "6144:f9GGo2CwtGg6eeihEfph2CMvvqqSaYwpncOeC66AOa0aFtVEQfTo1ozVqMb0:f9fC3hh29Ya77A90aFtDfT5IMb0", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647959697, "uuid": "c1f1f844-6176-4b60-b6c1-db3c4e269363", "value": 532750, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647959697, "uuid": "5272e183-dffd-485f-9775-6c686ece43e0", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959697, "uuid": "e3441048-9a84-4252-a8c7-db620492100b", "value": "617f65a378e539bc5e9e3f1f0ac83071b3eaf3d7bea81d2e280b46043b12bf8e", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8ec64dc1-a9ed-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647959830, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959830, "uuid": "aa3b268a-307a-45c7-b0d1-dc35ab277b1c", "comment": "Malware payload (Heodo)", "value": "cd692c24d938b05840fb40c9f8002fcc", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959830, "uuid": "b3eb7ea0-0240-4b2c-862e-a69fbe8bd733", "comment": "Malware payload (Heodo)", "value": "61c62395d97c90a019edc567a2cb11e3313752fef953469aab84987dbb202542", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959830, "uuid": "0c2d674e-3c06-4281-8d4c-8c156da377a5", "comment": "Malware payload (Heodo)", "value": "4f64329a67afb6041e815e5adff6525970ee720e", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959830, "uuid": "92c77042-cd5e-4e1f-a32c-3c5e15a2548b", "comment": "Malware payload (Heodo)", "value": "cecff0f7453e25b0256e9bf13e1b218c9d94777ae8dec1fe60f9e536558600b625a3a75c703a35bb4c779028a569257c", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959830, "uuid": "784d27a1-9132-4e42-8d83-34025b11c376", "value": "T18AB4194F1E989172F0CF28776C22FB65F1EBB8009319B8116EA81B4CFB25B715961D4E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959830, "uuid": "127edfd5-2a35-4919-bb15-f1b90127b3a6", "value": "ea66334e3c2bfce2838f2a75dde8dc63", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959830, "uuid": "7c9f4d30-9a21-4c3f-ba3c-a99e5f3e426e", "value": "6144:8JZToYE666spbEgoZhZO1tlI+rB7FNXtwN2B5mq8dbSNQ7dqNThMx:8v/goZoxlF/wN2PmBzdqNTWx", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647959830, "uuid": "5213b36a-898b-4f17-a180-603d1cfc77fd", "value": 516096, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647959830, "uuid": "3beb9f84-09fd-47bc-b82a-abedbdde36cb", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959830, "uuid": "19e6af7a-5ea6-465c-967a-e447703d6190", "value": "61c62395d97c90a019edc567a2cb11e3313752fef953469aab84987dbb202542", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9144fe59-a9ed-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647959835, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959835, "uuid": "4f1ed421-899e-4ddf-a2a9-279e08cb2ba1", "comment": "Malware payload (Heodo)", "value": "9c1f080502afe0d5c483007ec45d837c", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959835, "uuid": "01e34772-d556-4fd2-be63-c9742b88c5c9", "comment": "Malware payload (Heodo)", "value": "61e500082ed737b9a147a749a79a26c7c5387532055d7e711f544ad29a1fb392", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959835, "uuid": "55dc082f-6554-420d-8b65-c62776573b09", "comment": "Malware payload (Heodo)", "value": "5b19acbc30f91fb744566c6721bcab92be1eddb3", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959835, "uuid": "022a55d8-c82a-4520-8e46-ac554e4fd826", "comment": "Malware payload (Heodo)", "value": "845bcbcafbe46710f9e83b97b66d80183746e1fb5253a0992aae8fc3137b609d9b6727c81898efdb988bccd035576421", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959835, "uuid": "28f3888c-bb7c-4db8-8e85-d5afc39518f4", "value": "T184B4194F1E989172F0CF28776C22FB65F1EBB8009319B8116EA81B4CFB25B715961D4E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959835, "uuid": "46e9665f-83ad-40cf-9cc7-16b42c906fa9", "value": "ea66334e3c2bfce2838f2a75dde8dc63", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959835, "uuid": "7576b774-de40-477e-99d7-acb15b437d12", "value": "6144:8JZToYE666spbEgoZhZO1t7I+rB7FNXtwN2B5mq8dbSNQ7dqNThMx:8v/goZoXlF/wN2PmBzdqNTWx", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647959835, "uuid": "9b42e655-cd41-44c5-a205-318498451f45", "value": 516096, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647959835, "uuid": "fa2fa298-e882-492d-b529-c50f1a705f41", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959835, "uuid": "aa0f0f09-bb72-4616-9199-ba6d3a29984f", "value": "61e500082ed737b9a147a749a79a26c7c5387532055d7e711f544ad29a1fb392", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "735e0062-a9ea-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647958496, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958496, "uuid": "f3de2fb8-590c-41d7-a5fd-58a563c84ead", "comment": "Malware payload (Heodo)", "value": "ee4e8bb9b7daf1ee9f4337aead81fccf", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958496, "uuid": "0703320a-8864-434e-98e9-3c67485e8d20", "comment": "Malware payload (Heodo)", "value": "62542b3a52da8d5d8235c4b331d03486f87854264c9a16486fb56862a09f3653", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958496, "uuid": "59bc8109-698d-431a-8106-383bddbefc68", "comment": "Malware payload (Heodo)", "value": "c88a43664a7b4343f46dff0a48b6b3e995244d82", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958496, "uuid": "9bf3a14f-e595-40c3-b20c-730e8543629d", "comment": "Malware payload (Heodo)", "value": "031110a4bdd6f965f65d9ddc084a4ca462c656067fb2662ce861f393872f713adba0916636aa913b31df4c998e97c78e", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958496, "uuid": "baf9d62f-10df-490f-a275-3748d1c66d5c", "value": "T102059C596B46C0F2C3B53CF0182A42B11D9AFAF2C7B7023B9E84167D9A70DC17768D5A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958496, "uuid": "0160beab-b1d3-475f-aca2-7b062dc29c28", "value": "cd97bd977cef263c697f451ae2c47380", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958496, "uuid": "0aa3636c-6208-4894-b12e-228cc8b6d0eb", "value": "12288:V20BXOMcVzpWfmmnDDmX5P8fMYsvFE6NKGfLjx8QvbxafqNPOd4jy:V9XOMc1KmmDSX6svFEDGloyNPOO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647958496, "uuid": "e9ae07bf-f40d-4320-a474-272d658192fc", "value": 799232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647958496, "uuid": "ee7c5f8a-735a-439b-b5f8-ba6fcbece1c5", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958496, "uuid": "5db13037-129b-481e-a2b0-b216e3f71e43", "value": "62542b3a52da8d5d8235c4b331d03486f87854264c9a16486fb56862a09f3653", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6f831c45-a9fe-11ec-9275-42010a9c0029", "comment": "Malware payload (AveMariaRAT)", "timestamp": 1647967079, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647967079, "uuid": "031488ac-2f79-4ce8-a993-1cc4190a9eeb", "comment": "Malware payload (AveMariaRAT)", "value": "d925fc5d6fa16a9a64e3934fa188f1ae", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647967079, "uuid": "f710749b-7456-432e-8bbb-5511c2d3bf2e", "comment": "Malware payload (AveMariaRAT)", "value": "6261472ea199cbd9b2d657e29fb40f43612a60a272dcfc4ee45c2bee660c1889", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647967079, "uuid": "02ffca24-6ea6-44da-850a-802453cbaaab", "comment": "Malware payload (AveMariaRAT)", "value": "f8b615351b9faba73f6f8a3320503e3cda46303d", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647967079, "uuid": "a264dfb5-efb1-4b1a-b71b-ac8d32eef99e", "comment": "Malware payload (AveMariaRAT)", "value": "296fa01368cb3a3dde9407240ec98a4cf4ec6ccaae44dc45f716026d0c583a663b121e9160f71ec7515d5e8697f043e2", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647967079, "uuid": "4e6c1083-6833-441d-b36e-f610ffffc9cb", "value": "T1EF159F1177D9610AE6E647B788625E16CA32BC4D992F523F0834C34E1F90D8D92BEED3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647967079, "uuid": "a360d784-974f-4c91-b1a5-8f0a49d16507", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647967079, "uuid": "05a3f329-1407-4456-8b20-4eb4cd0f274c", "value": "12288:qB5/6N6YWOBAAXdGzpHs3iruj7f5K/LCvnutQf6FWczvF1j0ZdUuz9fM/3u9:AQN9WCGzpHoiyj7hff2fF1GdUuz90/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647967079, "uuid": "641be5e8-31d6-4e9f-8288-54c3ead8b732", "value": 930304, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647967079, "uuid": "51893205-320f-4569-8aed-d6ab6a3a50d1", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647967079, "uuid": "6f933a54-af49-4c22-80bc-570e6d9a7380", "value": "d925fc5d6fa16a9a64e3934fa188f1ae", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "76c17f88-a9ea-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647958502, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958502, "uuid": "72c20d9e-171a-4bc0-9479-5ca7a2fd2f9c", "comment": "Malware payload (Heodo)", "value": "7fed0d1c682ebcc8a279689577a9677c", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958502, "uuid": "ac42732d-0800-474e-8731-4442118770b2", "comment": "Malware payload (Heodo)", "value": "62853b3f7d5b7d375cb1d42456fce5d1764da6c132b06b3d9f128195e4ecbdb3", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958502, "uuid": "2d837be9-e6f8-40ad-9bdc-43775d6f1e15", "comment": "Malware payload (Heodo)", "value": "5d5534fcd00f3650d516d22fededebe089ae1d5c", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958502, "uuid": "27040cb8-527b-4b8d-981f-8e8749561b6b", "comment": "Malware payload (Heodo)", "value": "92db1f70a1e3c25b49db8576f87d83ec02185d2e6653f95a9c520f08789ad7248bb3d597603c59531452f7e1886512fd", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958502, "uuid": "2058b927-59a9-4f5e-94db-441c767aecb9", "value": "T175059C596B46C0F2C3B53CF0182A42B11D9AFAF2C7B7023B9E84167D9A70DC17768D5A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958502, "uuid": "16c4ef79-5946-4a10-b449-db09d96ba372", "value": "cd97bd977cef263c697f451ae2c47380", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958502, "uuid": "c6f686fc-dc4b-4abf-8275-83a742b545e6", "value": "12288:V20BXOMcVzpWfmmnDDEX5P8fMYsvFE6NKGfLjx8QvbxafqNPOd4jy:V9XOMc1KmmDQX6svFEDGloyNPOO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647958502, "uuid": "5a57fde2-8067-427e-8f39-ebbc2f2d620f", "value": 799232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647958502, "uuid": "a3963ff5-2c23-4163-b5a1-061bbb49014c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958502, "uuid": "3a394183-2670-4f6b-b806-52ee203c98ca", "value": "62853b3f7d5b7d375cb1d42456fce5d1764da6c132b06b3d9f128195e4ecbdb3", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a4050da5-a9df-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1647953853, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647953853, "uuid": "60e24bb0-19ff-4f75-a7dc-ae7cb39a6b69", "comment": "Malware payload", "value": "5c5d470c7682bdc4e13a57d3669fa8a5", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647953853, "uuid": "a99732fe-1ab5-4a6c-9d54-414fd3ba73b6", "comment": "Malware payload", "value": "629597d7ab5ccbb6b079825e52647532c09bfd7c2b1378e262057e9ef1221b4a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647953853, "uuid": "24be9a87-183f-49c0-a613-3a3f2a4688e7", "comment": "Malware payload", "value": "7dfe6638800fdf505d6f44a0aaea5e2219706735", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647953853, "uuid": "d9afb198-e264-4e7b-b67e-8f80da12d9f3", "comment": "Malware payload", "value": "0fd71b4ebda3b0cdd666a01047dd901100aad39cbd49d0b00125f93a01d75092da74eb50d549a5fb899624d3a67319d7", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647953853, "uuid": "6e501b2c-7922-4d87-9f0a-5f596ea7a88f", "value": "T1ED37D7AD554D2C6ECD637AFA684E00A347C13F15897AD3A945F78A7F0A3DCAB82D1C01", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647953853, "uuid": "882c2596-14bd-4d69-a00a-bfe69e87ec6d", "value": "f4938385711daded498908e840357fdc", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647953853, "uuid": "ac5eaf76-650e-446e-a434-1ad7b9e0a367", "value": "24576:G8lgaAVB6evW8UKlndrIIIIIIIIIIIIIIIIIIIIH888888888f:G8+PbFeNNNNNNNNNo888888888f", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647953853, "uuid": "f37cd017-fd74-47ff-af26-3ccc84bf4a01", "value": 23137591, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647953853, "uuid": "48c21594-928e-4709-8abf-ecda3f41b956", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647953853, "uuid": "84484d4f-18ec-469a-9332-a937d5517f30", "value": "629597d7ab5ccbb6b079825e52647532c09bfd7c2b1378e262057e9ef1221b4a", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "deb1bca8-a9e9-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647958247, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958247, "uuid": "8c184331-f41a-4cf6-a520-9c07a8436e09", "comment": "Malware payload (Heodo)", "value": "b9132ffec46f04ec2fa83334d5a50a3f", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958247, "uuid": "f6858e46-ddff-4b7a-93cf-eb090125548b", "comment": "Malware payload (Heodo)", "value": "62c3dd5cd8397ef3fc7fafb8cb6288afb2c6d040e978f683c62d3646f6ed3317", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958247, "uuid": "6b650930-f11a-4437-8211-2ec42f600dba", "comment": "Malware payload (Heodo)", "value": "3aefdbb6f8dfeac69ae4c1beb99a1d171d7d8dae", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958247, "uuid": "9856fdff-08be-485c-8360-847a69377b9a", "comment": "Malware payload (Heodo)", "value": "fe2c0f12852f77349baecaa90d5e9349f11d16703cb203ce1806b2842f362e268d6e1f349c0b8f90933d78640ab0a6fb", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958247, "uuid": "7433203b-04e6-4bbd-a3fa-8996ce42f3bd", "value": "T1B9059C596B46C0F2C3B53CF0182A42B11D9AFAF2C7B7023B9E84167D9A70DC17768D5A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958247, "uuid": "8d583d14-f745-4815-9501-b94328782625", "value": "cd97bd977cef263c697f451ae2c47380", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958247, "uuid": "a869ed0f-ec22-4752-af4f-9dda40337168", "value": "12288:V20BXOMcVzpWfmmnDDHX5P8fMYsvFE6NKGfLjx8QvbxafqNPOd4jy:V9XOMc1KmmDzX6svFEDGloyNPOO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647958247, "uuid": "a79a5ce7-2ef4-42d1-a687-42f044be5226", "value": 799232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647958247, "uuid": "3c46cab4-7d16-49dc-be9f-c2b628bb0bc5", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958247, "uuid": "391292fd-1924-449a-bd4d-5de226bc4f32", "value": "62c3dd5cd8397ef3fc7fafb8cb6288afb2c6d040e978f683c62d3646f6ed3317", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c78d4640-a9e1-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647954772, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954772, "uuid": "e20935dd-98de-410e-aecf-7f8805e2cebd", "comment": "Malware payload (Heodo)", "value": "0e17d7e970e8fc8ef20ce6cd1e155368", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954772, "uuid": "4c297289-f56a-4293-b4eb-d8a9837fdf7c", "comment": "Malware payload (Heodo)", "value": "62e6bd5a004f930560bf964b8d05f303ca72c069ea2a9727edc4f50138a6056c", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954772, "uuid": "237087ef-a5c0-4434-a790-4a57fbbffc32", "comment": "Malware payload (Heodo)", "value": "332c2a2aba1d8b61e09b82f35b791eb7e9baa24a", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954772, "uuid": "d3bc681b-11a8-4544-8fec-35a7b24fd8c8", "comment": "Malware payload (Heodo)", "value": "3e4d6fc19495220af141a243eca906dfd07f319ddb2c9551f0e781f8e8c6eb03bf0d54c1afd56a2b47be87c4fa37a990", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954772, "uuid": "d8fa80cc-2523-480f-aadd-401df283712a", "value": "T164B40706B152B13DC24BD0B96E0167A951AED9FD0BB137A3AFA813CC06A34D5735DBC2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954772, "uuid": "00e957e5-2fa9-459f-b222-3ccc99f09bd6", "value": "42fe0d732d1bb90c6a7a1bcfb8ef88aa", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954772, "uuid": "2d6d63f0-1157-41fb-8b92-0dfc70956b89", "value": "12288:AASStHx1vVHO+1Hx54mg0p9n4WNL7XE0UdX:ecHfv4qxvnp9l7XE0", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647954772, "uuid": "f15fad3b-ef00-4c2e-9735-d03e996483a8", "value": 532480, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647954772, "uuid": "e76ae316-94bd-47c7-8e3f-06b7b0cde47f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954772, "uuid": "1521dff9-7251-4043-b5b4-3637d3bf74e6", "value": "62e6bd5a004f930560bf964b8d05f303ca72c069ea2a9727edc4f50138a6056c", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "467789cf-aa10-11ec-9275-42010a9c0029", "comment": "Malware payload (Stop)", "timestamp": 1647974742, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647974742, "uuid": "3a0954e4-2082-427e-9b48-df68a8ab11ba", "comment": "Malware payload (Stop)", "value": "9c7d0e5ef41d0816b262b1a4ae8cfb76", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Ransomware", "colour": "#D117B6", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647974742, "uuid": "d49c944c-f332-47ae-9569-b9cbafbdcbdc", "comment": "Malware payload (Stop)", "value": "635a5c00275d4f354e8f38c646c9210440bacc46088c45907132d82b11877783", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Ransomware", "colour": "#D117B6", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647974742, "uuid": "cdfe7a76-3a40-403d-a5c9-0d2a9452dd1c", "comment": "Malware payload (Stop)", "value": "80274b0d2a14e410549e17268199be43091c60ff", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Ransomware", "colour": "#D117B6", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647974742, "uuid": "be9e2cda-aa62-430a-b54d-6994a00dadbf", "comment": "Malware payload (Stop)", "value": "0891e01baaacf727326c95c69a6cc7895fab0603368f8caa6a0cf5d8d69c9bef49c46b281a95c88076fa7858c5a63fda", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Ransomware", "colour": "#D117B6", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647974742, "uuid": "c5899863-da80-40cf-baed-86d5fc3181e7", "value": "T1E2F422257E41D073D291F471342FC2A22A6ABD3B24209A877BA5331D9FB23D1A71DB74", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647974742, "uuid": "7970aba6-e321-4c05-b059-fb20e91d91aa", "value": "07ae87ae47994a6afdafb79937e0a5e9", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647974742, "uuid": "141e34a4-dc37-4266-8e27-2be919e9de32", "value": "12288:92x0Q7kY68pNmyxHK1jVI3CTNu1IPAgMJW5W4YQkyo2rLmi0CKfF:9cPkY6YUjVI3CTNK7hyoG+t", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647974742, "uuid": "6e976d88-5a76-458a-ae84-9462fffdf518", "value": 794624, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647974742, "uuid": "d21585a3-dd45-414a-bab0-144e90c63a9d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647974742, "uuid": "3d2cafe8-2fb7-4eec-8246-826130efd6bb", "value": "9c7d0e5ef41d0816b262b1a4ae8cfb76.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8761a614-a9e0-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647954235, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954235, "uuid": "2ecd6c46-802c-43c4-83ec-d68b62a7b84f", "comment": "Malware payload (Heodo)", "value": "8217f1ca989f2fe5826408fa94e8d388", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954235, "uuid": "f1c1f420-d191-401d-b22f-785639669905", "comment": "Malware payload (Heodo)", "value": "637d4ceb360a2c6cf4d6f52e63e3acbcde58e24357545d2effcb368571ecf1bf", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954235, "uuid": "a02c16e1-39f3-4803-a41f-c244b33a6072", "comment": "Malware payload (Heodo)", "value": "67bb2f88da78c6a90a81580891acc31d21ee1411", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954235, "uuid": "21310089-d61c-4e7c-ae01-1e2cba6e7405", "comment": "Malware payload (Heodo)", "value": "252262e4e3609577f58efe5a93f574da532408aa49072f6ea33ac23ed7dab0fc3b2f886ea8bfe6b957034e22cc03fe41", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954235, "uuid": "4938a0d5-b826-4365-ba1b-468459eb70e9", "value": "T15125AE223AD5C07BE2AF16760506E76E62F5FD304B2586C36FD11BAE6E345C29739302", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954235, "uuid": "954dd9b5-0b09-47cc-bd56-001c5f0c72c3", "value": "c43d7d6aae03def404d4e73d7d3f62eb", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954235, "uuid": "2b655185-5803-4c4c-b6af-295ce7784857", "value": "12288:+LDlVD0Fj+g1dEJgcIzQHBKeWZlQ85tFjNRLU:Ci6fgcIcHB8ZbbLU", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647954235, "uuid": "90b13b0b-9894-4d9a-9c50-f17e6332732a", "value": 1028096, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647954235, "uuid": "49a584a1-85f0-4f3b-9d79-71612ef8d476", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954235, "uuid": "0cf06c48-b302-4914-9bde-d5f2f0037154", "value": "637d4ceb360a2c6cf4d6f52e63e3acbcde58e24357545d2effcb368571ecf1bf", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8315accc-a9e4-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647955945, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955945, "uuid": "d934dcc2-49e5-42b9-8968-8dc938cee096", "comment": "Malware payload (Heodo)", "value": "10849f35b3df023cc17cb1f878b8a63b", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955945, "uuid": "916ec028-763d-469e-bb7e-4401f7c791cf", "comment": "Malware payload (Heodo)", "value": "639af87e5993c1411cbb0435ed0510bcc558066a51be031beb42129148e543b4", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955945, "uuid": "53c4eff7-1b75-4932-a9fa-3ae5e1bc69bb", "comment": "Malware payload (Heodo)", "value": "9e4c5014cc9c6c8b054cb7b3f4baf427d59b0306", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955945, "uuid": "c5c9210e-453a-4911-9c99-b95cb40c635e", "comment": "Malware payload (Heodo)", "value": "0079b7334b090b6ff4c749bbb7b22d86a93b9a7ee4278d390fa24cc96ff9e69958b0bc43405de6ebbe5bf89d0e34db0f", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955945, "uuid": "ff4a7588-4a4e-40f5-aa2c-8b1125cc89ee", "value": "T1ECD41B017498F0B3E38918B04A858AFB724B5DB296117073F2ED378CA7725F15CE766A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955945, "uuid": "4754e4bb-589d-4cbf-b213-79160b03c6be", "value": "b193e4975b360aaa9ff34a6f93823ae8", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955945, "uuid": "2b4ea447-0d7a-425c-b7ac-b372984efb2d", "value": "12288:pao0Se86lloPxHHVVIjqxEqRVoQmiIII999tLLLdAkkJoFLZZWbClgluPcRBATfA:AqxETMJ777u3OmONFqNJtN1v96TOAnG2", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647955945, "uuid": "28732191-07b4-479f-b456-c44f2a5571cf", "value": 638976, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647955945, "uuid": "5a223b77-7688-4473-8e51-67cb70b1a7db", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955945, "uuid": "3d52554d-6fb3-4755-9987-6f8d5721f3ed", "value": "639af87e5993c1411cbb0435ed0510bcc558066a51be031beb42129148e543b4", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6a10fce0-a9e1-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647954615, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954615, "uuid": "b5ead1a7-1bd9-4de5-b7a5-816f63ef8507", "comment": "Malware payload (Heodo)", "value": "25bad6eeeb1805061e59750caacee799", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954615, "uuid": "7d91d7de-cb0e-40e2-874a-e23d06fae099", "comment": "Malware payload (Heodo)", "value": "63dfee42a99ba84140c2fc314dc984ae8dbca744ab284437ed0719e4207445ad", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954615, "uuid": "ba154a47-10cb-4b5b-ae7d-ac01d68f464c", "comment": "Malware payload (Heodo)", "value": "1ea6b48c6077f7cba4e1761f5019206997c8842b", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954615, "uuid": "9dd86f90-0f24-47e4-ba14-d0fdb785171c", "comment": "Malware payload (Heodo)", "value": "1f2a6055b2df93a8d1ce7c8b53106a2f3268c0f6e29e64518dd020c060f9511f06622137be719e5173d21ed112097fb9", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954615, "uuid": "5dd13ed2-23a2-4936-9b77-0817addf4dfc", "value": "T13BE4BE6176C2C0B6C15F017A5946E31D62E5AD609F3896C3ABD4AFBFBFB50C29D34202", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954615, "uuid": "0b38da46-43db-4afa-8ca4-aa442ee669df", "value": "5529db874583b5635436baabaebb4b71", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954615, "uuid": "16688466-f232-470c-81f2-881a6aae4e60", "value": "12288:Z6ZLutvgrwV8RQc5W1yS0ezL9J6XKTe/vyzfANcN/kJhXx5y:qza8RQc5W1P0Q9sXKTLzflBkn", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647954615, "uuid": "d994a0b0-703b-40a9-aa09-7bb1ad8b1517", "value": 679936, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647954615, "uuid": "f85d96ab-feaf-46c2-9e03-4d1e9cc5006e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954615, "uuid": "57bd3ed3-423d-4d6e-a926-571d8a135fb5", "value": "63dfee42a99ba84140c2fc314dc984ae8dbca744ab284437ed0719e4207445ad", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a3f3e66d-a9e5-11ec-9275-42010a9c0029", "comment": "Malware payload (Formbook)", "timestamp": 1647956430, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647956430, "uuid": "e5e8bc3b-9b1e-45cc-80ad-f8fd7d9f439f", "comment": "Malware payload (Formbook)", "value": "2ea2d9930a7d2a8fa6d72ad72b75aff8", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647956430, "uuid": "dfb8f976-3c43-4a2f-8286-4f3fc48728ff", "comment": "Malware payload (Formbook)", "value": "63f565a5108d757c36e565bd6f4d2ea6410445569d0ecbc70b9c33ba4115f0f8", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647956430, "uuid": "5f1a2311-c06f-49da-a6a6-cf39d4a95ef5", "comment": "Malware payload (Formbook)", "value": "af704287f16628ee1650d84d29037f8f675c63f3", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647956430, "uuid": "0976fa80-78c3-4e3d-8356-072a48b40b85", "comment": "Malware payload (Formbook)", "value": "72f6628ad49c0a19d82ff95f8bdf478a16a9d8e6f0b9251f0c72a2d57adf17ffb63213ff614a606fddfc0c2a87c548dc", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647956430, "uuid": "92bc556f-d0d9-4a61-976a-4b4a6d2d82c7", "value": "T10E35C0A2B6915433DA332E389D5BF7A85C75BF102E2898863BF41D0C6F36241BD152E7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647956430, "uuid": "346b2b71-2715-496a-b56a-b43b8f383799", "value": "d8f60ca1875964a961eb776244c39814", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647956430, "uuid": "ea606006-587b-406b-8d89-2629e7a770e0", "value": "24576:3GkQ9ftdUDQVYxNEeFgbTRUFau59fXwQlEeK320dkgbUhAvi9W8OLxZdPYk:2D/zLK9tbH47pYk", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647956430, "uuid": "1284d5a7-003e-4f39-98dc-9ce0fe93fa40", "value": 1098240, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647956430, "uuid": "271ec3a8-0eb5-4e73-b141-434da377b614", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647956430, "uuid": "5f617080-395e-4192-9598-8a290cf568aa", "value": "ENQUIRY PURCHASE ORDER.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9457ed3e-a9ed-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647959840, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959840, "uuid": "5e190159-de64-4cd9-9427-150e012a576e", "comment": "Malware payload (Heodo)", "value": "06eec330dd794f11098b1941253a0436", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959840, "uuid": "e3316033-0de2-4288-aa32-43ffbb38421a", "comment": "Malware payload (Heodo)", "value": "63f6b2b478aeffbd6782860882de0c4f562d81d4125d437c76321271e0bd5ae3", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959840, "uuid": "53113d29-dbb8-4f94-94a8-d2328c6dd567", "comment": "Malware payload (Heodo)", "value": "984a40d693b3356176f5fd3310209bbb25e23023", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959840, "uuid": "63fd89de-0e79-4c52-803f-25058cbe7ca6", "comment": "Malware payload (Heodo)", "value": "4648ae982c6253b4c31d74be813d8900b3a5c98c0ed5ced79888a9070a02dea460956748bc2e7b1ef35df6c7459cb654", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959840, "uuid": "1d9547a5-e172-4327-993a-7916e6456206", "value": "T1A8B4194F1E989172F0CF28776C22FB65F1EBB8009319B8116EA81B4CFB25B715961D4E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959840, "uuid": "44d8a8cd-be23-4e4a-86ad-e23a517e9877", "value": "ea66334e3c2bfce2838f2a75dde8dc63", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959840, "uuid": "eca04f95-7a9d-493b-85e9-0e3dad545728", "value": "6144:8JZToYE666spbEgoZhZO1tKI+rB7FNXtwN2B5mq8dbSNQ7dqNThMx:8v/goZoqlF/wN2PmBzdqNTWx", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647959840, "uuid": "8f93c27a-e6da-4ebd-8052-3fc218f1e12b", "value": 516096, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647959840, "uuid": "88a89123-7922-477c-9cc8-1c1bb11b2237", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959840, "uuid": "3f77613e-b64e-418c-a753-fe7762619cdb", "value": "63f6b2b478aeffbd6782860882de0c4f562d81d4125d437c76321271e0bd5ae3", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5370f551-aa0b-11ec-9275-42010a9c0029", "comment": "Malware payload (Loki)", "timestamp": 1647972616, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647972616, "uuid": "f04575bd-d573-438d-bbaf-8b207b90b134", "comment": "Malware payload (Loki)", "value": "7d5ee425abf00f011132abf82c82ccc2", "object_relation": "md5", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647972616, "uuid": "53122660-910e-446e-a4bc-7545f265d055", "comment": "Malware payload (Loki)", "value": "6446ec16fefd0245dfa025cc8ee4f8cd68652217650612f523a246cf0fd26d2e", "object_relation": "sha256", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647972616, "uuid": "b9bc61bb-68b1-4553-9c75-c5c6d80736cc", "comment": "Malware payload (Loki)", "value": "3da5c645834ca6c008fbe2e362c22cd961eed2c7", "object_relation": "sha1", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647972616, "uuid": "34a6c11f-0fa2-485c-b4b2-fbc30ff92f13", "comment": "Malware payload (Loki)", "value": "e3f5476b169df93deaf6ebe4d6b709c74f55e1145d05ad99bd2b1091cbbcdb2ccf9300ac51b26c65f25fe0238ffaa056", "object_relation": "sha3-384", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647972616, "uuid": "9a0908e1-db34-41ad-ba22-e64bea7310ad", "value": "T1D41412A8B7664F62C1F9F574632BFC8E86725FB2280193BB34C53A3C9835A4145B1D27", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647972616, "uuid": "adea28c3-3850-45a6-aeb5-7f48b98ce123", "value": "3072:sskzNJuL3md01osjMIhp+pp+CDcMwKtvh4c0Sq4IwkNtV0GLVKgXe9P9k:MKL+aLLhpEcMZJGc0Sq4k1VKJ9PG", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647972616, "uuid": "0e243356-0a87-4fdc-ac6c-e29c1738defd", "value": 190424, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647972616, "uuid": "b7d862c9-35e6-4164-8106-7518f4a1e6e4", "value": "application/encrypted", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647972616, "uuid": "c2bf5a7d-15c5-4ca3-b02a-b510772b21c5", "value": "Payment Advice 0084099.xlsx", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f446244f-a9ec-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647959571, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959571, "uuid": "26ac4dc6-5efd-49d5-922b-80655f288f08", "comment": "Malware payload (Heodo)", "value": "1f536b914387095f6b7e26ca4d418890", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959571, "uuid": "cb6d5c0d-de1a-4f90-999e-2bc216030229", "comment": "Malware payload (Heodo)", "value": "644c2e30ab138b228667ef0570998f69f30e1d44275feafc749af223843338e8", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959571, "uuid": "12dbde32-e2d3-4470-b4f4-1e666c4166dc", "comment": "Malware payload (Heodo)", "value": "96ad6567ce6d254e8da4dcc95000dc09aaf93342", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959571, "uuid": "a906d8cc-56fe-4d45-b4e5-27ab550126df", "comment": "Malware payload (Heodo)", "value": "a818506ce47275c1beefdfca7d4c9e8c87fb7549346d46a9cef67dfe1306e55fee95a2c2e1ab394d9fb3708370376168", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959571, "uuid": "a9e7e6cd-c122-46b5-8bf1-ed6ce739a114", "value": "T14BE4BE517B81C0BAC25E30B54556E37962EDA9709F3893C3BBC46A3F6E741C1993832B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959571, "uuid": "ba54f50d-d03c-4059-98eb-e2c3b8cae458", "value": "cca9170027b8a1c09e4e49e3efdfdd6a", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959571, "uuid": "14a7ab21-30d4-4c20-97dd-57829bc68638", "value": "12288:y6f5tUaLG1iZuyzbVysg1wuKSKDYjX3rUXY:ygHpbVy97R0YjX3N", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647959571, "uuid": "96050b82-8180-4395-b229-f713498f265b", "value": 668160, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647959571, "uuid": "1361ff8b-3879-4f01-be50-ccead7714dad", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959571, "uuid": "c2a0f2b9-5175-4dc1-ba23-b3b3dbcf41c0", "value": "644c2e30ab138b228667ef0570998f69f30e1d44275feafc749af223843338e8", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7b168d71-a9de-11ec-9275-42010a9c0029", "comment": "Malware payload (Quakbot)", "timestamp": 1647953355, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647953355, "uuid": "52c06126-1d5c-4d34-8854-6a213672f8fa", "comment": "Malware payload (Quakbot)", "value": "7531aa8c3508046d1f17de8087915332", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "obama168", "colour": "#ED4CA5", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647953355, "uuid": "f71c2b00-fbae-48d8-ab39-f2740ccd9789", "comment": "Malware payload (Quakbot)", "value": "644f00812319bdb00411294b2ddb4e9f86bf0797f825543ea0fe16db1e1aea4e", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "obama168", "colour": "#ED4CA5", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647953355, "uuid": "21055a36-660a-4d02-9397-b4d738c25e64", "comment": "Malware payload (Quakbot)", "value": "957b8cd7babadf9d5104fb11e7508def071e08a9", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "obama168", "colour": "#ED4CA5", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647953355, "uuid": "d8365752-98be-4b9f-89ed-9e3b38771ce9", "comment": "Malware payload (Quakbot)", "value": "4dc5bf95d6e573f2a792e8658e2ea5290f9805daf6428b29b6926c5a89ed0fc601994c8460687d052bd5d9c42db95bfa", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "obama168", "colour": "#ED4CA5", "exportable": true, "hide_tag": false }, { "name": "Qakbot", "colour": "#1EAC47", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647953355, "uuid": "0fa722eb-0d0e-4d0b-888d-2ec2b9411c6f", "value": "T19AB4C0B53604BDE6E57F463BD9A59CDD137626228AC7D8CD90A077C30A733A1EE12C06", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647953355, "uuid": "9cfb30c4-f427-4863-bc7c-3209c4c82e45", "value": "9e45408bef939ba7b084556548e54b63", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647953355, "uuid": "9fab184f-2cfc-480d-ac0f-8eed3595d5db", "value": "12288:l7kLQI89Rji0iEm2aY6XXQtVOlrFaMUm3HNNkpIdYKi:l7QxkjFOXKO5FaMzHNSpIC", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647953355, "uuid": "cbe11084-e4fc-4d83-95a8-2437ce2fe2fd", "value": 523264, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647953355, "uuid": "c450ce4c-348d-4d98-bd9c-d83c98eb3cc2", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647953355, "uuid": "408731f2-137d-491f-965a-2afd499c53ac", "value": "644f00812319bdb00411294b2ddb4e9f86bf0797f825543ea0fe16db1e1aea4e", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1c45de58-a9ea-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647958350, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958350, "uuid": "fccb93de-67ae-489b-8f0e-e5aa15ac4920", "comment": "Malware payload (Heodo)", "value": "5ce39659acb4c4ef53c7fbc14b9233f7", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958350, "uuid": "fc32786f-06e2-49f9-9d9a-2658ee7bf1fd", "comment": "Malware payload (Heodo)", "value": "645c19a5f138ce514c5be5f5be836a362c96d98aaeff5d3e1911dce691068ffa", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958350, "uuid": "d70b82ce-3563-4aa1-85db-17b0ca04d687", "comment": "Malware payload (Heodo)", "value": "d23fdff3d9ef241f6af74bd6556f2c11acec41e0", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958350, "uuid": "45f6a08c-8c85-4edd-8c67-fdaddef9cb3d", "comment": "Malware payload (Heodo)", "value": "5a917f60c1b1c1ef06d4474663633648f6e0b863f431b5948ccf16659575ed4d09ae5595c02acc58fbfd581b7ae5722c", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958350, "uuid": "e3bc9fef-e97b-4de1-8a21-e4721a408cee", "value": "T142059C596B46C0F2C3B53CF0182A42B11D9AFAF2C7B7023B9E84167D9A70DC17768D5A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958350, "uuid": "8218dcb9-6634-40e2-8bab-0f4a24fa2cf2", "value": "cd97bd977cef263c697f451ae2c47380", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958350, "uuid": "25266989-f689-469c-8c34-aa1038b7afae", "value": "12288:V20BXOMcVzpWfmmnDD7X5P8fMYsvFE6NKGfLjx8QvbxafqNPOd4jy:V9XOMc1KmmDXX6svFEDGloyNPOO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647958350, "uuid": "2382a9cc-9921-4bac-bdfc-b77556a60b42", "value": 799232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647958350, "uuid": "ebc1a5cb-32eb-4169-8506-86bde7dc15a0", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958350, "uuid": "81436955-8603-49c8-bb30-6ee288ca4948", "value": "645c19a5f138ce514c5be5f5be836a362c96d98aaeff5d3e1911dce691068ffa", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "084deec8-a99f-11ec-9275-42010a9c0029", "comment": "Malware payload (DCRat)", "timestamp": 1647926104, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647926104, "uuid": "ec8cd444-8eb2-4b01-9fcf-1e5361d26eb6", "comment": "Malware payload (DCRat)", "value": "dcf14db08b3b858c45aee124c0760446", "object_relation": "md5", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647926104, "uuid": "cc27a8e8-fa82-4971-9fe5-a33387c9c19c", "comment": "Malware payload (DCRat)", "value": "64677140e278a55685d32be9a27d285293f10a8b5fc0b7366f9f5bb5fd2cc870", "object_relation": "sha256", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647926104, "uuid": "076d1fd6-3df8-49c9-b4b5-163ec3e87e25", "comment": "Malware payload (DCRat)", "value": "3e785914a0f78c04b53c989f8a55ced64c05a288", "object_relation": "sha1", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647926104, "uuid": "4c44ae11-a189-44de-bc43-b4d7afaa406d", "comment": "Malware payload (DCRat)", "value": "6bf800efdec743055a9347d314978a17f1a5748d4457606f9c04a6660002643ab2b5ba9f82694cb2741b0bd95fae8d60", "object_relation": "sha3-384", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647926104, "uuid": "19b691a8-18c3-478d-9adf-170bdf9c29d5", "value": "T1F7B41A342AE95929F17BAF79C9F13596D73EB5637B1BD60E089102CA0623B01DD8073B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647926104, "uuid": "35535558-0ca4-4919-bd10-22ce59568fea", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647926104, "uuid": "fb04110e-7e86-4c43-a977-496e30f978ce", "value": "12288:DCRKK2WGN8zoI+dByPpSwreEJS/HtO0IBEs59KE:DTK2VNmDSyjMM0mj", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647926104, "uuid": "4e29aec1-5699-40fc-985e-355316fecbd5", "value": 530944, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647926104, "uuid": "78f9c2f1-4ebd-4ce8-b431-c2b7a4707630", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647926104, "uuid": "ca1c82c0-d6ba-4513-9919-293478818d2f", "value": "47285950.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8f15e22f-aa10-11ec-9275-42010a9c0029", "comment": "Malware payload (Loki)", "timestamp": 1647974863, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647974863, "uuid": "475c2d12-356e-46a4-8e9d-a224bf57e4f0", "comment": "Malware payload (Loki)", "value": "76b034cc374137e73fa5ec0f28e2b493", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647974863, "uuid": "b9cdfe38-c5dc-45bb-8d6d-3fb4fa7407f1", "comment": "Malware payload (Loki)", "value": "647fd63e08b9d0540c4db788ec827227dcd9d00b77ec35773135eeff5a9c7081", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647974863, "uuid": "1ab19eea-a131-4ae8-a679-cfd7ccd3cedc", "comment": "Malware payload (Loki)", "value": "f7cebeae04e65f356218404d2f48ff101a2d6a91", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647974863, "uuid": "1062dd19-3388-420e-ad69-c6741f5745d1", "comment": "Malware payload (Loki)", "value": "8184f4310ac33562b82045840ac1196615d0ed3ffc69b67b7a3291b765dc36942f996101595812fc9acc9aebba12dead", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647974863, "uuid": "0e36340d-89cf-4de1-abad-ce68f896da08", "value": "T1423412A995C0E9BBD085483019779337F376E29603F66B9353F89E291FB361749182C3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647974863, "uuid": "951631ce-2bc2-4c68-bdd1-9b1b830d6cb6", "value": "7fa974366048f9c551ef45714595665e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647974863, "uuid": "12d78054-5e4e-4762-8993-50d7620b7057", "value": "6144:rGiWCUvV5VfDuNEDAkb58qVP5MAxH6kVxTyeeCmaoLtNlp:xUvZfDukb5jmAscTmaoLtHp", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647974863, "uuid": "82f779cc-6aee-4986-a494-b994d072ae4c", "value": 243490, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647974863, "uuid": "574a0545-6ea0-484e-a8a8-0ce34c9fc9f3", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647974863, "uuid": "221b76ed-9d9f-4190-ae53-c7f232e5eeb4", "value": "76b034cc374137e73fa5ec0f28e2b493.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3034a224-a9bb-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1647938197, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647938197, "uuid": "e34762ac-195d-4648-84b4-fbe55af5c521", "comment": "Malware payload", "value": "6b2a8a0e3016ab637288cd362f4c7d4e", "object_relation": "md5", "Tag": [ { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false }, { "name": "ps1", "colour": "#BE684A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647938197, "uuid": "396216b7-d5fb-41bb-8c95-103b35ac7b8a", "comment": "Malware payload", "value": "64d7efad5d25b855cea56d47acc033ad48cf955ec3e16fbe122313eb0b25ba77", "object_relation": "sha256", "Tag": [ { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false }, { "name": "ps1", "colour": "#BE684A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647938197, "uuid": "44720b0d-cffc-45db-a129-394830098fc8", "comment": "Malware payload", "value": "0293f35f9d2232dea64b51bea00a4756963c74a3", "object_relation": "sha1", "Tag": [ { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false }, { "name": "ps1", "colour": "#BE684A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647938197, "uuid": "cbb411bb-5b72-4c14-b805-265582edc133", "comment": "Malware payload", "value": "10abbb8d05e2126feaa4d6b3ddbad8444431f6cad48aa7ba46ac5a25841cbd8147635dde13cd82abd7619b0fc8a910cb", "object_relation": "sha3-384", "Tag": [ { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false }, { "name": "ps1", "colour": "#BE684A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647938197, "uuid": "f669b22e-ee11-4bb6-a965-7792f49a7a6b", "value": "T1D22121019169DC37DEA07E04B55AAF85EC0251A2225A6FB513FB2118D8531D2C0FE283", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647938197, "uuid": "b85a064e-a149-4301-8d32-0dd29fcdb2df", "value": "24:AxgPjE87ZkLCHPKC2bObWu62ObR4VMC3t62ObuzVMnZC:AKEKP34Gz62G6L3t62Gud", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647938197, "uuid": "ff37d79c-651e-420a-9ee6-bc14e0f46dc1", "value": 1223, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647938197, "uuid": "566886a5-d5d7-4328-bb0f-0bf99400c52a", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647938197, "uuid": "83bb0909-c3f9-41e1-a260-e646d7149e40", "value": "New Text Document.txt", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a5b601bb-a9ef-11ec-9275-42010a9c0029", "comment": "Malware payload (Gozi)", "timestamp": 1647960728, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647960728, "uuid": "b23cd55c-56f9-4ca9-a4cc-944b997fdbf0", "comment": "Malware payload (Gozi)", "value": "5cc6ba143e3c3ad5ba978148d213e1ac", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "mite", "colour": "#5F7C2B", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647960728, "uuid": "3ec355f0-5280-4f6f-b6de-33129e7f328f", "comment": "Malware payload (Gozi)", "value": "64eb761e7ec0ccfd080a70bd1c6a34de92a5e9aea591793ae08155a211ad3726", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "mite", "colour": "#5F7C2B", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647960728, "uuid": "81ce277e-16f4-4981-8fed-b7a430b7107b", "comment": "Malware payload (Gozi)", "value": "39d67ee1af666dd307049ac017bde0c75f9d120c", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "mite", "colour": "#5F7C2B", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647960728, "uuid": "1ea11438-fef7-4a6d-ac25-d931eba2b60f", "comment": "Malware payload (Gozi)", "value": "83b65a2d11e5c4754ac3f35c3dffe5218c7c654a276888eec991a1fdc2c956401d12757f28dae69ff9b58e0849414916", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false }, { "name": "isfb", "colour": "#93835D", "exportable": true, "hide_tag": false }, { "name": "mite", "colour": "#5F7C2B", "exportable": true, "hide_tag": false }, { "name": "Ursnif", "colour": "#09785F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647960728, "uuid": "d0791d6a-586c-4f2e-9f72-c5fbaf7832d3", "value": "T133E48F32B2E14837D1B32A7D9C2F6358993ABE112E2C594E3BE41D4C4F356513B252EB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647960728, "uuid": "bd6d7c47-f0bc-42b1-9798-d9a753902ce0", "value": "8db49d690390954da94a6b4156eaf4e5", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647960728, "uuid": "efd1d43d-9634-44c9-b5b0-b295b27e37a0", "value": "12288:6Q3RibhtyxYJcyfnPDdpkrqdtE4YCvcsy8l4L9tpKwsA:6SoF8mcyfLdmmfE4YCksy+4L9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647960728, "uuid": "431c1fdb-4a7b-41b7-90b6-6e6bdceb8527", "value": 670208, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647960728, "uuid": "eb291fe9-8195-440d-9aa1-ece99480d6b2", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647960728, "uuid": "52aa3997-b7b4-4f84-b6d0-f7e64149ea7d", "value": "readme", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "67f6d89a-a97d-11ec-9275-42010a9c0029", "comment": "Malware payload (RedLineStealer)", "timestamp": 1647911662, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647911662, "uuid": "f8655e81-6850-4674-84a7-9d85483a43d9", "comment": "Malware payload (RedLineStealer)", "value": "ca8aec7bb6d466ab0cbfb229bf30f47e", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647911662, "uuid": "8f79aed9-7103-414a-8f9b-659037362b2a", "comment": "Malware payload (RedLineStealer)", "value": "6527be1d68b587b91498dd7cdbc8956b777e7b7bea513c0970f7e0564c990f20", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647911662, "uuid": "228ac00f-a46f-49ac-a30f-19c6060f4309", "comment": "Malware payload (RedLineStealer)", "value": "1776c420c1e2821a86b97d7c00ff06848b2eb5a7", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647911662, "uuid": "5c67bebf-5377-4af6-b301-c81c601b5b47", "comment": "Malware payload (RedLineStealer)", "value": "9883e24875d23c787a300095c48320f46757266c654b7a685ff15817e2e0e5292f0e540ba006937bd3dea27375bca6ef", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647911662, "uuid": "cd37c7be-dde0-4887-be8d-d929d17a2efc", "value": "T1E72633F50921093AFC2D06B531B63B3EC9ED817CD58D240692D3188EEEFB5529998F78", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647911662, "uuid": "be5feb18-e97b-4e6a-978c-3c1ccc65bb99", "value": "7dc28ef949f54ad98c715895ecc34cff", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647911662, "uuid": "bf35767b-ad06-412d-a3cf-63af6f275c14", "value": "98304:DxvVxOGdXwvq+NRkEBpys+aoSxKZ19TWtd52Xvtn:Zvda7N/BIs89dW0Xvtn", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647911662, "uuid": "8cdddd90-eb06-4186-a3ec-0a80d3e51d96", "value": 4535664, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647911662, "uuid": "4e6f35cd-e34b-4eeb-bd9f-16ce95ee339d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647911662, "uuid": "6431da37-df6f-4597-bde0-eb1c2cd0bd40", "value": "40712941.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "96affb3f-aa05-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647970152, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647970152, "uuid": "e43dce94-6e7f-45e9-92cd-a755adf26a34", "comment": "Malware payload (Heodo)", "value": "1d751486f1e5f95ed1af5be622312ee8", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647970152, "uuid": "fa84726e-5846-4f03-b56b-8cb0252b68a7", "comment": "Malware payload (Heodo)", "value": "6536eed9ba4618ab58b9ecdf775b6410cf7b5fda9f99b4141985c061f2f0c8b2", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647970152, "uuid": "de896e97-c1dc-4241-a415-8243022c268b", "comment": "Malware payload (Heodo)", "value": "bbde277375745d29e8ee084b85837fd40f74800f", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647970152, "uuid": "d56a4677-0f18-4014-b898-02bad996bf8c", "comment": "Malware payload (Heodo)", "value": "ae0d10cff33e83cdd7dcda9cdc7fdcff70505ce421aed1d549431efd523c047666c0b605213afbe6d27a747f76fc4300", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647970152, "uuid": "8233077c-da9e-44fb-9c5c-7c032981ca4f", "value": "T12C84190173C390F0C657A574840FD525ACB7B87C6B18857EB28BA26F4BE78D09A346F9", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647970152, "uuid": "d12deee1-eda9-4b07-b65f-f0480ae25091", "value": "c7be10fff3b5624b64714e5733abbf40", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647970152, "uuid": "fb75acb6-04e9-4229-89b1-9c93b6bad00f", "value": "6144:S5uok8qcKhyMlSXVKfKGS4Tp3wb8iZ7B1yarhA7ArkqBo5:S54yM33d3q3Z7Bogxre5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647970152, "uuid": "494be581-cb39-404e-a7b8-72f0695f1aae", "value": 399096, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647970152, "uuid": "1e18c38b-79c5-4d06-84c6-0c65a5233054", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647970152, "uuid": "f4488f15-70f4-4c73-92a6-f63dc45bbc36", "value": "emotet_exe_e5_6536eed9ba4618ab58b9ecdf775b6410cf7b5fda9f99b4141985c061f2f0c8b2_2022-03-22__172906.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "64ad3881-aa14-11ec-9275-42010a9c0029", "comment": "Malware payload (RedLineStealer)", "timestamp": 1647976510, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647976510, "uuid": "ddbc66a6-f929-4232-bd51-c183e15150c6", "comment": "Malware payload (RedLineStealer)", "value": "2088e13f9b42849fac44b6466d053d58", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647976510, "uuid": "950105b2-18c7-4eba-9904-431334dac851", "comment": "Malware payload (RedLineStealer)", "value": "655ae423bd814d6a0f1510a7d14d33480a6793f8a2af94e0fe6b5ce1ac2d832a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647976510, "uuid": "8257c67c-23a7-4740-8b25-189503c23fed", "comment": "Malware payload (RedLineStealer)", "value": "82fc4b63473ab32444ffb8ceee1fcfed6be491aa", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647976510, "uuid": "db48475d-9846-4b87-a0da-a2be8d84e47a", "comment": "Malware payload (RedLineStealer)", "value": "78201ad498b6799b31c2addbf44750ccba6a1d6692eadf3a31da0f25a0af001a108043166696b2299400fa9f38af5ef8", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647976510, "uuid": "a2baca3b-65ce-4f7a-ac7a-26341af69f34", "value": "T14C26233743A96395D0DCAC37C53BBED0B1B6427E4B81D8B866D6A5C71B328E4D302A47", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647976510, "uuid": "d084ca87-2e90-4040-9168-c6773eb1810b", "value": "b2ec5e305a410e6442f3911ef61575a5", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647976510, "uuid": "77427928-bae9-4e5f-9c7a-6b4765416738", "value": "98304:mUPHkElHGisq5VJxuHjrXAYfRNFOwH+2vtkX7eb+a:mEHkElHnVJxuDrgwHvb/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647976510, "uuid": "3a20de5c-e8cb-4fdf-ae90-04f7cb669b57", "value": 4720280, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647976510, "uuid": "855f2050-4c05-4c75-bfb5-e45176d4d7d4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647976510, "uuid": "a22298d6-6b58-46fa-9510-cceee0796a82", "value": "50467213.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "de756f78-a9ed-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647959964, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959964, "uuid": "428a0daf-5fe5-4e9d-85af-ace294475f8c", "comment": "Malware payload (Heodo)", "value": "fd62c685d4197889a1177fa94f125c1a", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959964, "uuid": "ae727264-0bd3-4bca-bbf2-afd18f6d86f9", "comment": "Malware payload (Heodo)", "value": "656939c1f54eb34d6a7ba9f7d51468633e4cf904260f14ce29b835face784aa0", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959964, "uuid": "380e0248-d955-44d3-ba40-2f08bf3e0bcf", "comment": "Malware payload (Heodo)", "value": "79f8b6b8315ee9185878a365906397cf146f89de", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959964, "uuid": "1088fc10-6c8c-430c-9e53-4f814fd70439", "comment": "Malware payload (Heodo)", "value": "c90a467436b5acf90a1bd0da7a8f90545292bfa8100f3f694cf252cb4c5ac3df7e3ce29ae3cddfccb8644620561787a8", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959964, "uuid": "f7fae6f7-ee55-4c8c-a754-1c50151f3e41", "value": "T1ACB4194F1E989172F0CF28776C22FB65F1EBB8009319B8116EA81B4CFB25B715961D4E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959964, "uuid": "c8ad249d-5cd3-4c11-a86a-dd7f83fdc0db", "value": "ea66334e3c2bfce2838f2a75dde8dc63", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959964, "uuid": "585b18a0-48f8-42b3-bd80-ed5f11007c18", "value": "6144:8JZToYE666spbEgoZhZO1tCI+rB7FNXtwN2B5mq8dbSNQ7dqNThMx:8v/goZoWlF/wN2PmBzdqNTWx", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647959964, "uuid": "1e819f3c-45d0-45ef-ac7e-0c0a2c5e03b2", "value": 516096, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647959964, "uuid": "17eb2e80-628e-4bc3-b79f-c5c3e176031c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959964, "uuid": "55423172-df7d-427c-94ed-edecaafc7f4b", "value": "656939c1f54eb34d6a7ba9f7d51468633e4cf904260f14ce29b835face784aa0", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e876e56a-a9e2-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647955256, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955256, "uuid": "23b61b42-a111-487a-a193-edf54a938d80", "comment": "Malware payload (Heodo)", "value": "34b5fc54d29b68b44c9ff8b04492f068", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955256, "uuid": "f38cb8ed-75f0-4a1c-b9ee-efb5536cb69d", "comment": "Malware payload (Heodo)", "value": "656c2e254b4d466eca095753af2f5838e63402886114feab66296f89231d1089", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955256, "uuid": "4dcc9d33-4e53-452e-aac7-d0d9a2f719ab", "comment": "Malware payload (Heodo)", "value": "3a5e674dbe9c3a4301b459d956fbde64ae294581", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955256, "uuid": "4c33e43a-e048-4aae-a887-97fea24445a8", "comment": "Malware payload (Heodo)", "value": "8805cf53102868a4e40ad9228da1853fdc7ddd7c3d02f9e3fa0c8b1f5cadf179093664b0e2421fce98b19f140c9dad2b", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955256, "uuid": "16ac5834-f5fa-4e31-90bb-5e91da94b2a9", "value": "T1FBD41950735AE1B7D0429CB58D1A82B5A90F6CA14A2471F3BBDE371DEB789B017213CB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955256, "uuid": "d2957838-c1ee-438c-a507-0f809692a625", "value": "463401f61c44b0d918f1e23374db995b", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955256, "uuid": "ad28ff05-fff7-4029-966d-3ce6bda8d0aa", "value": "12288:DjN/Z2wkRrA9CRDCkElAjHDsndSyHOrNvEP0Oua:dEHR+CRUyfsMyHOpJL", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647955256, "uuid": "6425e68f-aaf7-4835-9ec3-2eb1ce962ca8", "value": 613888, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647955256, "uuid": "eb628ba4-791a-4194-8b89-cc263b8d6377", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955256, "uuid": "eb75d97e-d785-4095-b653-e9085bb64a71", "value": "656c2e254b4d466eca095753af2f5838e63402886114feab66296f89231d1089", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7a0b47e5-a9ea-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647958507, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958507, "uuid": "97f4755b-c976-451b-89d2-674f4d4bd30d", "comment": "Malware payload (Heodo)", "value": "5063ac18e1c97013ffee74a36c2a2787", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958507, "uuid": "4a67e5c5-2179-4b35-821e-5116e64f22b6", "comment": "Malware payload (Heodo)", "value": "65853d654f8cef378b67e5749417e5640949c642343ba9409a24894c9356b7b2", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958507, "uuid": "86af73b7-e1c1-46ee-bd64-b39fc5e47cc4", "comment": "Malware payload (Heodo)", "value": "30e3901efb5c96d404e8665243b71ac36618db25", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958507, "uuid": "add192df-bf4a-4192-b25c-e6c21576575f", "comment": "Malware payload (Heodo)", "value": "660626c548a1e63feca8e0d847ae69f0a7f836fc2801fe94e6c231874e782b46f8396338905e8ce83e451b8c0f5ac20c", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958507, "uuid": "a5c83f27-df5e-4ef3-90e1-7a1213358e97", "value": "T1FB059C596B46C0F2C3B53CF0182A42B11D9AFAF2C7B7023B9E84167D9A70DC17768D5A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958507, "uuid": "680bf886-6a28-4bd8-95e6-48e61ac82708", "value": "cd97bd977cef263c697f451ae2c47380", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958507, "uuid": "b6e645f3-d154-4e4f-9580-ae4b1819dbd2", "value": "12288:V20BXOMcVzpWfmmnDDTX5P8fMYsvFE6NKGfLjx8QvbxafqNPOd4jy:V9XOMc1KmmD/X6svFEDGloyNPOO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647958507, "uuid": "348a18a3-16f8-4863-a3be-cb1947ab4d9b", "value": 799232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647958507, "uuid": "e3ecce0e-4319-432f-b16a-b7f21f5b9bfd", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958507, "uuid": "c6e0d36e-7747-4347-b95b-8c6c8f4e5640", "value": "65853d654f8cef378b67e5749417e5640949c642343ba9409a24894c9356b7b2", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "87948fbf-a97c-11ec-9275-42010a9c0029", "comment": "Malware payload (RedLineStealer)", "timestamp": 1647911285, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647911285, "uuid": "fda63cb5-ba87-4bb9-9e25-bf55dcea7b4c", "comment": "Malware payload (RedLineStealer)", "value": "da46903045168e7e6eacdd7a435c5004", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647911285, "uuid": "6f507ce9-94cc-4d7c-8ea8-b45429d6b103", "comment": "Malware payload (RedLineStealer)", "value": "65b6afaaa181470fe61e3f7c7b82569019004172320fbfb41973fd6bb0b9c1a6", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647911285, "uuid": "323ea2c5-8391-45d4-ac15-aec1c7054146", "comment": "Malware payload (RedLineStealer)", "value": "89c1879cb9c6fb7d5cb8b395e3c3048ef76dbf5a", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647911285, "uuid": "4f759146-9eaa-45df-a8fb-1f471bbb16ec", "comment": "Malware payload (RedLineStealer)", "value": "acf0e9e1481576c54e937167c04376015cb0f82b136d33ce8c8db32ba6d33221f9674817bba6ae5ee3cbe56658abf773", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647911285, "uuid": "4878fb2c-819b-40d2-bef3-e4adc29831f7", "value": "T1702633E56993F865F52DC37375B56F67B0C58692A3E44CCBB4B3BBA200E8B835702148", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647911285, "uuid": "db1bdb78-4028-4d94-b66b-0bdc24575f36", "value": "7dc28ef949f54ad98c715895ecc34cff", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647911285, "uuid": "9e045203-0a56-4c8f-bd55-aabb10c0d2ea", "value": "98304:cYfU0bk0WqR3F44dTmZpU9p/6NU4vY9zR9ZVo6SXfgWWqOuKxGwehMvO:5fbrFVEpI/6Hv+8vgWWqOuxweqvO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647911285, "uuid": "432aefcf-327a-455d-8fcb-a1b53e821569", "value": 4433776, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647911285, "uuid": "0347d7e2-1ddc-4a55-a21e-1caad61c65f4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647911285, "uuid": "0faf4349-5380-4610-9a52-3f4bf8b7c684", "value": "39224677.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "769297e3-a9e4-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647955924, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955924, "uuid": "54676a36-b445-4d24-bb54-2860c541b2aa", "comment": "Malware payload (Heodo)", "value": "38f48800498e3ff1a2806460d785ab75", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955924, "uuid": "cb1364d6-0658-4c94-85f3-52f030325d72", "comment": "Malware payload (Heodo)", "value": "65c62f4c4eb7ec8beede11ed8048067126269ed985633255d84d8aeab948af85", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955924, "uuid": "a3139e98-d35a-4e15-b921-b8f89f8af718", "comment": "Malware payload (Heodo)", "value": "6316979f1354f608e04f9b393fc84dc88054c4d8", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955924, "uuid": "ee6813ba-45f2-45aa-b3fb-3f86f38e5566", "comment": "Malware payload (Heodo)", "value": "04c4737d9024d96a7101ba6631c04f164bb9d1b1f88a9089d1be76cd732ee67bec2a5eba9c0379eb5c7ae1d1657e51bb", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955924, "uuid": "9976753c-c1f5-4a61-9f90-3a7ef30d2566", "value": "T11BD41B017498F0B3E38918B04A858AFB724B5DB296117073F2ED378CA7725F15CE766A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955924, "uuid": "4252546d-3c58-44af-b75e-931ee562df4c", "value": "b193e4975b360aaa9ff34a6f93823ae8", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955924, "uuid": "e6f95545-ee47-4ce4-8857-d5bd1a006322", "value": "12288:pao0Se86lloPxHHVVIjqxEqRVoQmiIII999tLLLdAkkJoFLZZWbClgluPcRBATfs:AqxETMJ777u3OmONFqNJtN1v96TOAne2", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647955924, "uuid": "d7ea187d-d791-4a0c-9fe0-fe669d33cdd1", "value": 638976, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647955924, "uuid": "bbb1b888-aa05-4255-9b2c-31bcec479948", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955924, "uuid": "955d1b94-f7b3-457d-8fd0-fc19cbe4c9f0", "value": "65c62f4c4eb7ec8beede11ed8048067126269ed985633255d84d8aeab948af85", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "51435ffc-a97c-11ec-9275-42010a9c0029", "comment": "Malware payload (ArkeiStealer)", "timestamp": 1647911194, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647911194, "uuid": "a3a9e686-520a-4c10-ba95-084c077dbd60", "comment": "Malware payload (ArkeiStealer)", "value": "15108c49a53d4b166509b033819e9ed9", "object_relation": "md5", "Tag": [ { "name": "ArkeiStealer", "colour": "#21CE25", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647911194, "uuid": "fafb1274-a0e0-4cd6-99c1-8767f0560081", "comment": "Malware payload (ArkeiStealer)", "value": "65d3f54277fe05dfa45475724eabc6b582339763e46d8341fa175ed467351e9c", "object_relation": "sha256", "Tag": [ { "name": "ArkeiStealer", "colour": "#21CE25", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647911194, "uuid": "2ec5ed0a-3232-40e6-9e9c-bf0760afcf10", "comment": "Malware payload (ArkeiStealer)", "value": "1421357b38c62d0a72243a03270a565b9fc70e5b", "object_relation": "sha1", "Tag": [ { "name": "ArkeiStealer", "colour": "#21CE25", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647911194, "uuid": "f30f2329-ecd0-463c-8cf4-2953933b37e9", "comment": "Malware payload (ArkeiStealer)", "value": "5b35fb352365e8ef2992292a2db7890dd5dbaf9ffce581d045525af9e713c08b3df8025a580c996df958d1f7253ee86d", "object_relation": "sha3-384", "Tag": [ { "name": "ArkeiStealer", "colour": "#21CE25", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647911194, "uuid": "da14f8f0-ec4d-44aa-8921-024cd2f6c1ce", "value": "T1C1D41241BED6C436E5B34E344479D5A4063BF88279319687E35CBB6F28313E26B27392", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647911194, "uuid": "bd588065-2a35-4881-9f7d-3da8bdefcb6a", "value": "af3a757ab0b3411329f7f3d8abb34019", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647911194, "uuid": "99abba67-5684-481c-8cf3-37a6b73c72f8", "value": "12288:3Yd9Km0ecuEHc9QvwwmrhRV+YpyxKdErUS12R9R30RntB:E12FQ5wAvV+AptzR3etB", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647911194, "uuid": "931629d2-d05d-43df-aeea-20ea7aedce13", "value": 636928, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647911194, "uuid": "a9ba126a-6be5-4546-836a-3677a6595da6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647911194, "uuid": "46cd8a29-285b-4b91-b2fc-7b142410e3b7", "value": "38955063.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d22af3c1-a9d6-11ec-9275-42010a9c0029", "comment": "Malware payload (RaccoonStealer)", "timestamp": 1647950065, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647950065, "uuid": "73cef79d-9dcb-48d4-bd6c-e0500550a498", "comment": "Malware payload (RaccoonStealer)", "value": "66ea6903fdf401a101db1622396a59d2", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647950065, "uuid": "420a154c-02bd-4f68-9177-1315f3ba5645", "comment": "Malware payload (RaccoonStealer)", "value": "65fa28bc56a1b8132aede30afcb70685f90cfccd32f899ffda736b1b4f46144c", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647950065, "uuid": "e991b00a-3895-492e-a305-dc44e14c6646", "comment": "Malware payload (RaccoonStealer)", "value": "a55682934da4c82b290ba3aa0123d2de2be739e1", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647950065, "uuid": "bf116f8e-4541-4a4c-bd50-1b03d0e3d0d9", "comment": "Malware payload (RaccoonStealer)", "value": "52fc262d3a16af3e444c60e14b683ba0947155d0c650406687860f23d8fa028ff5040683e2636bcdcd66ff8c324f3268", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647950065, "uuid": "0dd37c59-c7e5-4f1d-8a16-f0459caddcb9", "value": "T10AB412212F94C137E447A034BA67C3712A7C347215B69C4BB319163D9E703E6BA37B96", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647950065, "uuid": "aa024c12-9a44-439e-b171-6be776f4900b", "value": "82d4c36ef8d8d93a7382f02fd78b23b0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647950065, "uuid": "5b3f2f1a-b050-4088-8182-63bf72c9f207", "value": "6144:2pXXTItGY+lWPByE7tIFfH1XyzgDbXkXeMaH1Y11gO5WUt7G1gNLs0i8hu1Q1om/:mnTIYY+oPsE7KMIHViT5fhTa", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647950065, "uuid": "aa68cf53-1234-41b5-b5e8-9173e81dd6b8", "value": 524288, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647950065, "uuid": "05eba9b2-52a2-4dd6-b42a-b6dd800a586b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647950065, "uuid": "f0edbf2b-af75-41be-bee1-1a48375bd4d3", "value": "66ea6903fdf401a101db1622396a59d2", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "eccc182e-a9ed-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647959988, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959988, "uuid": "cd84cbc4-b131-4201-b4e1-8a685e05e395", "comment": "Malware payload (Heodo)", "value": "c0c62ebbbc82da90ab606f8176afebab", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959988, "uuid": "8266b4d0-4b2a-4c5a-b612-abfa7b600d29", "comment": "Malware payload (Heodo)", "value": "660828738c21e7a08e3550016f88b313f5c00a2681afa1070a46f88b7c4fa2bd", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959988, "uuid": "a395ba72-c495-40d6-bfb6-ede902607ec5", "comment": "Malware payload (Heodo)", "value": "fd5cfa942fd9da035df8f4c71f46d3a2afa40515", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959988, "uuid": "0547db0a-1b24-485d-a4b7-7a7038fbeacf", "comment": "Malware payload (Heodo)", "value": "45c7e732448d393ea22c6218bbb754ffb305ba80d39ce936712c97e42fe2b7e55a655327548f96ac70cd90648793399e", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959988, "uuid": "1a334b77-5ea8-40fb-a107-b03edac39603", "value": "T1C9B4194F1E989172F0CF28776C22FB65F1EBB8009319B8116EA81B4CFB25B715961D4E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959988, "uuid": "23a25055-e93e-4b49-a6e7-1af5d181f9b1", "value": "ea66334e3c2bfce2838f2a75dde8dc63", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959988, "uuid": "29054fb0-b54d-4b8c-9f8b-2108d83eaf60", "value": "6144:8JZToYE666spbEgoZhZO1tcI+rB7FNXtwN2B5mq8dbSNQ7dqNThMx:8v/goZo0lF/wN2PmBzdqNTWx", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647959988, "uuid": "9b72ee41-83a1-47fe-b06e-b65b2c2edaf0", "value": 516096, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647959988, "uuid": "d332ddab-c688-4476-9f95-10f646b50c60", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959988, "uuid": "74955f27-85ee-44c1-81e0-9b28ec896acc", "value": "660828738c21e7a08e3550016f88b313f5c00a2681afa1070a46f88b7c4fa2bd", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5ce7723e-a9b6-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1647936124, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647936124, "uuid": "4bdf2685-436f-4f53-a1d4-28585a3167c3", "comment": "Malware payload (Mirai)", "value": "36a7a355ae82e89019e3d6bdd1dfa5cc", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647936124, "uuid": "d1ffd00a-e5a6-4841-9e15-26e0e4ff165e", "comment": "Malware payload (Mirai)", "value": "6686b5d7f7273b50ecbe0c945f64895a08e4f4e7cc8b254a4c385e6aa425c814", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647936124, "uuid": "7b4b5c52-1340-448f-8d95-183c3360d203", "comment": "Malware payload (Mirai)", "value": "65f58cb5d1c1ec36a5bcbddbff15a90a464930f8", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647936124, "uuid": "296971f0-ce41-43d5-bab4-8602de06c6c2", "comment": "Malware payload (Mirai)", "value": "7dcb5a68e69bb60200eaeb4553ffc80abaced207dc6512bfaf4630f1b827aad0ffdb140e7de92080476b9cffadf37059", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647936124, "uuid": "c6342f3a-42e1-43ab-ae1e-c2a53e6036a3", "value": "T14E732A95BC819B13CAD422B6FE6E418D371663DCE2EA3207EC155F2037CB92A0E77156", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647936124, "uuid": "c9f46965-d075-46df-932f-a6e26955c096", "value": "1536:0BSdgW6tHSCuqm/VCAzPP7rQAOSUB0wKsEVlx151vzy:4SRqHS9T1td00wKsc3dm", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647936124, "uuid": "e6f8b398-b918-4daa-a57f-fe0149f6e3c1", "value": 76652, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647936124, "uuid": "22298482-0102-4335-b58f-f4ac6425043a", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647936124, "uuid": "d4567838-65f4-457e-b6d7-06266a4521cb", "value": "36a7a355ae82e89019e3d6bdd1dfa5cc", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "33a2eda5-a97c-11ec-9275-42010a9c0029", "comment": "Malware payload (RedLineStealer)", "timestamp": 1647911144, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647911144, "uuid": "acfd68b7-cbc7-4b3d-a452-20ed9da05769", "comment": "Malware payload (RedLineStealer)", "value": "0527a51b574492945dcab01d30ab02a9", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647911144, "uuid": "67b26c07-6d02-470f-98ab-456de43bcda7", "comment": "Malware payload (RedLineStealer)", "value": "6691f4ac41d48fb05c0577bc07180863a99833357ca7bc14062ebcdaabf10f2d", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647911144, "uuid": "37ba9ba2-8e34-44d9-a943-e6fbcd87c22d", "comment": "Malware payload (RedLineStealer)", "value": "9dd2010fa3ce1eff35f833a565e4a0cf1ec9edd4", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647911144, "uuid": "3ddcf247-b25c-44f3-808e-43250cae3109", "comment": "Malware payload (RedLineStealer)", "value": "acbbf09ecf94af7c1e0029ba058e30dd6f098870617d40ec1e6cbecd448a5d82788ccda33c2a3a0fec52a7ddb83f9c62", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647911144, "uuid": "33f6f87b-aa19-43d5-a805-9c76d2848dc6", "value": "T15705230BB594FD5AF3BA5276714510B86622F8406BDA2FBD77464A308D61CC23D723E3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647911144, "uuid": "f6738125-4526-434b-8c05-2a4cf95a569c", "value": "ab3cf00aa2687e172cbaa2e37d361697", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647911144, "uuid": "d69d52ab-237b-432c-b9e7-8028bbb1491c", "value": "24576:uPYepWSwkxbI8T5j4sWJEKbma6OrEwFASJOqJu:cFf4sgSa6s7FASJOqQ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647911144, "uuid": "552f95ee-8fbd-46ef-9064-77ca4fa3f891", "value": 805888, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647911144, "uuid": "f6997d16-9f62-4a56-9ac7-6f0d3c96bb58", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647911144, "uuid": "57e28afa-f3e7-4c0c-8236-2417092990a0", "value": "38788208.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "90d8bb6b-a9e0-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1647954250, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954250, "uuid": "6f71c353-09a3-4824-abf3-1e26c3202cf6", "comment": "Malware payload", "value": "94435f28e8a06a25e868c6f2ca51b7dc", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954250, "uuid": "24efd44e-dd97-42c3-a696-229b844a0756", "comment": "Malware payload", "value": "669567a7d4f40cdf85e35d38943294ddd51b762f82979d4bbe35e9ddf1ff9906", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954250, "uuid": "04a41927-cc58-4bbc-876f-c05529c2dcf9", "comment": "Malware payload", "value": "e27680ae3ed35c8830925d8f0a75c5740d3747d5", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954250, "uuid": "6a31cfaa-a9b8-4deb-ae5d-92ea52ab1647", "comment": "Malware payload", "value": "df46290ec4952689c27fd99e9f65d0b13d64eb9570335bb7b09d60fa857c988e16f04874f7aaf8b09a56427517740d1b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954250, "uuid": "7b061ea0-7543-46f7-8a1c-6fe0f99450ee", "value": "T1D474AA9D766472DFC85BD462DEA81DA8FB5074BB831B4213902716ADDE4C897CF180F2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954250, "uuid": "8026d00f-b0b5-408c-b47a-e8bf61c011c9", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954250, "uuid": "103851e6-062a-4b3c-aa46-5d8f71e64b78", "value": "6144:LUkZjUERG12b+2h2RQ//JY6FN6U1+0Ugi4zjt1j/LM+I7uDnM8QbW5iMFZmeBgeM:wSwEo12iz6//JY6F1Hi4/t1j/LM+I7uy", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647954250, "uuid": "96f7b118-4ec3-4b0f-974d-32e7eba02498", "value": 352256, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647954250, "uuid": "3965b052-dac1-4ae2-9cd6-f0c747c144ae", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954250, "uuid": "2a96a1a6-8d56-4d1c-ac13-10e740ca0e90", "value": "SecuriteInfo.com.Suspicious.Win32.Save.a.24001.21612", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1fd1d931-a9ea-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647958356, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958356, "uuid": "24d4a92c-f567-44b8-826d-702fb1abd8ae", "comment": "Malware payload (Heodo)", "value": "21208f051487e76dc70e72e40c73c32f", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958356, "uuid": "d74c63ba-960d-407a-87e1-5f3db7305fb5", "comment": "Malware payload (Heodo)", "value": "672e98abbf6c70a4737a4c831238c681c1b80296f6fb451bbdbdba4810bbf023", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958356, "uuid": "3df0b9a3-2704-4e08-b894-eadfc7eab921", "comment": "Malware payload (Heodo)", "value": "01107513bd142a485c9dcacd592110e63bdf0085", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958356, "uuid": "e32bf7b3-f1c4-4e3d-9058-4a85c1f7d9f6", "comment": "Malware payload (Heodo)", "value": "1780112dd3bbf5366a5f0a11df962557336f96544a2b17e8ac0a230a4595d66de9f4c263d29926d3ac89cf57e3f09ffa", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958356, "uuid": "12244c34-655a-4a9b-b5be-4c9f40aecb3d", "value": "T18E059C596B46C0F2C3B53CF0182A42B11D9AFAF2C7B7023B9E84167D9A70DC17768D5A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958356, "uuid": "674a9eca-bf60-4666-8b99-fa2c30c8d535", "value": "cd97bd977cef263c697f451ae2c47380", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958356, "uuid": "d8903b1f-ef09-4f1a-8423-eb7f7c5a9c34", "value": "12288:V20BXOMcVzpWfmmnDDGX5P8fMYsvFE6NKGfLjx8QvbxafqNPOd4jy:V9XOMc1KmmD6X6svFEDGloyNPOO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647958356, "uuid": "1ab2c220-1178-46a9-a5c1-1fc1ecc888b1", "value": 799232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647958356, "uuid": "5a9c3b16-05dd-4509-a7e3-af53ea0f7b03", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958356, "uuid": "a416b134-d6e0-4dc3-9ca8-f5ccbba190c9", "value": "672e98abbf6c70a4737a4c831238c681c1b80296f6fb451bbdbdba4810bbf023", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "92972e00-aa06-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1647970574, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647970574, "uuid": "f8f1def4-e942-499e-9525-9c57317f58ba", "comment": "Malware payload (Mirai)", "value": "f2d4949a779533ac7932371579e7a674", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647970574, "uuid": "e5c38aa1-7fe1-4320-88f7-8aad2f72772b", "comment": "Malware payload (Mirai)", "value": "6763411c2a54f51b928f723ab9ffa31eae597ee1307ea54df1c61f102fb5cb03", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647970574, "uuid": "43a34793-f2bc-4f5d-84a6-ddcfe3accd5b", "comment": "Malware payload (Mirai)", "value": "a0afed6232cd5f94ea2979d6a0239c4c27ece1cc", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647970574, "uuid": "113ca275-807c-4d05-8085-17af55cafd88", "comment": "Malware payload (Mirai)", "value": "0553c3fab74c99ee742e63bde6c9651963aa165e2ba962627bed151a87da5f3f39b79e3e30461f53886568bb34f32557", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647970574, "uuid": "ef858dc1-7850-43c3-b66a-b4c27a19a0d6", "value": "T11BD2E090B6979A25FDB02DF488770247F36B3A7D92E737D5330049CD6945386326891A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647970574, "uuid": "41555f1b-36de-4aa9-b359-6b893fb8ea59", "value": "768:6LR7p/tVSsffvaal6dhBP1bQ7jEinq3UIxz:6FLVDnvaalkhBPRQ7jeN", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647970574, "uuid": "6948ad3c-53d6-4d55-861d-6034b32b0365", "value": 29616, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647970574, "uuid": "6d12c0a5-5d11-4bef-ab66-53a3da4bacf2", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647970574, "uuid": "6bc2a49e-0bbf-4e1b-9c5a-16ba9df875c5", "value": "f2d4949a779533ac7932371579e7a674", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cdfccc30-a9e2-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647955212, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955212, "uuid": "c0497f95-baa8-4cee-8ad4-7ca7a501e8aa", "comment": "Malware payload (Heodo)", "value": "136cee96e297467b08794440714e291b", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955212, "uuid": "4b809edf-380b-4c5a-b813-7c6239d860b8", "comment": "Malware payload (Heodo)", "value": "67b9f391bfe93ad0ff509ad5a37dbadec0626bd90e6661314f6b287d2714d27e", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955212, "uuid": "1c4fea14-ec9e-4af9-8205-eb3943020cbf", "comment": "Malware payload (Heodo)", "value": "1366088683bc1091e35055cdb14718d4398678fe", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955212, "uuid": "1e4d3550-f300-4222-ac16-9bdee74139ca", "comment": "Malware payload (Heodo)", "value": "7d9fcaf5875919485e795012010ccfb9859f6c6393244622eabf8015cdfd87011a14168341c9033f5af26660344b0161", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955212, "uuid": "c123b618-cfdc-47ab-aeb5-7f3910e43234", "value": "T146D41950735AE1B7D0429CB58D1A82B5A90F6CA14A2471F3BBDE371DEB789B017213CB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955212, "uuid": "88d29b00-e213-49db-841f-4a9f636a3cca", "value": "463401f61c44b0d918f1e23374db995b", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955212, "uuid": "770aebe8-3688-496a-b364-63af85c553c2", "value": "12288:DjN/Z2wkRrA9CRDCiElAjHDsndSyHOrNvEP0Oua:dEHR+CR+yfsMyHOpJL", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647955212, "uuid": "c99b4b3d-e71c-4197-ad9b-51f8b23eb83e", "value": 613888, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647955212, "uuid": "0aa335f8-70b5-42c2-a7d8-118de28238c3", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955212, "uuid": "e5677fb1-7011-41ee-a309-aba3237fb7b3", "value": "67b9f391bfe93ad0ff509ad5a37dbadec0626bd90e6661314f6b287d2714d27e", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "83f8b2a3-a9e1-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647954658, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954658, "uuid": "d4862df2-33a0-4270-a12c-7fb48d6e8d8d", "comment": "Malware payload (Heodo)", "value": "0b472cf9909ae60b8cf4a96eaa3ac263", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954658, "uuid": "4b7e2b05-d4ab-42e5-b80c-d9131033fa5e", "comment": "Malware payload (Heodo)", "value": "6844d7e60d76e5e95d163e28d540e1d527b8ac833801cf18e4da9e138a2b80ce", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954658, "uuid": "6dc2216a-e526-4ac3-9684-835d00857ec3", "comment": "Malware payload (Heodo)", "value": "18ad0ffe032f5668d7afd1d96365d05e7e89307e", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954658, "uuid": "eb46ad13-6b90-4e3d-9dcb-3d32fecd4e91", "comment": "Malware payload (Heodo)", "value": "215e2592b09ea5bdb3729507a62cc3602ebd4670003c9fe3018dab267996e00c0a344bbdc9c43b28acd86fe365de8ca8", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954658, "uuid": "14fcb7cc-f30a-4059-96e2-cf13ac573ce1", "value": "T104B46B992251F077D11B503D0BCC2AAD7EEB88F09A6DF27FD2A3558D0F31190A62D993", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954658, "uuid": "d0b683e4-792b-432c-b2e2-6401529d7f73", "value": "42fe0d732d1bb90c6a7a1bcfb8ef88aa", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954658, "uuid": "a370947c-addb-494a-b00a-2e870ce55a91", "value": "6144:cH4C1DzgG1GCQw2HOOnPE10JQNqqtvrC4cHV9jp6YagzSAIVCL4Ry:cYC14G1GUgOOs14Qkqtm1xpdIVCLqy", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647954658, "uuid": "6d4dcfd0-9b66-4bda-a234-15429ae261d1", "value": 528384, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647954658, "uuid": "763f5f75-97c7-4d6a-b3fc-145546e72bc0", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954658, "uuid": "46d0b1c4-fa29-413c-9e2a-9f04ff3cd22a", "value": "6844d7e60d76e5e95d163e28d540e1d527b8ac833801cf18e4da9e138a2b80ce", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "084d1025-aa15-11ec-9275-42010a9c0029", "comment": "Malware payload (CoinMiner.XMRig)", "timestamp": 1647976785, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647976785, "uuid": "f9efbfd7-eda6-4cef-af74-1a21a762d2cb", "comment": "Malware payload (CoinMiner.XMRig)", "value": "a58c21d9d6fed2c3600f29e67f48e7ce", "object_relation": "md5", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "CoinMiner.XMRig", "colour": "#C10C3E", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "XMRIG", "colour": "#0EAB84", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647976785, "uuid": "70d1b82a-91aa-4c35-a7ab-72382e7b5615", "comment": "Malware payload (CoinMiner.XMRig)", "value": "686b74c3a2d41cfde96c2b3bd0a67d600bf03ad097b1344c940b67c173df654e", "object_relation": "sha256", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "CoinMiner.XMRig", "colour": "#C10C3E", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "XMRIG", "colour": "#0EAB84", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647976785, "uuid": "968d9df4-2a46-4178-8d1f-473328ddbac8", "comment": "Malware payload (CoinMiner.XMRig)", "value": "f64353e4640548cc07fb09445d31aa9bf7647711", "object_relation": "sha1", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "CoinMiner.XMRig", "colour": "#C10C3E", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "XMRIG", "colour": "#0EAB84", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647976785, "uuid": "43cf5463-5c1b-4357-b632-1fac450d4a74", "comment": "Malware payload (CoinMiner.XMRig)", "value": "3634a4b64784c8a0d2631e1298016e77f87e77d8b21d8aadba2aa74809c8238e7606526a0a8fb00416e6697a46c08f10", "object_relation": "sha3-384", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "CoinMiner.XMRig", "colour": "#C10C3E", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "XMRIG", "colour": "#0EAB84", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647976785, "uuid": "e47a47a1-9346-4d5d-9513-9c57d4986152", "value": "T1B0C533F073F1683AE583307220947F7A27A4FB744F68A0E79741684EAD639C286755CE", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647976785, "uuid": "b8900c6e-9f82-42a2-a067-3495954da905", "value": "9c61e193ad83beb9c6707bb817822229", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647976785, "uuid": "0418c073-6311-4ef0-b9c4-7a0050a79ff7", "value": "49152:vNYksEMm0rjy7JQhURI25gNyCFiANxxZgFvQc5nQe03z58b5P3e9+rZ0wFO:vNiEMVrm7yhURI2qNZgFoc5p03ziPO9/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647976785, "uuid": "34f15c78-409d-49ce-a31b-34b947450038", "value": 2630744, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647976785, "uuid": "db03b43b-efc7-4db4-8b95-2c8fceb06554", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647976785, "uuid": "84c8b8db-c066-4107-8160-c2dd14a9b700", "value": "53299362.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8fe3b710-aa14-11ec-9275-42010a9c0029", "comment": "Malware payload (RedLineStealer)", "timestamp": 1647976583, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647976583, "uuid": "579a8e41-af3c-4b7c-9baf-787fdf64602e", "comment": "Malware payload (RedLineStealer)", "value": "4e399970ffa210b110b8ab05221e25a1", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647976583, "uuid": "fde3d2df-bebe-4d08-b8a3-07ba5c50e02a", "comment": "Malware payload (RedLineStealer)", "value": "6872357d27307ff838ed6d362e3f3beefd3d959ee97fd31be8d7dfa503fc9160", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647976583, "uuid": "c2e7f442-06de-4c7c-9a81-a7b8d30cd103", "comment": "Malware payload (RedLineStealer)", "value": "20518197412a08ecc4d2bbbd479dfc1cac52552d", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647976583, "uuid": "d2212699-f0b7-4bd3-be78-62b6e7509652", "comment": "Malware payload (RedLineStealer)", "value": "2101c217c7e075f7ff46746a7f4f15a67a38f0a601f47461eb0ad87b919e119d07d7f697171f3fa2be2f003f01aba5a3", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647976583, "uuid": "d5b3a1c5-a584-4034-ac3a-333b3727211b", "value": "T167363314C63EB649C3268D7E2E94E0586F1F920CCFCC784894BA936B3C14985BB556BF", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647976583, "uuid": "6917f9e3-f524-441a-ab52-6bd1acc55306", "value": "dfec469ff9e19f9df882decc3c09398f", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647976583, "uuid": "8a51f502-7786-4a7c-912b-9e6f5725fb5b", "value": "98304:GxMExNN6bYC1p5Kl3sJYk4EexE+x/9rgtxPt1CzzbFBZ6:GxDbKr5K6X+x/Kttt1eFBY", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647976583, "uuid": "04e0ea58-78a6-4d53-b166-b321959c8ae0", "value": 4867224, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647976583, "uuid": "eb44216f-2d76-4a3d-abf5-8717c0eaecee", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647976583, "uuid": "a24c43c5-9429-4a0e-a4d9-a5e011a7c694", "value": "51105798.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e16c12d7-a9e9-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647958251, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958251, "uuid": "17b7d7ea-acad-4615-8d0a-b30bc12cdcc8", "comment": "Malware payload (Heodo)", "value": "686489f735281e07cb7630059c59bbe1", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958251, "uuid": "f7bfd786-31b0-40a7-afbb-06b1e247ac1e", "comment": "Malware payload (Heodo)", "value": "68b0e6778606bbf301029ae058a766a0a774f1b71fd48ea105a4735fc46ef67d", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958251, "uuid": "996764bb-668e-484a-a4b6-98bc51a6c854", "comment": "Malware payload (Heodo)", "value": "6b334ee13ae3628345ba1758ccb8ac6a4cfb74de", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958251, "uuid": "eae7bf4e-dedf-4ccd-8379-b20b878f3ab8", "comment": "Malware payload (Heodo)", "value": "b7c9a29be2955f79141f56455e728e5cce21407f83b2636339dbbf00789f4d9e221ca802adab631b962a510bfb6a4024", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958251, "uuid": "1a5011e8-8e19-446c-a02c-ce4bd9effa9f", "value": "T1FF059C596B46C0F2C3B53CF0182A42B11D9AFAF2C7B7023B9E84167D9A70DC17768D5A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958251, "uuid": "12ad7d8b-d089-42c4-b745-7068cf2dc087", "value": "cd97bd977cef263c697f451ae2c47380", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958251, "uuid": "f72c4b70-923e-4000-b3ef-1a03ade12ea9", "value": "12288:V20BXOMcVzpWfmmnDDwX5P8fMYsvFE6NKGfLjx8QvbxafqNPOd4jy:V9XOMc1KmmDUX6svFEDGloyNPOO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647958251, "uuid": "f61761eb-38cc-412e-abe1-a21623e9973c", "value": 799232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647958251, "uuid": "e5e674f9-514b-47ed-8d7c-50f5e7d11c45", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958251, "uuid": "8d502e11-9118-4b61-b52a-8a5d24c37894", "value": "68b0e6778606bbf301029ae058a766a0a774f1b71fd48ea105a4735fc46ef67d", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "602072cf-aa04-11ec-9275-42010a9c0029", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1647969631, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647969631, "uuid": "eaedb238-d965-4d11-bd04-141059c1682e", "comment": "Malware payload (SnakeKeylogger)", "value": "5287aa66ec6677a12a8198b530b3c631", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647969631, "uuid": "df881cde-e8f6-4e23-adfe-52767043687a", "comment": "Malware payload (SnakeKeylogger)", "value": "68b6c64eca3cf292f3e1c93ecbcdbd62290676086ac923128eee16bbbe835712", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647969631, "uuid": "3105c3a1-7331-4774-a9f2-396a535a9aa1", "comment": "Malware payload (SnakeKeylogger)", "value": "eb8a6010984b4c8f7086df1e07f11d26041366e6", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647969631, "uuid": "6815958c-473e-46f0-87f6-cb4de0268e6a", "comment": "Malware payload (SnakeKeylogger)", "value": "695f5c38ea2ae6097fffc15dcc6ef99c738fb6b5d49750ac593f33ff6de628fbeed97f305478cd3d62e5737bf0973b4c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647969631, "uuid": "28ff90e7-2f8b-4d2b-a1ba-b89fb67afaa0", "value": "T1A5F4C6AD315472EFC867C0728EA82C64FA5074FB630B4D07A45717999D0E887EFA44BE", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647969631, "uuid": "34c23cd6-828c-4dd6-ae52-5dc1b244267e", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647969631, "uuid": "7eebd996-c855-4a63-b71c-d7c8b7fdd63a", "value": "12288:5fTPHc1QvZXZmPy2ob3nZ1nOKJ4AZpiWPNRClIzjP/g76yuz4quFtcjsw+hcGonM:5bPHcqZcHwRqt27geW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647969631, "uuid": "2f0aec8a-93c3-4187-959e-835c480a4bed", "value": 787456, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647969631, "uuid": "bcf54b7b-2127-4eef-9a62-256f4ea5f4d7", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647969631, "uuid": "67c71f20-eaa2-4207-a0de-180a9b9e0d3b", "value": "order.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9749d3b8-a9ed-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647959845, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959845, "uuid": "b5ad9cde-b63c-473d-a74f-5f6d0b1fea33", "comment": "Malware payload (Heodo)", "value": "97317bdb5a25a41eb23d7bc014a8ca20", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959845, "uuid": "111cfe79-15e5-4866-89a5-1e09c9412430", "comment": "Malware payload (Heodo)", "value": "68cd1ac83ab3eff516f4a75296f7886b6c5a1ea3762667a95fa875cedc02084d", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959845, "uuid": "22840578-8ae9-4371-99bf-e2c406a835aa", "comment": "Malware payload (Heodo)", "value": "e31ab00de3f29fce04d83bbf5b6716a53517779a", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959845, "uuid": "07169d15-0e3c-4e08-9d50-498012e6707a", "comment": "Malware payload (Heodo)", "value": "7489c313e8e2624d175a6b783fe8adf35828b31c8f4472290a82e558d829bcc47f712a05df751fdb4a5be960c51a9d16", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959845, "uuid": "7984e13a-0bb6-420a-9f7d-caabeff0322d", "value": "T1E3B4194F1E989172F0CF28776C22FB65F1EBB8009319B8116EA81B4CFB25B715961D4E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959845, "uuid": "c592d824-1de2-48bb-94d3-5321f79e4b0c", "value": "ea66334e3c2bfce2838f2a75dde8dc63", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959845, "uuid": "538afe4e-2734-42cb-a9e6-4807707df0c2", "value": "6144:8JZToYE666spbEgoZhZO1t4I+rB7FNXtwN2B5mq8dbSNQ7dqNThMx:8v/goZoslF/wN2PmBzdqNTWx", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647959845, "uuid": "e16b2727-e222-4548-aec4-dbfcde241baf", "value": 516096, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647959845, "uuid": "543f4c19-afc9-4d76-9f75-911f9bc40a0e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959845, "uuid": "356263f3-f7ad-464b-86ea-29cad5845fb5", "value": "68cd1ac83ab3eff516f4a75296f7886b6c5a1ea3762667a95fa875cedc02084d", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9fb3c6c8-a9e3-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647955564, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955564, "uuid": "962d6991-a1cd-4978-9952-5c007faa3126", "comment": "Malware payload (Heodo)", "value": "64e57afd356380158616eccc041aae67", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955564, "uuid": "07d21fff-f6ee-42cf-b97d-4ca8671fd457", "comment": "Malware payload (Heodo)", "value": "6938502abe06642dae67c497c3b6de32ea95caead9e95951c57f567f8870feb1", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955564, "uuid": "2085203a-fc6a-4296-9c86-46bbb5b6e3ca", "comment": "Malware payload (Heodo)", "value": "550d9a1bbca7fd0c3c7dc95f8dde18b65fb4ed27", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955564, "uuid": "fee5e964-7abb-420f-b1e6-ae3b02cb5e0b", "comment": "Malware payload (Heodo)", "value": "408c2b7d2e5075dd13d7f78626745a35e3701e7155a60708ad1ed1cfbaf37337086a3ea81a86172269c5f3f4a5a90728", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955564, "uuid": "d16ec889-5ca2-4aec-9193-bc5c5686f747", "value": "T11ED46B03BFD3F0F6C12F0F394505D608989A7EC6A62A45A3539C6BAFED670138D36652", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955564, "uuid": "8a8087ff-2457-440a-aaa4-896e98833d36", "value": "987fe31a9a4cd6eac4ce656a05c3724c", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955564, "uuid": "c1b15e2c-fe23-43ce-a4f0-7d87644f4e57", "value": "12288:QXvRLpX4HMAus65ryxMxWXb6Sw5BxfmRgnI:Q/Rt4HMA+ryx2BlmeI", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647955564, "uuid": "d2c0036a-9861-4f2c-8e83-273cfba5c4ca", "value": 614400, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647955564, "uuid": "6d0768a3-2b9d-4e56-82f7-7aa204d46910", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955564, "uuid": "c9124e7e-546a-400b-b7e2-72b222e33d4c", "value": "6938502abe06642dae67c497c3b6de32ea95caead9e95951c57f567f8870feb1", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "107a1109-a9e8-11ec-9275-42010a9c0029", "comment": "Malware payload (AveMariaRAT)", "timestamp": 1647957471, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957471, "uuid": "ce47b7d7-3b23-4c91-b006-49ba6e7f925e", "comment": "Malware payload (AveMariaRAT)", "value": "e40ef678e92eade7fa59b8560b3e828e", "object_relation": "md5", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957471, "uuid": "dd141b68-0907-496b-8683-551c763c207c", "comment": "Malware payload (AveMariaRAT)", "value": "6a863b466c84d00ea02102cdc40d71f5f115439fb10982ee0ede1e4a3d7555ed", "object_relation": "sha256", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957471, "uuid": "e55c927a-470f-43a4-8703-4d2a22964ab3", "comment": "Malware payload (AveMariaRAT)", "value": "9ae7f5a551ea8fb7220facde3ccbb92482d5dffb", "object_relation": "sha1", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957471, "uuid": "bd0530c3-5a92-454a-9a03-0483c500c5d6", "comment": "Malware payload (AveMariaRAT)", "value": "3c4740cd81e14673fb4a2df011f1a7455a16ba8222da97560ed37460822e28402953d1eeda130bf37d8a17608f8e3d47", "object_relation": "sha3-384", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957471, "uuid": "d0a1d1c3-319d-4d4c-a02f-5d54f785dfc5", "value": "T1F435BE52B3DEC3A1CB269173FF2977416FBB38310630B8572F981D79A951172122DAA3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957471, "uuid": "a2978794-b0b8-4858-8c9d-eff0cdbea0c1", "value": "afcdf79be1557326c854b6e20cb900a7", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957471, "uuid": "604031dd-a1b6-4f26-88b0-88cb1837a84a", "value": "24576:uu6Jx3O0c+JY5UZ+XC0kGso/WaMIRAe3WYh:gI0c++OCvkGsUWaWYh", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647957471, "uuid": "7ae3bcd2-bdf8-4352-ba5c-994c1c3de818", "value": 1092128, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647957471, "uuid": "2940d5da-be35-4c98-9b57-ee098c282d21", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957471, "uuid": "31fd8d3f-4a3f-4a4b-a716-493681e1f184", "value": "6a863b466c84d00ea02102cdc40d71f5f115439fb10982ee0ede1e4a3d7555ed", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "62f213c9-a9ed-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647959757, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959757, "uuid": "d9f8709b-1fcb-4354-a6be-5fbe44d7852b", "comment": "Malware payload (Heodo)", "value": "0561d37a88fb645222fb9ec836fd79db", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959757, "uuid": "b4646edd-35de-42ec-9b8a-732a28bece89", "comment": "Malware payload (Heodo)", "value": "6aed1d01c00d0b7931da33b382d9b8d2b23847ec7d5ff89125c3da09612854e1", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959757, "uuid": "25626878-823a-4fb0-b324-5562f8c01abd", "comment": "Malware payload (Heodo)", "value": "5d7e356d052f76fd04711ca78bcad6d650351669", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959757, "uuid": "40f2f090-4faa-4167-989b-78416b319dc4", "comment": "Malware payload (Heodo)", "value": "a220b145d89e0c77ac2b3458a1cd14a96f32378878b6a26fd78b34ef3517181d6f230631d879b0937e0747b66f5dd63b", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959757, "uuid": "c4a7920a-e095-4320-a1e7-890322dfb1a8", "value": "T193B4194F1E989172F0CF28776C22FB65F1EBB8009319B8116EA81B4CFB25B715961D4E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959757, "uuid": "d8559bfe-3010-40a7-bfb6-c79da02dc7c6", "value": "ea66334e3c2bfce2838f2a75dde8dc63", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959757, "uuid": "bcbdf5a9-1643-4d71-8095-daf87951168e", "value": "6144:8JZToYE666spbEgoZhZO1tkI+rB7FNXtwN2B5mq8dbSNQ7dqNThMx:8v/goZoolF/wN2PmBzdqNTWx", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647959757, "uuid": "b6665908-ed91-4743-adc0-47384c75f931", "value": 516096, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647959757, "uuid": "aae3706a-42c1-4850-999d-fedd2f03fa3a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959757, "uuid": "2ef8ce9a-63b8-4428-92e5-9c3a2047d34e", "value": "6aed1d01c00d0b7931da33b382d9b8d2b23847ec7d5ff89125c3da09612854e1", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "63ece4d8-a9e4-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647955893, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955893, "uuid": "fffd7231-8b85-4eca-bafb-37b0e9c365ad", "comment": "Malware payload (Heodo)", "value": "38ff30d50eaa55aa54ba0c51744fbf30", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955893, "uuid": "dae34c30-0bfd-446f-9a71-9c2f184f3063", "comment": "Malware payload (Heodo)", "value": "6b1bd28863e254dc38149a45f8c7b5afabd31492d3ceef673ad61f37a6085418", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955893, "uuid": "8914e595-ff8b-48f7-a64a-a8d432c00ac3", "comment": "Malware payload (Heodo)", "value": "011fffebb09b822423967a5a550b52d68ab33c30", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955893, "uuid": "50e4e5ee-ea3c-4222-bb34-f3e1672a0539", "comment": "Malware payload (Heodo)", "value": "198a6fe841a2ccc8e3892082bcd604f3f902cc518e607ecba2892e4d4d814b2d23a55a20428ce03666e1c31e97df6bff", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955893, "uuid": "ef9732cd-1224-4742-9175-d33e7734a1a9", "value": "T15FD41B017498F0B3E38918B04A858AFB724B5DB296117073F2ED378CA7725F15CE766A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955893, "uuid": "ef3daddb-4089-4adf-b038-5ab0a3b492ad", "value": "b193e4975b360aaa9ff34a6f93823ae8", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955893, "uuid": "1465e889-e3d3-4a8a-bb80-063c05d9dccb", "value": "12288:pao0Se86lloPxHHVVIjqxEqRVoQmiIII999tLLLdAkkJoFLZZWbClgluPcRBATfn:AqxETMJ777u3OmONFqNJtN1v96TOAnz2", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647955893, "uuid": "315e8674-41dd-4d3d-84fb-6fce7b3287ca", "value": 638976, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647955893, "uuid": "bdc83d7c-c021-42d1-a676-e2219fa69779", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955893, "uuid": "4db462ee-4dfa-4834-aace-fc4b1797d854", "value": "6b1bd28863e254dc38149a45f8c7b5afabd31492d3ceef673ad61f37a6085418", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "eb2ea993-aa14-11ec-9275-42010a9c0029", "comment": "Malware payload (PhoenixStealer)", "timestamp": 1647976736, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647976736, "uuid": "c48b3e37-8b5e-482b-8e4b-602ae34e7895", "comment": "Malware payload (PhoenixStealer)", "value": "cab000059d249508c491d28e0fecc84e", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "PhoenixStealer", "colour": "#803CA9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647976736, "uuid": "08fd68ec-b16d-472a-a7a5-0b3177e49819", "comment": "Malware payload (PhoenixStealer)", "value": "6b3260201ea9fb85f2374c809140463ae0e47398c1c8a0c07e54724f82a34c71", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "PhoenixStealer", "colour": "#803CA9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647976736, "uuid": "ed6cf36b-4df5-4315-abcf-4eb582e5e49b", "comment": "Malware payload (PhoenixStealer)", "value": "12ab2f870432381662ca2c3390026b585a3a3422", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "PhoenixStealer", "colour": "#803CA9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647976736, "uuid": "1b5fe36e-7af8-48aa-9281-29dbe1982778", "comment": "Malware payload (PhoenixStealer)", "value": "33a6ded08d0e72e833231accd77e078ace019599c3ded3671f262cad742240ee36a51b5071f1b4bd7dbf21af6705390c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "PhoenixStealer", "colour": "#803CA9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647976736, "uuid": "cdfc396c-e2c5-45c4-be00-f684925d55d7", "value": "T17835330664F8B81CC44F76B1789AF65C0A0B3694F6D16BAF739AC3C2460F5C95127BB8", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647976736, "uuid": "22df3c91-b6e0-40ed-9185-b4487d5804e8", "value": "445554923421947cbff896012e27345a", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647976736, "uuid": "7438eb81-144d-4007-a16e-d11d3bf60c7a", "value": "24576:YUP6I3u+NR+MhooPKywTqPaW0Avw/qMviuuw19VZ1kEaHNYK3v7oy3NVzLa:Ya6I3nNR+MhfL9OAoiM1usNaxU6NVa", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647976736, "uuid": "11ccb01c-0bdd-4e3e-9a2b-e2c86843df0a", "value": 1136792, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647976736, "uuid": "2d520d2f-de8b-4cef-b1a2-290d6b6b438f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647976736, "uuid": "0950b3e7-c70e-4d9b-8a16-2b31d44d43ae", "value": "52768773.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "05eeecd0-a9e4-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647955735, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955735, "uuid": "3e1e0fc4-cb5d-4ff0-b7f1-7b6103be0277", "comment": "Malware payload (Heodo)", "value": "0114d72886d034bd9c0c7b5452c4f334", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955735, "uuid": "7a727bee-664d-4a4e-9bee-db797185234d", "comment": "Malware payload (Heodo)", "value": "6b5347bb4eb4468ca24a9ed9422798623418452f4742fc00c9208dc758335dea", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955735, "uuid": "ea844ac7-2a2c-4eec-b696-b6b6c473de05", "comment": "Malware payload (Heodo)", "value": "6b5c545188bc371483b445a4d170b6b431e6ee32", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955735, "uuid": "dee05b5a-260c-4059-ab0d-d6aa78329d0e", "comment": "Malware payload (Heodo)", "value": "29fbde4a505d137c462d4bc079d44aff9867b08bb05126163b88daa792f25b4660abcb34e7cde85710379701f6f42427", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955735, "uuid": "c012c836-dbe8-423d-92a5-4954c16bc6ff", "value": "T1DBD41A30BD5BF0F8C48A1BF46A05CA59620B7EA05625B0A372EE774D6F321334D39796", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955735, "uuid": "d15142ea-2b6d-47bd-a9ad-e20117f336ad", "value": "b193e4975b360aaa9ff34a6f93823ae8", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955735, "uuid": "bee35ee3-1722-4ff8-a6e7-bde23e47e93a", "value": "12288:ZxpNJJJ2NHPoczJ+OtIhxf3foRXIa5EPwvA:Zx2gczJ+Ff3fnaFvA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647955735, "uuid": "84192cfa-6fe9-41ad-b12c-3096313e5eca", "value": 618496, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647955735, "uuid": "d3e395c0-81f5-4a37-a528-da2d680a6abb", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955735, "uuid": "4ad99164-5599-4673-8bed-7cde680ba401", "value": "6b5347bb4eb4468ca24a9ed9422798623418452f4742fc00c9208dc758335dea", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0353a759-a9e4-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647955731, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955731, "uuid": "2439a3c3-e730-4d36-a4b9-c567fdea5ff1", "comment": "Malware payload (Heodo)", "value": "09fa3566a0060b76472221f2b12042f2", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955731, "uuid": "61741a48-5ebd-4944-b788-e419b66fa504", "comment": "Malware payload (Heodo)", "value": "6b612f7d8178d85c1fc34638920d3cc2b99b7b0502e33f25649297552106ed85", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955731, "uuid": "cd2a8dfd-66b7-41ec-a448-421f64ed4e3e", "comment": "Malware payload (Heodo)", "value": "afeb6257b8e2076d508fc5757d1daa5d9eb7b4ea", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955731, "uuid": "56f8b276-1a2b-4f69-9d00-e17ec6915c17", "comment": "Malware payload (Heodo)", "value": "35e93b20db3811f5b211b65e7d63adf299344cdda64cf0aa627709d3ebddcd51b9ee4c375c139bc57b44b97903c85a4f", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955731, "uuid": "70d7eb5f-dade-4a88-8ee6-b72306b0b4f6", "value": "T111D41A30BD5BF0F8C48A1BF46A05CA59620B7EA05625B0A372EE774D6F321334D39796", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955731, "uuid": "8aa4e2f9-35b0-4a90-934f-6be9a7016182", "value": "b193e4975b360aaa9ff34a6f93823ae8", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955731, "uuid": "192aad7b-25e8-4381-a59c-d8860acb2ba2", "value": "12288:ZxpNJJJ2NHPoczJMOtIhxf3foRXIa5EPwvA:Zx2gczJMFf3fnaFvA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647955731, "uuid": "d9f66182-8c37-476d-82ee-fdb227ca19b9", "value": 618496, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647955731, "uuid": "01fb7900-fdc4-4556-b277-954c51d807f8", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955731, "uuid": "231a72be-51b2-4835-9e28-ab97a630465f", "value": "6b612f7d8178d85c1fc34638920d3cc2b99b7b0502e33f25649297552106ed85", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "45e915cc-a9e9-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647957990, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957990, "uuid": "01e32d85-7f99-4ecb-8e33-546466e781e1", "comment": "Malware payload (Heodo)", "value": "9c27c3d64993a86655a068e784f522a4", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957990, "uuid": "8f66e217-2d73-4c71-a8ed-072e727c0171", "comment": "Malware payload (Heodo)", "value": "6bc4f0112f0de545847f29218dcff832c97c917ebab277f5e129e4e4b03eba70", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957990, "uuid": "59540734-d278-46af-9658-8b02165e8a3a", "comment": "Malware payload (Heodo)", "value": "56d5d7e3817f3f1f9c60d528d11bbb098c868af2", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957990, "uuid": "4195241b-fa41-4b11-bb5b-b4c687c3aedf", "comment": "Malware payload (Heodo)", "value": "65b39c02088b9d4573098020ad78a657bb19bb2c0f369486268ed31041e45dea03ca6e1d98fc62ccc97fb199c2353b0e", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957990, "uuid": "cf3ad105-5164-4176-b0d9-3185adc6f6aa", "value": "T181059C596B46C0F2C3B53CF0182A42B11D9AFAF2C7B7023B9E84167D9A70DC17768D5A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957990, "uuid": "e8082e15-c973-4758-b202-12ddb916033c", "value": "cd97bd977cef263c697f451ae2c47380", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957990, "uuid": "8bb31ee3-4eb5-446f-9619-b59dc04e360c", "value": "12288:V20BXOMcVzpWfmmnDDsX5P8fMYsvFE6NKGfLjx8QvbxafqNPOd4jy:V9XOMc1KmmDQX6svFEDGloyNPOO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647957990, "uuid": "454c84ba-c167-4768-9e36-00746ff1af18", "value": 799232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647957990, "uuid": "29e98b7e-c8ba-4b1c-816e-2e404141029f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957990, "uuid": "3b166fe9-2872-436b-bc22-2903ff13a979", "value": "6bc4f0112f0de545847f29218dcff832c97c917ebab277f5e129e4e4b03eba70", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3c9aef40-a9ed-11ec-9275-42010a9c0029", "comment": "Malware payload (HawkEye)", "timestamp": 1647959693, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959693, "uuid": "47137200-6e57-426b-b7c1-96839b02c06a", "comment": "Malware payload (HawkEye)", "value": "48d4d71b8425a1b2c6e338581eaa1a57", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "HawkEye", "colour": "#E7159A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959693, "uuid": "35fc2856-690c-40ba-82f5-43bea179184f", "comment": "Malware payload (HawkEye)", "value": "6be42b803f6df9a6520608ac4b4c91437ccf640c42c37650e83f864ceb48950b", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "HawkEye", "colour": "#E7159A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959693, "uuid": "7b6f04c4-80d3-44a5-a858-539827bfb9a9", "comment": "Malware payload (HawkEye)", "value": "2eccb47306a0251a8767f80085c132807d24114e", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "HawkEye", "colour": "#E7159A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959693, "uuid": "de1edd19-e977-42f1-8700-f38ef4e5c8c5", "comment": "Malware payload (HawkEye)", "value": "3e012ff37106bb645988b349e5b3eb888b95a295b873eb48c4f29b97aa36e3d50ebd43bfbc1ee3fb79a03e316c1c258f", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "HawkEye", "colour": "#E7159A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959693, "uuid": "2da9e022-1a83-4977-ba6a-6ef89778aac8", "value": "T147B49D03B3D14436D4BF0631677757729BBABE301636C91B87E818896E72291BA37387", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959693, "uuid": "57e246d6-7ac3-4d55-997b-e42e5867834e", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959693, "uuid": "570bdb79-c18c-4f8f-827d-bdef0bbeb5e0", "value": "6144:Kuuq8GXgbS/QTjhUqBfxrwEnuNcSsm7IoYGW0VvBXCAt6kihwE+VDpJYWmlwnx93:RXgQtqB5urTIoYWBQk1E+VF9mOx9ei", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647959693, "uuid": "3155faaa-460b-4d3c-8c03-b45d90328ded", "value": 534528, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647959693, "uuid": "725128cf-2353-49f2-a886-58682539170e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959693, "uuid": "890c171a-62a7-4bba-9c4c-5b478af535ce", "value": "6be42b803f6df9a6520608ac4b4c91437ccf640c42c37650e83f864ceb48950b", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "675600f9-a9e4-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647955899, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955899, "uuid": "71920c0c-d9bb-4155-9743-3e9716f17b75", "comment": "Malware payload (Heodo)", "value": "2d5e072e67bf8925223e54b55afbe576", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955899, "uuid": "b2d71d40-606b-483a-8814-62320d6b3b85", "comment": "Malware payload (Heodo)", "value": "6be6436fa8afc02f55720caa55c36a068e81e42e7f25efc5abf8d6f8ebd7ad07", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955899, "uuid": "07bda357-73d9-4882-aa58-253888919160", "comment": "Malware payload (Heodo)", "value": "c3cbafbd95faf12d0345b302bfa9493a7dca75b7", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955899, "uuid": "745365be-b54a-41f7-aa38-7935ce905447", "comment": "Malware payload (Heodo)", "value": "b7ffad9cf3a42a12bae0cd5adc406eb1ac62f759072972dbb33c5dd9e88a3fbea2344b4664b9d57dec4b54a5ee791d9d", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955899, "uuid": "b7e4249e-f5ae-4586-8b8d-3c2c2d00e1e1", "value": "T156D41B017498F0B3E38918B04A858AFB724B5DB296117073F2ED378CA7725F15CE766A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955899, "uuid": "9a329352-0960-4fe9-9939-511d67c931fe", "value": "b193e4975b360aaa9ff34a6f93823ae8", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955899, "uuid": "4b0634cd-6102-470f-af0f-e88721d97297", "value": "12288:pao0Se86lloPxHHVVIjqxEqRVoQmiIII999tLLLdAkkJoFLZZWbClgluPcRBATfr:AqxETMJ777u3OmONFqNJtN1v96TOAnb2", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647955899, "uuid": "803cae79-4e60-4311-90c6-ef10111d44ff", "value": 638976, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647955899, "uuid": "2fab2a45-004e-4cdb-837b-ccda82f6c612", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955899, "uuid": "cfc60f1f-41db-4bf0-921d-db30bc0ced33", "value": "6be6436fa8afc02f55720caa55c36a068e81e42e7f25efc5abf8d6f8ebd7ad07", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6941e03c-aa04-11ec-9275-42010a9c0029", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1647969646, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647969646, "uuid": "a9dc6079-6688-4cef-8aab-90e3589d6cc6", "comment": "Malware payload (SnakeKeylogger)", "value": "324359fd82e0fcdc58f6bf2931cc64b2", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647969646, "uuid": "8d8e7503-33aa-4f38-a33a-3a7f88ef8d3d", "comment": "Malware payload (SnakeKeylogger)", "value": "6c3ad75937b09b9f179f66291ba63694f740794f8f0b6c34c52567dc3319ea43", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647969646, "uuid": "aea8e71a-4dca-4129-8ca4-30a6591f54e1", "comment": "Malware payload (SnakeKeylogger)", "value": "96a105948e081277b1285a5cc95914173c7fff08", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647969646, "uuid": "4a54cc5c-afde-4410-9c4c-0c24ea2131b3", "comment": "Malware payload (SnakeKeylogger)", "value": "d34076d88cab3a601d2aa096fab544aad454a311c3a8ac7531991bd3326dac69752eb169ba088e49fd4079f925f13e31", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647969646, "uuid": "c59bd9cf-db6d-4f89-876e-fa6cd9f95c8a", "value": "T190B501E831BB6CFDC03B8AF1F8507DB55D903F19C306C17690331499A9EDB66AA341A6", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647969646, "uuid": "4af43852-0c8c-457e-b531-1e1cdbaa1d22", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647969646, "uuid": "119825f4-5aea-483a-9b91-094514968b0e", "value": "49152:sii+W2EXj+RkDyLT96wgZ9soiypED4NTF2/vP5LYo:sH2EXYSocPsoSD4NTF2/5T", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647969646, "uuid": "f1d968ad-7cb7-42fa-b4f1-2513bd01e606", "value": 2353664, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647969646, "uuid": "39484009-093c-46a7-be8b-21d33c7893dd", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647969646, "uuid": "f79918ca-5871-4317-b8d4-dfbf56f9ee64", "value": "Purchase Order 9360342 xls .exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "49048878-a9e9-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647957995, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957995, "uuid": "48481dc1-c365-4de7-9f60-58a4421535c1", "comment": "Malware payload (Heodo)", "value": "f46c86bfff853dd30dce045862a9e3a8", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957995, "uuid": "fba98b48-c1af-4509-b0d4-2a7a922e154c", "comment": "Malware payload (Heodo)", "value": "6c9686028da16580808b7bdb5a38d0a7184f1e4c16e306146fb935358a682a93", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957995, "uuid": "8f0f07fa-2930-4c9f-a034-451e613fbc93", "comment": "Malware payload (Heodo)", "value": "26211165d3476bfbc79b383c52daec1f4cb33633", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957995, "uuid": "9129a818-8592-4f74-8514-2697dcff5c69", "comment": "Malware payload (Heodo)", "value": "5ef7b32ac09bd85269f335513f177aae3712c02ee394115cdbe5ea80617b4453cb8eb9469a0d394cf161ba6d354ebb93", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957995, "uuid": "a10c7899-bd3a-4372-88ed-482398c6e471", "value": "T169059C596B46C0F2C3B53CF0182A42B11D9AFAF2C7B7023B9E84167D9A70DC17768D5A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957995, "uuid": "0f400661-1b1b-48df-9af7-1e34bed0e059", "value": "cd97bd977cef263c697f451ae2c47380", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957995, "uuid": "aee4f7e3-166c-4f3c-b8ce-db0be3f22ee2", "value": "12288:V20BXOMcVzpWfmmnDDpX5P8fMYsvFE6NKGfLjx8QvbxafqNPOd4jy:V9XOMc1KmmD9X6svFEDGloyNPOO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647957995, "uuid": "50a6550d-2f68-426f-a9d5-13a1538752cd", "value": 799232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647957995, "uuid": "65b263d0-061c-43a3-9f2c-2485fdf79143", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957995, "uuid": "67b3d6f2-37b6-4589-8545-8dc27dea9e06", "value": "6c9686028da16580808b7bdb5a38d0a7184f1e4c16e306146fb935358a682a93", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4b3d014a-a9e9-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647957999, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957999, "uuid": "c8d5e58e-0365-4eb7-a26f-596a6cee6a73", "comment": "Malware payload (Heodo)", "value": "63b0855d6558273075942d22e3f49346", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957999, "uuid": "479b5e3a-9e2a-4f5d-94d9-57a4f26aeba3", "comment": "Malware payload (Heodo)", "value": "6ca96047b9cd699c71dabe132d48359cbe77ef9abd407f1d2552907ce9b998b5", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957999, "uuid": "559088e6-e2f0-434f-9ab9-1380e3252b56", "comment": "Malware payload (Heodo)", "value": "925d58cb4e820398279cb5e3cf501682553b0b76", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647957999, "uuid": "8f407a06-32eb-472f-86dc-6eec250a0e7b", "comment": "Malware payload (Heodo)", "value": "88f57055c96e0cb51c51bcf520d605778938b6da05e8909ea6061203e07c546f35a4ab7482eef5849287cc690c1ee946", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957999, "uuid": "4495e135-0924-49b8-886f-33d87fa10d25", "value": "T19B059C596B46C0F2C3B53CF0182A42B11D9AFAF2C7B7023B9E84167D9A70DC17768D5A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957999, "uuid": "83d97885-3518-4c18-ab79-a113ad9be73c", "value": "cd97bd977cef263c697f451ae2c47380", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957999, "uuid": "c0e823b8-78b3-45f9-bb2c-a69bb604c682", "value": "12288:V20BXOMcVzpWfmmnDDsX5P8fMYsvFE6NKGfLjx8QvbxafqNPOd4jy:V9XOMc1KmmDYX6svFEDGloyNPOO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647957999, "uuid": "7eb9dd18-5584-475a-9144-30d31b306be3", "value": 799232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647957999, "uuid": "76fe2a4c-3458-481f-b978-59cf46a69cf6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647957999, "uuid": "6a59bf1b-03d1-486f-8ab8-73276c74e798", "value": "6ca96047b9cd699c71dabe132d48359cbe77ef9abd407f1d2552907ce9b998b5", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "76bd0089-aa2d-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1647987278, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647987278, "uuid": "9df1ee00-00ff-4e12-84d9-a626a9c3915a", "comment": "Malware payload", "value": "7bf737b2aa00bff538854109cf7ae348", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647987278, "uuid": "126e0cd8-22bc-4a8c-953e-4abbf1c5373e", "comment": "Malware payload", "value": "6cbe906a0dbf76e0fe543041a11c756a225e04a064e26a2bd8f74d5ebeb50b4d", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647987278, "uuid": "363594ae-692e-4224-af69-9af97c22b2b3", "comment": "Malware payload", "value": "0c76cfc9ad77e5e16aa972bac7159fbc47c710ea", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647987278, "uuid": "1f95e40c-9824-4be4-9d76-c9bd98a8e041", "comment": "Malware payload", "value": "bd6de3ee28ae3470b71e8011c46d55ce320d2b0151a775e78517098d89a8b049b5c58df77983112d43016088015286d4", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647987278, "uuid": "1507dcd9-e299-499d-9549-cd28e0e2c5e0", "value": "T157055B3374C18EF5F03A533A44317F7A6397BAA05721CA9F16F3899D29F68829817247", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647987278, "uuid": "120826bd-956d-4557-9ca3-678e8d810a95", "value": "7be7abf9e13a5f5d55afab99418ceec4", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647987278, "uuid": "d2ee45f2-4ccf-470a-81c8-08496e41cf87", "value": "12288:Zal2M0pY+qQXOS1jMBVsrzhD2vIIvvX8DTC+K8YrA:ZaOY+4eMghSFvED2+K8YrA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647987278, "uuid": "d0d8eb19-50d1-4eca-be27-b173d1c1efb4", "value": 827392, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647987278, "uuid": "04e9d2d2-82bf-4204-8240-e6e592390131", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647987278, "uuid": "d0b6d3e5-a5ba-4994-b0ce-e7078d76aeea", "value": "7bf737b2aa00bff538854109cf7ae348", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4dd942d3-a9e9-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647958004, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958004, "uuid": "7ccbe87c-4da0-40b5-9340-d0f509bfa9f7", "comment": "Malware payload (Heodo)", "value": "b95ee2da32afb911453bbb0add908145", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958004, "uuid": "cfe98c05-9d51-4035-9f3f-02ce8daf431f", "comment": "Malware payload (Heodo)", "value": "6cd69063197cc40a05ad606cef1c6f7dec3e3f49b801783e13a1fa3aebcca106", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958004, "uuid": "3dd36305-c9aa-41cf-98ae-830b196a9e64", "comment": "Malware payload (Heodo)", "value": "c60512de196a35a9bf778b2f7c7a9a832761fcd2", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958004, "uuid": "f9e2cc50-7428-48ba-be13-dd05c35a8945", "comment": "Malware payload (Heodo)", "value": "8f7c5d09f44c9fe5a309899f0e625e05ad9d3b3e97f6973cad8814b9a0b76376a5df65fd81e48a182224163ff764ace1", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958004, "uuid": "3c5416fc-8133-4dda-8992-bcafc3bba149", "value": "T14E059C596B46C0F2C3B53CF0182A42B11D9AFAF2C7B7023B9E84167D9A70DC17768D5A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958004, "uuid": "e6f9abed-3d00-4715-ad60-5eabdb504f34", "value": "cd97bd977cef263c697f451ae2c47380", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958004, "uuid": "98b449f8-5eae-419a-b2ff-b765eedcb226", "value": "12288:V20BXOMcVzpWfmmnDDcX5P8fMYsvFE6NKGfLjx8QvbxafqNPOd4jy:V9XOMc1KmmDQX6svFEDGloyNPOO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647958004, "uuid": "b3ee79de-1e11-45b9-9904-b5a8efe1783b", "value": 799232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647958004, "uuid": "ab35a965-feec-42fa-bcf4-7083eb8deb32", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958004, "uuid": "597cf053-9e97-4a06-bb89-e86d9d3441db", "value": "6cd69063197cc40a05ad606cef1c6f7dec3e3f49b801783e13a1fa3aebcca106", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e2e6ca06-a97d-11ec-9275-42010a9c0029", "comment": "Malware payload (DCRat)", "timestamp": 1647911868, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647911868, "uuid": "1a3e9eba-0476-413a-accf-8281752e8c58", "comment": "Malware payload (DCRat)", "value": "b85e3be54d06cff5e2434ed0cec04cda", "object_relation": "md5", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647911868, "uuid": "ca4dab6e-af33-4336-ba98-1da381ad7b86", "comment": "Malware payload (DCRat)", "value": "6d154879d16396b4d4c6f7ccfa43d034696c35df6d910339ed36b318342b3cce", "object_relation": "sha256", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647911868, "uuid": "6d6c90f7-a58a-4bcc-82d6-60ee1a8ce6ee", "comment": "Malware payload (DCRat)", "value": "6cd6945c4153d5c7d485e83bb3f3673960e8add3", "object_relation": "sha1", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647911868, "uuid": "c74134ee-30f2-489b-98dc-2ff8c3c522e9", "comment": "Malware payload (DCRat)", "value": "efddbb4299324bce5a132fa398c203864f2bf379efb039d878e5ea85bba03c543293702c742b16589d60d22f2e64ef03", "object_relation": "sha3-384", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647911868, "uuid": "456a33dc-3e9b-472c-b2a5-3f52d5b63cce", "value": "T1EA0633396FA88F03FDDDC2B12D5E9502066F7988C102D2F8DB599CC5EBA560393642F4", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647911868, "uuid": "a83be1a3-6603-4365-9edb-2d7c513891fc", "value": "4328f7206db519cd4e82283211d98e83", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647911868, "uuid": "065626e2-9981-4c3e-8a07-714772447283", "value": "98304:OvtfZ/vpVrjs8z68WeGHSWeYuAU4mITOojld8EC5S20xZ9GKQbQd4ie:ofZ/vpV88zjW3HSNYTflM09e", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647911868, "uuid": "b666376b-658b-4611-be6c-33d2e3c3551b", "value": 3946004, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647911868, "uuid": "e03d5fa5-bec1-463a-883a-d51e341e89dc", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647911868, "uuid": "3ad1d93a-a972-4c2f-8b55-9d5918e697ad", "value": "42167868.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6e936812-aa0b-11ec-9275-42010a9c0029", "comment": "Malware payload (AgentTesla)", "timestamp": 1647972661, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647972661, "uuid": "397e8af9-6337-4555-928a-d7d62739d039", "comment": "Malware payload (AgentTesla)", "value": "b1a6e6b90b98bdc19220a85a3fbeb8ba", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647972661, "uuid": "ab5d237d-3f6c-4744-997b-4986f22eac15", "comment": "Malware payload (AgentTesla)", "value": "6d3fd7d60c6ab9bd423f7f797ec91ead76ee72dd7a90f05e54a65abd45c53be1", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647972661, "uuid": "db0bb95d-e9e6-48e2-bcbc-1e87868936cc", "comment": "Malware payload (AgentTesla)", "value": "98dfa8409c2a411b2cc2cecce7c3bd2fb1422a6c", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647972661, "uuid": "f5137792-f443-4036-bf27-24db0597e4b4", "comment": "Malware payload (AgentTesla)", "value": "db53750a6a5eedcddc55593b9ee83d98082623762604f0725cc2ed848afef14b2e1e14938cb6cce49c36ac62011512ec", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "VelvetSweatshop", "colour": "#07D017", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647972661, "uuid": "90b701e1-ff5b-41da-ac9d-7d004a4b5212", "value": "T10F0412213571F703E1996277C0B5A3B9E22D6C34A915EBB06C0CF2A441F89C6685DBFC", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647972661, "uuid": "e62bcac0-6bc0-42cb-9210-142de2135346", "value": "3072:whHQ02jpLYLX+dvPPVxQtxdNyeJWxHJvo76mr2N9b5n1Yn6jvkGHz8NA:8OjwX+vPdCXDTkxHJvK6w2N+cv3HINA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647972661, "uuid": "ea60080a-74e7-4d12-b7b4-2f32ed9f728b", "value": 187128, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647972661, "uuid": "a664a83b-bd61-4076-b0e9-49b3cf9e18e1", "value": "application/encrypted", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647972661, "uuid": "d749ed74-2a33-4d78-a1a7-5dbf64a92f82", "value": "Purchase Order and Item List.xlsx", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a42e82c2-a9e2-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647955142, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955142, "uuid": "8e4b519d-5791-4f87-8fcf-c9bbf91d764b", "comment": "Malware payload (Heodo)", "value": "a0cac116dd4a4c1a73b8494e8d0310cd", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955142, "uuid": "05c1064a-8da0-402e-9340-a6f03acc70ad", "comment": "Malware payload (Heodo)", "value": "6da6520908280faf10b1d8fcf609686861aac2fe74c9db26975200fb16db172f", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955142, "uuid": "b4f74471-f365-431f-8a93-2982a94f35dc", "comment": "Malware payload (Heodo)", "value": "bdf12bdbbba7791e05b370ef093a8e428a0a2d40", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955142, "uuid": "b398be90-d363-40b2-8fca-f94a4742d086", "comment": "Malware payload (Heodo)", "value": "7c2fa6eeda2d42cca9509b4f59579568e39636a4a05a9098a70ff8f4557a5562b94bf8b308af51f544caa85a7a62a862", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955142, "uuid": "e13eadde-9976-4678-96f0-38b67e41a3d8", "value": "T114D41950735AE1B7D0429CB58D1A82B5A90F6CA14A2471F3BBDE371DEB789B017213CB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955142, "uuid": "a8996bd7-5495-48ca-8b03-467c467dca51", "value": "463401f61c44b0d918f1e23374db995b", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955142, "uuid": "cee496ce-2184-41d1-8aee-ecabdd5e4e3e", "value": "12288:DjN/Z2wkRrA9CRDC2ElAjHDsndSyHOrNvEP0Oua:dEHR+CRKyfsMyHOpJL", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647955142, "uuid": "d33faa24-517d-477a-8734-a7a827010f02", "value": 613888, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647955142, "uuid": "24fefa67-d391-4fd2-a910-9e0519e379a6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955142, "uuid": "65e55bed-21d2-4713-b92b-af804398c327", "value": "6da6520908280faf10b1d8fcf609686861aac2fe74c9db26975200fb16db172f", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a6f06130-a9e2-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647955147, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955147, "uuid": "96c795ba-04cb-4336-8d1a-06b8460f81ea", "comment": "Malware payload (Heodo)", "value": "14dd01dc3489e325c542d274c2462208", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955147, "uuid": "1ba98e35-f740-46ce-9ecc-413f9977f07b", "comment": "Malware payload (Heodo)", "value": "6dd8b430a7127343db7e6cbb514f2c84aa7f95cede8fe512f76a9e32bc8c3024", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955147, "uuid": "ece44f26-b665-427e-a6aa-bfaf6d75db89", "comment": "Malware payload (Heodo)", "value": "3664c49e918e898614aa97d064fb28a8512c1feb", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955147, "uuid": "9ce69ed8-e9f8-4770-bf14-4cbb928a2f70", "comment": "Malware payload (Heodo)", "value": "32b832965116aa1f85702c5342f6d363a48f6b7287bb3542ffbd09df9fbbfbf98f6380879e3a31d130c22bb90b6b0dcf", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955147, "uuid": "5d60a6a7-8c91-4097-8249-1c5ad8f61363", "value": "T1ACD41950735AE1B7D0429CB58D1A82B5A90F6CA14A2471F3BBDE371DEB789B017213CB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955147, "uuid": "febb43b3-974e-4377-88b8-48758979f925", "value": "463401f61c44b0d918f1e23374db995b", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955147, "uuid": "fb10d245-2ab2-483e-9b17-d541ae7341cd", "value": "12288:DjN/Z2wkRrA9CRDCcElAjHDsndSyHOrNvEP0Oua:dEHR+CRoyfsMyHOpJL", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647955147, "uuid": "b6c0fddd-e119-4f8d-b6ba-5361d7096277", "value": 613888, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647955147, "uuid": "68b37852-4b44-4d4b-bccb-6fbd95f9201b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955147, "uuid": "f518c5d4-7f39-4d16-8948-17362493cc5d", "value": "6dd8b430a7127343db7e6cbb514f2c84aa7f95cede8fe512f76a9e32bc8c3024", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6ca33305-a981-11ec-9275-42010a9c0029", "comment": "Malware payload (AgentTesla)", "timestamp": 1647913388, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647913388, "uuid": "843ff2f0-031d-4b62-9631-ad092a3848a8", "comment": "Malware payload (AgentTesla)", "value": "e901a48fbab66994adabaf437146e515", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "lzh", "colour": "#4A0445", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647913388, "uuid": "d7b9605e-1772-4738-b035-c2f93ec20459", "comment": "Malware payload (AgentTesla)", "value": "6e0f734f4a19ab0c142d990a920d97c34c871297817c2f039b8cbcd94de9eeb5", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "lzh", "colour": "#4A0445", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647913388, "uuid": "82884899-10ff-42ac-b3aa-462184d7fb1e", "comment": "Malware payload (AgentTesla)", "value": "700c91dd430538b9a23fc980f0a61cfdf79993e6", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "lzh", "colour": "#4A0445", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647913388, "uuid": "e2da7fca-22de-497d-8809-0f8fb26bdc07", "comment": "Malware payload (AgentTesla)", "value": "e9702971d7d813e8fcaa7fedad2eade3d47bf6868807b8301aa63313d0ef86e0935b1e056b61708752878536741da601", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "lzh", "colour": "#4A0445", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647913388, "uuid": "3451c7ad-f969-4136-aaaf-f2a17c26ed60", "value": "T1782533D340F6E1D4E4733D39B7083273F9990B3688875136DA64B80BC2668DB72EE295", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647913388, "uuid": "a7801d19-c436-4996-8a18-a5d27c7d3bd5", "value": "24576:CFNsrMpvYNN9UxKQaCJyiN76OyE9/diY0I+EX4k:ENgMpgNN4zPd75ysdiYPHX4k", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647913388, "uuid": "d98b6f44-3ecc-413d-bd89-257f6d987824", "value": 1008379, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647913388, "uuid": "b46fc35f-6af1-4a13-8ee6-dd5812c0e9fe", "value": "application/x-lzh-compressed", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647913388, "uuid": "be654689-9c83-4af2-b366-acf1b2ebd9e3", "value": "INVIOCE.lzh", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "607437ec-aa1e-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1647980798, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647980798, "uuid": "82cd70f2-4db0-4c69-becf-34504d6fe797", "comment": "Malware payload", "value": "c2f3360a35fc6a542dcf930185ae5d35", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647980798, "uuid": "a8a12960-67cb-4ca1-976b-e67dc715e93f", "comment": "Malware payload", "value": "6e2283b89db423b2c1949bdb064464d8ccd7d0e062f38f2988158818d4b302dc", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647980798, "uuid": "7f703683-3a0e-42d7-9f1d-9afe9d6681f1", "comment": "Malware payload", "value": "9bf50eef8f21eb8a2cf1b3cbca4ae8d9c6733b06", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647980798, "uuid": "5458d36e-7702-4ceb-a7d9-4a4985624227", "comment": "Malware payload", "value": "afa3ff8e1717bd3cfbb151467ef28a3116e1489cbaf2d91fb9b070675077dc561c560e88987f4cb0d1b2686dca5b26ec", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647980798, "uuid": "f3701274-d91b-47dd-8ff1-205f2777269a", "value": "T172347D5973E40CB5ED738139C8534A46D6727C660671EA2F03A4425EDF2F391AA3EF22", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647980798, "uuid": "cc4fbf09-0665-4310-9534-93e0c423b872", "value": "02dc70c88790acc1ceed12b2a36b1081", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647980798, "uuid": "d958b971-8189-4fd7-a8e4-0b0e75eeb3af", "value": "3072:un+kBuD57rPSga2YyNevrpTLoSHbfpyWoyUNE10LpuCaLOoY46zVwaWnkcXJ1:ck5f6gatyNevrld7frRUq10fohvvXJ1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647980798, "uuid": "e38e9bcf-810f-4f72-b3d8-e9152d7415b8", "value": 239616, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647980798, "uuid": "fc3cb2b8-899e-42a7-81e2-332186f33683", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647980798, "uuid": "8f2639a6-a4ca-480f-858f-324c72c97c7e", "value": "Company-MZ.bin", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "51463868-a9e9-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647958009, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958009, "uuid": "eb61834e-24ef-4f4d-82be-637ffe367c6d", "comment": "Malware payload (Heodo)", "value": "369b7a22a20badad09459ed12d513110", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958009, "uuid": "9af7bca8-6e2e-4b35-b9a8-9b17d3ed02e9", "comment": "Malware payload (Heodo)", "value": "6e2b57a53f9d42b81a6a714eb0b885a5a204744f24fd91e8dc44c4383d915d67", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958009, "uuid": "eea86904-621b-410c-bf9c-77f13a1b42f6", "comment": "Malware payload (Heodo)", "value": "7c4ea707c3ba1592c9f4cde3ebc8d90d47a3dcb2", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958009, "uuid": "058f97bd-ea88-448c-a0af-7d9604ec5b61", "comment": "Malware payload (Heodo)", "value": "f483390212170046d8278f24925509561680e84cd14d4d8ef789b569ad7f644848a543f1c0eb215bda65e30dc1d7cded", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958009, "uuid": "922f2ba9-f1b7-4d57-b1bd-fc9b0655d31d", "value": "T104059C596B46C0F2C3B53CF0182A42B11D9AFAF2C7B7023B9E84167D9A70DC17768D5A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958009, "uuid": "10dfaadd-d1db-4949-a3f1-98283b75fa01", "value": "cd97bd977cef263c697f451ae2c47380", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958009, "uuid": "cba3bfcc-2ecc-42a8-b98f-f86a05c7fc09", "value": "12288:V20BXOMcVzpWfmmnDD3X5P8fMYsvFE6NKGfLjx8QvbxafqNPOd4jy:V9XOMc1KmmDDX6svFEDGloyNPOO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647958009, "uuid": "7a252623-441d-41eb-bc2d-5ee65a908301", "value": 799232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647958009, "uuid": "e7e512e2-be99-4a11-9d8c-09d214a42d6d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958009, "uuid": "3b81f645-a021-44a1-9ab2-8af046d6ddfc", "value": "6e2b57a53f9d42b81a6a714eb0b885a5a204744f24fd91e8dc44c4383d915d67", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a9d684d8-a9e2-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647955151, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955151, "uuid": "b5fd23c8-49a9-4814-a2e1-7d5730bf8a0d", "comment": "Malware payload (Heodo)", "value": "1197265f48e9c13a37a6779268e310cd", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955151, "uuid": "b05565f9-e6e2-4a54-ba12-2b586e79974c", "comment": "Malware payload (Heodo)", "value": "6e4b97ba9f2e635b52172145e42fe4994731179e9cdb459ac88354dda89013f8", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955151, "uuid": "f2c94563-c0b4-4879-8ea1-0208a1e79247", "comment": "Malware payload (Heodo)", "value": "daf1f67da7fd4b263f90b9e1de737db941cbc301", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955151, "uuid": "49a347f3-067a-420c-99b6-1839c45103ff", "comment": "Malware payload (Heodo)", "value": "328b74dc661707d3660e9673be50ef9c03ddf12cf80ba3b9987b8131a4bad8f0c2945bdef84a2d7d69fa7fb015158e14", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955151, "uuid": "0b46be6d-7f01-4784-a6e4-f7afba529f06", "value": "T1EBD41950735AE1B7D0429CB58D1A82B5A90F6CA14A2471F3BBDE371DEB789B017213CB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955151, "uuid": "fa19c273-fa96-4818-8ca8-5287809c5512", "value": "463401f61c44b0d918f1e23374db995b", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955151, "uuid": "14c813bd-2266-4595-89ef-824c13e51aab", "value": "12288:DjN/Z2wkRrA9CRDCMElAjHDsndSyHOrNvEP0Oua:dEHR+CRYyfsMyHOpJL", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647955151, "uuid": "65699888-2217-4200-adfb-4b5e6048a705", "value": 613888, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647955151, "uuid": "41644deb-6c89-4d49-a34a-a2414e8cdd0a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955151, "uuid": "4b95b701-fad3-472c-8403-fd021c7b0cda", "value": "6e4b97ba9f2e635b52172145e42fe4994731179e9cdb459ac88354dda89013f8", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5507a4fc-a9e1-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647954580, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954580, "uuid": "ceaf3020-5be1-49da-91ad-c2a21911d0c1", "comment": "Malware payload (Heodo)", "value": "6c7909fd4f41c8c163647a5c416aa4a3", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954580, "uuid": "5dfeff89-ab26-427e-8538-30198709fa3c", "comment": "Malware payload (Heodo)", "value": "6ebcfb53c55942865827ffe41b56da76b6070eda76d106fad2b93a6652eb712c", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954580, "uuid": "9b596d7e-0d62-4fd7-9193-44e9b96469ee", "comment": "Malware payload (Heodo)", "value": "9698ae0776b382c9b28c24c2b317e49d18583e9b", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647954580, "uuid": "27135999-ccdf-4e54-b5ae-62b3ef83ea49", "comment": "Malware payload (Heodo)", "value": "fd868db546085b445382c0241a45bfd336855cf879dbb3e4fffd29080595cb183b47070cde96975aa53201d38a6b5fd0", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954580, "uuid": "0a754016-8611-4024-80e5-181d1569f241", "value": "T1BE05F54D6F918F79FC1D017098CD8B79AA99EC3B4A904F066ED2FA3ED5BB1424D18C06", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954580, "uuid": "b4719bb5-b4cf-4e4f-a473-97e38efdd4a2", "value": "e140b4188c69c3bb4852b94813f9ec7f", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954580, "uuid": "bab31d17-f01f-4b93-98f8-0ff0894999c2", "value": "12288:aA9e3OrvpgqjtQFecY6dddifiHxoB3rNd9CDr:blrvpgqj2FelQc3rLoD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647954580, "uuid": "6d8eaab2-16fc-4714-b60c-7752c52da9fb", "value": 802816, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647954580, "uuid": "773a6fda-b10c-4db0-a7f8-2885fd3b29e5", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647954580, "uuid": "7c33641e-2c9e-4d19-9bb1-dc43b8acf52b", "value": "6ebcfb53c55942865827ffe41b56da76b6070eda76d106fad2b93a6652eb712c", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9b845536-a9be-11ec-9275-42010a9c0029", "comment": "Malware payload (RedLineStealer)", "timestamp": 1647939665, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647939665, "uuid": "cc32a439-dd76-4d47-b4ea-3656b73b54b3", "comment": "Malware payload (RedLineStealer)", "value": "2a02e2aa6de55507df65c60b939d70eb", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647939665, "uuid": "c4a4eb22-fd8d-4cb9-b41f-8d30268fb637", "comment": "Malware payload (RedLineStealer)", "value": "6ec7c1ff4345af36a85bea10a476211acfd2ac2f986a800866bd466b236354c2", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647939665, "uuid": "f9cc856e-498f-473f-89d7-ceb32bdbb423", "comment": "Malware payload (RedLineStealer)", "value": "86f37137a331c443eec75e11e6b6c202b9a49038", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647939665, "uuid": "934054ab-f72b-4062-9ca5-91a3b888cf71", "comment": "Malware payload (RedLineStealer)", "value": "d835cc86965c6c4bea298bbc0fde1fa889e8a87cdbf95f97118bf4f7ad618e8b500b217b19d5fad830f4287f378fd822", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647939665, "uuid": "982096ea-f5c4-4169-9710-e202228e53f9", "value": "T14C7402607A91C033D59740317AB4C7A19E3EBC720A718A833B9513BE6F717E2A7B6345", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647939665, "uuid": "04d3a15d-cc93-4eef-b521-b95474988f8e", "value": "a3de6a896c379b7dab417ae14fd72612", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647939665, "uuid": "f1ecd07d-add7-4c92-9522-6621f9fd0b87", "value": "6144:cUn+ZnzV2uR/9Zcp6u7KNNljbnSPmn/OEvXJn5AD+Ju:c3Znz4u7Op63NlaPm/jvX8D", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647939665, "uuid": "9fe2e214-e58e-463f-bf64-716535699f37", "value": 368128, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647939665, "uuid": "a2b6ad7b-7114-4954-aa78-cd748f4e3442", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647939665, "uuid": "70449334-823f-4f79-8ced-2635e4b3c558", "value": "2a02e2aa6de55507df65c60b939d70eb.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "95d0a884-a9e2-11ec-9275-42010a9c0029", "comment": "Malware payload (BitRAT)", "timestamp": 1647955118, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955118, "uuid": "6c07b6c9-b0f2-4f35-9804-2092aaf3409b", "comment": "Malware payload (BitRAT)", "value": "2ca0d053ae1b75ea7892a2af6a214297", "object_relation": "md5", "Tag": [ { "name": "BitRAT", "colour": "#52156C", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955118, "uuid": "9ed7e61e-1ca2-4643-a590-c30ed761163d", "comment": "Malware payload (BitRAT)", "value": "6f2bfcf2a18e32505a684d6636e68f098a1fae5ceff3f8eacc17f9910709dca2", "object_relation": "sha256", "Tag": [ { "name": "BitRAT", "colour": "#52156C", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955118, "uuid": "0f310936-3516-4300-aace-e12d3b7df1cc", "comment": "Malware payload (BitRAT)", "value": "d6c25acdbde09f4421b3ac1044c755eab6b7c2a9", "object_relation": "sha1", "Tag": [ { "name": "BitRAT", "colour": "#52156C", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955118, "uuid": "7eb8fcb6-de71-41a3-8ce4-7601ae26b521", "comment": "Malware payload (BitRAT)", "value": "254ed4c72c374f7bb1efcfeeafc3841f5ee71370be0a117d6ba268beb471ed1e804e4f6b4f4ba7ff9d007fa0658b13c4", "object_relation": "sha3-384", "Tag": [ { "name": "BitRAT", "colour": "#52156C", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955118, "uuid": "75b68ba3-4669-4f41-ace6-20611b9f72e1", "value": "T1B006CF02FA46C562D2170230E96E77BA053CF9354B2085C3B3946E6C59B66D17A3BF3B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955118, "uuid": "c9291de6-ed69-48ee-915e-0f6a09976915", "value": "71955ccbbcbb24efa9f89785e7cce225", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955118, "uuid": "44be980c-3407-47ac-9c4e-6e8a83b7ffc5", "value": "98304:J77Pmq33rE/JDLPWZADUGer7B6iY74M/mmlwXVZYFB:F+R/eZADUXR", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647955118, "uuid": "3eb5f40f-6ae0-4601-9486-4015804b79b3", "value": 3943424, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647955118, "uuid": "66ab75b0-391d-4f2c-b26f-ac3dadb0a1d6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955118, "uuid": "2a7c6ab6-eb60-4555-970f-1106f4c6d5b0", "value": "aeza-unpacked.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "56081f7b-aa0c-11ec-9275-42010a9c0029", "comment": "Malware payload (Smoke Loader)", "timestamp": 1647973050, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647973050, "uuid": "dbc5cbd6-be97-4e2e-8b85-609d9cff4121", "comment": "Malware payload (Smoke Loader)", "value": "6e06582d9540c729027f86d3f0617bab", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647973050, "uuid": "08b6895d-488a-4d2e-b987-b7c33bcc522c", "comment": "Malware payload (Smoke Loader)", "value": "6fd395a53eff705deee9fd917263e308150d95f9fb50800b1b6a814af05f6265", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647973050, "uuid": "5c9d64bf-abc8-48aa-94b7-b69ce0908879", "comment": "Malware payload (Smoke Loader)", "value": "af7c1c84ecc6735db6755dcc4634786d1ea3f53d", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647973050, "uuid": "07b35bfb-ba27-4907-81d6-970b7dd4c470", "comment": "Malware payload (Smoke Loader)", "value": "da8f6335bdff31be0814a906c07352bfbe078e011a2808c06a08233de9f33ed8c38c13199cb3171022de223e9f837206", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647973050, "uuid": "46c87632-bc83-432a-bdb3-c84b846a8bc8", "value": "T1A4A48E32F2E14837D2632A7C9D1B536C983AFF103D2D58866BE91D4C5F392C1396A297", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647973050, "uuid": "028e9d3d-1a53-494f-b550-a0923ab6ea05", "value": "a945867d0ff5375b3c988fb37e437bd4", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647973050, "uuid": "96e0730c-9e59-49c6-8b7f-709c323d7daf", "value": "12288:REFRKCzbCU7biwItO8g7ySNiLd4LDpp5u3:2LK6X7biw5Red4LDpp", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647973050, "uuid": "134f50b7-c487-4264-80aa-aff8d16bb602", "value": 491520, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647973050, "uuid": "aceb3c66-7fcf-46da-84d2-6adf34e57b73", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647973050, "uuid": "bbc7e4c0-aadf-4d6e-89ef-b02c7396ea5e", "value": "6e06582d9540c729027f86d3f0617bab", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ac3de72b-a9e2-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647955155, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955155, "uuid": "07e2c79c-5b82-4a32-a154-2473f56ca963", "comment": "Malware payload (Heodo)", "value": "49710a16830bb0b0a0ed469e5d477028", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955155, "uuid": "b2d84c53-85d8-4527-b686-4f8d21f87c1b", "comment": "Malware payload (Heodo)", "value": "6fe16fe5ea577af7b87680adad4e9c81d64fce08234aee38d182ea284b2509d0", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955155, "uuid": "87c0a858-b2de-4bca-a344-bb3f57f95589", "comment": "Malware payload (Heodo)", "value": "8deb1a43293af45aedf74688492fb559c0c9f2db", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955155, "uuid": "ab7d2607-8891-4e1a-8f24-a75e5146c6c8", "comment": "Malware payload (Heodo)", "value": "e2b8ee39bf6f0eb12efd7b03b756321bde03546c6fe9152f26b39fb14023dd7dd4bcbba4f241f5964cb04ee46fa0c739", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955155, "uuid": "cfcbc1ee-fd61-4457-a791-380d2a1d53e8", "value": "T155D41840B259D1F9C4CA3CF83C1A9299625D6CBC7B8960F377BE36AD6B74D70132121A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955155, "uuid": "ba6f2055-51a1-44cc-997e-57f5cb045445", "value": "463401f61c44b0d918f1e23374db995b", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955155, "uuid": "94addfdd-f85c-44a9-b8cb-7d59af82dd16", "value": "12288:C2Y7Kg+5zhHHq9xT+mDWIGUcItvhFDuEPF:g2nHIxT+mDWucItvR", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647955155, "uuid": "7f15adc1-4aa4-44aa-acc3-54311421fcb7", "value": 613888, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647955155, "uuid": "60b602f0-32e0-4d8e-bba2-4cb3276111cd", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955155, "uuid": "56b3fc61-e133-485c-9210-3b5cc4cc3587", "value": "6fe16fe5ea577af7b87680adad4e9c81d64fce08234aee38d182ea284b2509d0", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5a6d3eb6-aa32-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1647989378, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647989378, "uuid": "bd8d54aa-16d2-4e92-9ad5-4687da8393a2", "comment": "Malware payload", "value": "2e89a7aae558e9be86042e2bd7e65803", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Mars Stealer", "colour": "#84F258", "exportable": true, "hide_tag": false }, { "name": "MarsStealer", "colour": "#DDEC50", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647989378, "uuid": "8a684ddf-2fba-47eb-9469-18ebee0d4ebe", "comment": "Malware payload", "value": "7022a16d455a3ad78d0bbeeb2793cb35e48822c3a0a8d9eaa326ffc91dd9e625", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Mars Stealer", "colour": "#84F258", "exportable": true, "hide_tag": false }, { "name": "MarsStealer", "colour": "#DDEC50", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647989378, "uuid": "b9692aa3-e90f-4028-8f7f-2b77de8ac5d3", "comment": "Malware payload", "value": "64e85269651f0a475d0a94eb98cd3adbf3061e10", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Mars Stealer", "colour": "#84F258", "exportable": true, "hide_tag": false }, { "name": "MarsStealer", "colour": "#DDEC50", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647989378, "uuid": "e1b7b5d7-241f-436e-bed6-2b6177bddf60", "comment": "Malware payload", "value": "1960615598e25ffa75f05662d5e15bf214d5d03041669191138b4d543e09d26ec392a95e05d5f5d1ce169bafdf005160", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Mars Stealer", "colour": "#84F258", "exportable": true, "hide_tag": false }, { "name": "MarsStealer", "colour": "#DDEC50", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647989378, "uuid": "ec038191-e000-4d10-900c-26261bb67dcb", "value": "T1A834BF1B71289E36E4663B308EBF9539431AD2A7F234C157E13EEEF8F615091966CE10", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647989378, "uuid": "91f2f6c8-5e87-4087-a8fe-f86f5b89712d", "value": "bae10aaa9e80d644f79420466068cc74", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647989378, "uuid": "06efa39b-d7d9-4191-a00f-b3789fe47245", "value": "3072:iq0Je2P1VU4W3gwbBPWq3rZP55Zu3DtYyprz8gJy436s+OssN+uQSYftoyQ4tpvG:iq0rnURb0K742Ajx3qSYe94tpvURSYOc", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647989378, "uuid": "3d1470a7-dba7-442c-bbf2-e8a31c5ec7bf", "value": 235352, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647989378, "uuid": "ded7bb73-8af7-4a54-b7eb-b498704033ea", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647989378, "uuid": "7b86d9e2-e50b-491a-8a61-681d68c5c17d", "value": "b123.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e19a5cc8-a9ed-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647959969, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959969, "uuid": "5163293c-02b4-49d5-ab89-eb96965375a9", "comment": "Malware payload (Heodo)", "value": "40eb0a2956f9412ee128a6c7c499f7b1", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959969, "uuid": "36ad658a-c310-4795-8bf7-b559c64c388a", "comment": "Malware payload (Heodo)", "value": "702957ec43c8cd7a660d40a3bcbb6ec2d331ae992d3e32c91cad644db67cfc2f", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959969, "uuid": "8a0b9b5a-3786-46bb-823c-eaf9de41a521", "comment": "Malware payload (Heodo)", "value": "6efed521ccb565bbff45a008001de7e090c8c901", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647959969, "uuid": "486a4a61-d605-4743-b47f-81a021cfaf85", "comment": "Malware payload (Heodo)", "value": "ae2e3af285c6414db6d264121dd1a73506e516ad3b4d8c8bfb6fc81aa6782314a7a57f956d8a5ee5ebf28880fe9c3467", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959969, "uuid": "de4568df-b90c-4fc2-a3cc-65676eeeacf3", "value": "T11AB4194F1E989172F0CF28776C22FB65F1EBB8009319B8116EA81B4CFB25B715961D4E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959969, "uuid": "bfdb0054-0e95-4e4c-a433-89b029af49dc", "value": "ea66334e3c2bfce2838f2a75dde8dc63", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959969, "uuid": "cf8ee6f5-2f2a-4fff-b2a6-a591b0665fb8", "value": "6144:8JZToYE666spbEgoZhZO1tiI+rB7FNXtwN2B5mq8dbSNQ7dqNThMx:8v/goZomlF/wN2PmBzdqNTWx", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647959969, "uuid": "f9f6a30d-32d5-40d0-904c-c1b42a65f9f6", "value": 516096, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647959969, "uuid": "2abcf9b3-1edb-4194-b3af-07c41051b648", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647959969, "uuid": "e153f8d7-0347-48f6-b825-c3e8a6bda8b0", "value": "702957ec43c8cd7a660d40a3bcbb6ec2d331ae992d3e32c91cad644db67cfc2f", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "24077560-a9b8-11ec-9275-42010a9c0029", "comment": "Malware payload (RemcosRAT)", "timestamp": 1647936888, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647936888, "uuid": "85a5502d-d2d6-42a4-bd97-7a35b30332b9", "comment": "Malware payload (RemcosRAT)", "value": "8bf7491e30e1f20f7f3084f8cdaca2b2", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647936888, "uuid": "8b73be49-5086-4105-9d85-014ca682e1af", "comment": "Malware payload (RemcosRAT)", "value": "7033c5725ca1167da50532cd257eaf95a6bf2d6be51a9c357ab145b189c7a23a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647936888, "uuid": "4fd05573-e57c-4558-95a3-b020579dde4c", "comment": "Malware payload (RemcosRAT)", "value": "e0f211efc0c317f4c6827cf979dd275926807a17", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647936888, "uuid": "5e5510df-95f6-44e2-a3b2-72501e694b59", "comment": "Malware payload (RemcosRAT)", "value": "680800bc10c38523e54102b76d947d10e9ce335d329d004ee0856f1a9b835af3f041a0374b7086191544526f2507830d", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647936888, "uuid": "6813506a-7e80-43e9-a54b-c30ebff10105", "value": "T11255335B74AA4127E7EC47B4FD9210AD02FEAC615016F74DCCAA2EE6991E748F383107", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647936888, "uuid": "cb049220-5db6-42eb-9d61-8289aa98dda5", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647936888, "uuid": "77daf18f-00b7-4dc1-9d27-f2fb75464361", "value": "24576:JWohnmoLTxQaWDTSjkidcs+fUOpbiDARvvoFJ6gtCBnB7v:JWohnmM9cTlidcs+fUOpb62vvo8Jx", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647936888, "uuid": "918c1d1e-ce0d-468a-bf1a-a74e5c6115fe", "value": 1304576, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647936888, "uuid": "7b829cd5-f72f-41d0-a736-8e707ea6df9b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647936888, "uuid": "53d0aa51-509a-4609-be3a-933278182c54", "value": "F\u0130YAT TEKL\u0130F \u0130STE\u011e\u0130 HK NEMKAR \u00dcR\u00dcN% S-Sipari\u015f .TURK75BS\u0130l xlsx.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "67531462-a9c2-11ec-9275-42010a9c0029", "comment": "Malware payload (Loki)", "timestamp": 1647941296, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647941296, "uuid": "629d0ba4-8400-40f1-bad5-bf8ff1af1b43", "comment": "Malware payload (Loki)", "value": "fb959634b014188f6318db5a2b0d87ca", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647941296, "uuid": "99f9df77-fc60-4d92-8fa6-2309cc271939", "comment": "Malware payload (Loki)", "value": "703b7b31b9b39b008c2e54a84eac89a9d2d50fec37a6918f8fba784b5812529d", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647941296, "uuid": "2a3ef749-473a-4416-bff8-486dd472536b", "comment": "Malware payload (Loki)", "value": "64f7115ab33376b0043f4223bb0099e693dc6853", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647941296, "uuid": "cfa679e4-9c44-4976-b7fe-3aa2e92be551", "comment": "Malware payload (Loki)", "value": "a38bf44c9b5f305b88d47ba5f3708e776bfe38ce070b61b24eab73bcb606ef98ee3d2769275b4ada4d60643808fc64e7", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647941296, "uuid": "075422ec-9b75-4884-a694-dbe91e355bdb", "value": "T19C73C6D23A08D140F6660734E49098760220FE9D6F2E872E77F23A1F77B2DF5DA19685", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647941296, "uuid": "69facf8e-d4ec-4026-9364-bfde9084ef2a", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647941296, "uuid": "3eec093e-ed60-439b-95d4-a9881d3659ad", "value": "1536:AGaGfihKbmlBKAOYY8/Cxr/gP7fDERfr9Mick:1xKEbmlEAOYY8/q5om", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647941296, "uuid": "4f13eb8d-8296-41c0-8c38-b70ddf3e855f", "value": 80384, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647941296, "uuid": "cb78fd46-53cc-4f0f-9203-8a619a3adcd2", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647941296, "uuid": "343c7b0a-b9c2-4f8d-9be9-49cf95aa5731", "value": "Lewpjlfjb.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "546824e7-a9ea-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647958444, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958444, "uuid": "464c243f-a9a4-4307-8086-c79de329918e", "comment": "Malware payload (Heodo)", "value": "bd6fa3afdc76a7997b320b596928ff8b", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958444, "uuid": "f059b09d-6823-41cb-9053-7b35dd593343", "comment": "Malware payload (Heodo)", "value": "7047d0c0661b8fdc54febbd02fd4a58f4e13b0bda4511cc3a15d016c51f595f0", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958444, "uuid": "fc20f1c2-aa24-4e60-bdbf-fd5e9ed16f59", "comment": "Malware payload (Heodo)", "value": "ba5562995cb27169be1c4d4ab55bbc46359a70e6", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958444, "uuid": "f5b46bea-57f5-4197-99c1-6ee0595bc1f9", "comment": "Malware payload (Heodo)", "value": "b650ea1fe4a04dd234cb784d6ba4c4ec40224a1e3e2f46248aee1f2aa9f84ec518d28a8a404bddfa32d38eb46404fea3", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958444, "uuid": "0c81feb1-6a2c-404c-8c0d-16f32483c5ab", "value": "T123059C596B46C0F2C3B53CF0182A42B11D9AFAF2C7B7023B9E84167D9A70DC17768D5A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958444, "uuid": "8ddf3430-d869-4527-a212-25c9bf76d32c", "value": "cd97bd977cef263c697f451ae2c47380", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958444, "uuid": "d18dd410-ebcc-4d5b-807e-747fcd9285d4", "value": "12288:V20BXOMcVzpWfmmnDDTX5P8fMYsvFE6NKGfLjx8QvbxafqNPOd4jy:V9XOMc1KmmDHX6svFEDGloyNPOO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647958444, "uuid": "a20dac02-f371-4e32-b4f6-3bd456141314", "value": 799232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647958444, "uuid": "2efc3a64-3205-432e-b4b6-56f7a81445b9", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958444, "uuid": "e753f75d-56bf-4c58-828d-e18e628f8516", "value": "7047d0c0661b8fdc54febbd02fd4a58f4e13b0bda4511cc3a15d016c51f595f0", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "eefa1633-aa14-11ec-9275-42010a9c0029", "comment": "Malware payload (RedLineStealer)", "timestamp": 1647976742, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647976742, "uuid": "9baaaaa5-b2c5-4d99-ae62-43a506ba9484", "comment": "Malware payload (RedLineStealer)", "value": "d3f22b2b45d985c0ddc885dcaca14481", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647976742, "uuid": "1fb4910f-c086-4354-b67e-42e04bfa02f4", "comment": "Malware payload (RedLineStealer)", "value": "7076bc30c78dc4adf44020411e8c6b65c5bdfa9f85ca951695cd6ad307ad0228", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647976742, "uuid": "1d742fd9-1a49-4fbf-9542-05353afb99fb", "comment": "Malware payload (RedLineStealer)", "value": "728dc94dd8e85007a1661ba9d471405346610f4f", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647976742, "uuid": "433b1cfe-f7c6-4fcc-a454-e6bc2d20c1bd", "comment": "Malware payload (RedLineStealer)", "value": "884205c77134c0cb1794b7546034dd56bff84c0a5dc0531bdb2ce0ce0e0236c014e635b697746b8c0d33e5e6dd67ad38", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647976742, "uuid": "d0f6d1e6-c05f-4add-a1c4-8b0a66dbc53a", "value": "T140C423A6D3C4DE8ED44D41BAA4B6F443892DC172D4DBBC52D2FB828D3C680B7E60A475", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647976742, "uuid": "02d8baa4-c439-4178-880c-18b8f2c28096", "value": "445554923421947cbff896012e27345a", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647976742, "uuid": "1794cf5c-3270-432a-9250-79b317f5d09f", "value": "12288:zsZ6RD95uzAD4BxPWZEvQS03ULaHNqrxlKIQNoXvATaXFuet:zsZY72xPWGkEaHNYK3mVLt", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647976742, "uuid": "346039cc-8dac-4e07-9515-b935a4c6ed8a", "value": 570880, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647976742, "uuid": "5c67d4e5-e315-4143-9ff6-637c3460842e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647976742, "uuid": "ec9eef8c-b924-4e81-aae1-2ded8f7fdc05", "value": "53092932.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d06c61d0-a9e2-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647955216, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955216, "uuid": "d45fffda-9997-4999-b57d-4a756e29c8f4", "comment": "Malware payload (Heodo)", "value": "74b7e1ab97ef0f78a69aaa5aa4200d81", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955216, "uuid": "f605b173-91d5-46ae-8c7e-b8e154cfc797", "comment": "Malware payload (Heodo)", "value": "70b3c0f2349b4a47a8e9c9c2d5d5cdbbb56c03345a428bc1a1338fe875021a4f", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955216, "uuid": "aa337b7e-8594-4e7a-93b0-48ff45ecf945", "comment": "Malware payload (Heodo)", "value": "30fe16989dc284e2e85f5decd4ee4076c6d09467", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647955216, "uuid": "9da0ae10-93db-4311-b7d9-1e0a5e3a0e6c", "comment": "Malware payload (Heodo)", "value": "d60c87338c0bca041e9896a668c84533f0b1fb0dff6107660f9f0cc851ce79cc70161b5df6c8e69644a06f13fd51506c", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955216, "uuid": "eefd28a4-8247-4def-8948-2960e19e72de", "value": "T1FAD41950735AE1B7D0429CB58D1A82B5A90F6CA14A2471F3BBDE371DEB789B017213CB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955216, "uuid": "98becf66-e231-4a79-9d1a-6ba4256823e9", "value": "463401f61c44b0d918f1e23374db995b", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955216, "uuid": "6125fbf1-3467-4bbb-a9dc-36ad7bd55be3", "value": "12288:DjN/Z2wkRrA9CRDCZElAjHDsndSyHOrNvEP0Oua:dEHR+CRDyfsMyHOpJL", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647955216, "uuid": "d59d7ebb-65a7-40f6-87c8-9af3ded26c7b", "value": 613888, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647955216, "uuid": "045928e4-e585-4272-9a9d-d6715bc2db51", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647955216, "uuid": "ef9c2963-7733-4eb6-bed4-8c26ab200410", "value": "70b3c0f2349b4a47a8e9c9c2d5d5cdbbb56c03345a428bc1a1338fe875021a4f", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e47505a3-a9e9-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1647958256, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958256, "uuid": "c34be689-b7bc-45fb-a511-f88353fe319b", "comment": "Malware payload (Heodo)", "value": "a01754ba66bc9edc921eb9fae884c2cb", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958256, "uuid": "20184d3d-b955-44f6-ad5c-4ccb8880f40a", "comment": "Malware payload (Heodo)", "value": "70d681ac1988f8d7db0561e46635e68991ebaed851c802838c44cf51f4eb31f2", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958256, "uuid": "f2b1407e-65cd-4d57-ad01-d560eb4a4ecd", "comment": "Malware payload (Heodo)", "value": "c57566465f8480ed8a8eaa27879e85d1d215632d", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1647958256, "uuid": "fbfb45bd-fad6-4e9a-b355-31fa4aff4e4a", "comment": "Malware payload (Heodo)", "value": "68993ba28429bf70f2ce76382a304f4c36212b4537a546487791460781eb0971829e5bbf7b428294f75f92d840087cce", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958256, "uuid": "f734c94a-c22c-4929-9218-47d8bbcbd2d7", "value": "T143059C596B46C0F2C3B53CF0182A42B11D9AFAF2C7B7023B9E84167D9A70DC17768D5A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958256, "uuid": "22daf46f-6a29-48c0-8472-8d1366426081", "value": "cd97bd977cef263c697f451ae2c47380", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958256, "uuid": "f22792e6-3b6e-41e5-bac3-b9962cfb3ade", "value": "12288:V20BXOMcVzpWfmmnDDfX5P8fMYsvFE6NKGfLjx8QvbxafqNPOd4jy:V9XOMc1KmmDzX6svFEDGloyNPOO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1647958256, "uuid": "8382c629-b9c0-4c7b-ac3d-c6c8ad65fcca", "value": 799232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1647958256, "uuid": "9911b4f2-f0e3-474f-9ce4-7bddcecb7d5f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1647958256, "uuid": "04d9edb0-a980-446b-a2b4-2d8f56e6f131", "value": "70d681ac1988f8d7db0561e46635e68991ebaed851c802838c44cf51f4eb31f2", "object_relation": "filename" } ], "templa