{ "Event": { "published": true, "date": "2023-07-20", "threat_level_id": 2, "info": "MalwareBazaar malware samples for 2023-07-20", "timestamp": 1689897781, "analysis": 1, "event_creator_email": "bazaar@abuse.ch", "distribution": 3, "uuid": "789f8ccb-3b18-49f5-b0a7-6757b26909c6", "Orgc": { "name": "abuse.ch", "uuid": "9b086132-8588-49ed-97fd-8578a777822c" }, "Tag": [ { "colour": "#004646", "name": "type:OSINT" }, { "colour": "#fffff", "name": "tlp:white" } ], "Object": [ { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "75fb4c8d-26ed-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1689851182, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689851182, "uuid": "2ceb7a1d-e208-451d-8ea1-85970c1e3157", "comment": "Malware payload (Formbook)", "value": "956ee990021b08a26ae57d05ac38e790", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689851182, "uuid": "2a8b658b-0d18-4907-9545-721154793729", "comment": "Malware payload (Formbook)", "value": "00042ff7bcfa012a19f451cb23ab9bd2952d0324c76e034e7c0da8f8fc5698f8", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689851182, "uuid": "7558557d-6087-4901-b378-a6942daecc08", "comment": "Malware payload (Formbook)", "value": "770a8b592087ed48f64e5782fb07a3260935c7f2", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689851182, "uuid": "5ff679f4-94d4-4af7-8852-8ce18f557a9f", "comment": "Malware payload (Formbook)", "value": "7509649158998f63eed44392454cf8fb4bec4709725ca795de5a54dbb8aaaa63574bbe21de1eef034fce4bea2a1cfa1f", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689851182, "uuid": "3ddb08da-618c-4a6d-a007-1138ffc3558d", "value": "T1E75412642690C833D421577209328B3FBBEAF54716752E8FAB305B9EBB13940D91D3A7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689851182, "uuid": "8ffd21b7-0ab1-4cd1-940a-0dfc440c8449", "value": "61259b55b8912888e90f516ca08dc514", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689851182, "uuid": "e03c8759-b48d-4ff1-8df2-d04418e897fb", "value": "6144:/Ya6mZJXZV5btazx2AQZSJ0CKnneNCEiuBUKrpLkmkMQ/+zev:/YQZJdtgcAQwJbKneIEX9kmwX", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689851182, "uuid": "81bf27b6-8d96-47ca-b7b9-50acd5243f26", "value": 282314, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689851182, "uuid": "0f7cb3db-c225-4cda-b138-b2912b9055fd", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689851182, "uuid": "b8ed903c-f3dc-40f5-a7ce-4f8e86dad494", "value": "Order-20230720.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "aac235f5-26ed-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1689851270, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689851270, "uuid": "8bed1ea0-d22d-4157-9bfd-49e042b587bd", "comment": "Malware payload (Formbook)", "value": "519cf85f34f9137a10b390ddf3abdf7d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "QUOTATION", "colour": "#75C1ED", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689851270, "uuid": "143d30f9-ac5d-44a3-b6ff-ef94c1c3a37a", "comment": "Malware payload (Formbook)", "value": "00223d395991519c2f3c162f8ca07a10bfc627ecc36a9d995d85fcf0e6f24f33", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "QUOTATION", "colour": "#75C1ED", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689851270, "uuid": "d85e5886-7c96-4181-8eca-e75c776c12ec", "comment": "Malware payload (Formbook)", "value": "77fefd586f510c630216b0a8f417832a845261e0", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "QUOTATION", "colour": "#75C1ED", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689851270, "uuid": "b66eef06-90b1-4df8-92e5-b41830f2e795", "comment": "Malware payload (Formbook)", "value": "54fcf4b46b9deb2b4680b1841dc99684f30d27e3ba520f6c67d09dd770a1b06e55efac474818313139c9bac30f1dbe2e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "QUOTATION", "colour": "#75C1ED", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689851270, "uuid": "b181f447-2e2a-4e0b-a3ff-8be22e0e2d82", "value": "T1114412192BE1C8A2DCE81B701BBD5F995EF6F0111175EA4E57B02E097D2BA90C90F732", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689851270, "uuid": "c346d913-6145-4dd0-9587-3ca27686c82c", "value": "61259b55b8912888e90f516ca08dc514", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689851270, "uuid": "f18b2b0f-3cb6-45f5-bbcb-a4f6971357ff", "value": "6144:/Ya63/ANq5dIHbcZ64dhuaexXIA4B18myeEJSL5pDY8SfKT:/YVyq7In4/TexXI1BifE9Y8AKT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689851270, "uuid": "d0bf51eb-9584-4637-8816-e84e23c3c410", "value": 275821, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689851270, "uuid": "2b021c4d-f46c-4978-92fd-aae709e869c7", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689851270, "uuid": "6eba881b-2ff1-40df-9406-dec08e929794", "value": "Quotation.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4c004f4c-26cd-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1689837368, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689837368, "uuid": "d02c8d1a-507e-4db2-b210-80b3fa5ff1bd", "comment": "Malware payload (RedLineStealer)", "value": "0312edc29972d6d799ccb67a0db5e2e5", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689837368, "uuid": "7d98a25f-8a58-4819-b3a2-a1941a438378", "comment": "Malware payload (RedLineStealer)", "value": "008b3cfd8b777b5a2e48b470baa5e36d6e5d16829233330809d37100d66b757a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689837368, "uuid": "9dd5b6f3-d01c-45f8-b6be-181ea56ab9c9", "comment": "Malware payload (RedLineStealer)", "value": "b2e79abed6911f84bd3f3befc5903850c0d72dd6", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689837368, "uuid": "7eb5826f-cf50-440f-95d5-77c14f6cda77", "comment": "Malware payload (RedLineStealer)", "value": "b6d512a78324686ba2a67a382367ab047749eb4cd46b67da77dff9c2fbc67ae9fe5d94e4bfa25750e17e3bcf3f9a46f0", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689837368, "uuid": "7719fe2c-0f62-40cf-acba-b1e97de6567f", "value": "T158B40213BBD55073DD721B705CFA07831B3A7CA10D749BAA3A46596B0CB3A81A53272F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689837368, "uuid": "906f6af2-5383-43b7-9a49-44c9ed681f7f", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689837368, "uuid": "57fbec4e-23aa-4208-a918-578166f00172", "value": "12288:+Mrdy90G0moXpcRDGQkWbJ+6J77zOsPsvI:7ybupcdHXbk4PRPqI", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689837368, "uuid": "7a2fa8dd-d9fa-4f00-9a74-10dabec293d4", "value": 527360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689837368, "uuid": "43cc5e58-de98-4279-9fae-5e61fe61caaa", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689837368, "uuid": "c55a1192-d757-4330-9d7d-9222ea63dfcc", "value": "0312edc29972d6d799ccb67a0db5e2e5.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "083da0b3-26d3-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RemcosRAT)", "timestamp": 1689839831, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689839831, "uuid": "a5b9261a-dddb-4d0f-8f3d-b3dc1b91c4cb", "comment": "Malware payload (RemcosRAT)", "value": "15782be2ac476a9e215e62638cea0863", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689839831, "uuid": "922b25af-c6d8-47b1-9c0b-58e049624235", "comment": "Malware payload (RemcosRAT)", "value": "009bdad48405a11c887a397ea42fc93fc730ec39e63e5c61f3f8df31ff34c1f1", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689839831, "uuid": "a7f342f1-bdaf-4a25-bede-27bfab49ba17", "comment": "Malware payload (RemcosRAT)", "value": "bca8a81371a0eeace4f95ba9335ff6a5f9f953c9", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689839831, "uuid": "f01a5fb3-93fd-4f80-ad03-010beff0661f", "comment": "Malware payload (RemcosRAT)", "value": "c597e68fdff6f1926e98f8b73d898f4bf74de412f3ba725c203a56343d7303be4873ecb17daccd3a038345d133932576", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689839831, "uuid": "29a65cd4-da15-4730-b522-4b3379aeba52", "value": "T16E059E21B2B284B3E1262E359C27977954B4BE60293810177BD23D9DEF7B3D278281D7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689839831, "uuid": "292196ec-9073-47cd-82fe-4e9837558ea7", "value": "da21ccc93f3893853ed8366aca50ca61", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689839831, "uuid": "620ef3aa-28b9-4811-aa4f-50d7734fd7c0", "value": "24576:rk/A25GoqxIJs7ks3XJrPz6cDCnvMXqv9:rKAKGj7ks35rPmaCnvMav9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689839831, "uuid": "fa6c3a62-4474-46a3-bcee-15cf96c45373", "value": 808448, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689839831, "uuid": "3c339c11-1911-4d5b-8def-640d59bbfce4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689839831, "uuid": "f10b65f8-984e-4de9-864f-5751fe30a510", "value": "IMAGESCANDOCUMENTFILES000010100112HHUEYDH.bat.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ba1dc6fd-26d3-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1689840129, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689840129, "uuid": "ef9f3af2-532e-4bdc-9167-cd76a8252cf3", "comment": "Malware payload (RedLineStealer)", "value": "18a3a58f3dcb3d0ac0a68307c1b4f988", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689840129, "uuid": "202f0420-53f3-4a42-b458-516fad172ee2", "comment": "Malware payload (RedLineStealer)", "value": "026ba8b8a8a7def0bce06c8c4dbf5dd5cb0e69a8d21d2469b363e239c0b9b132", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689840129, "uuid": "3c68512e-2dc9-4535-b621-922daeddb8bd", "comment": "Malware payload (RedLineStealer)", "value": "69514175aab2fe8eb5b837406345da2e97955bc5", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689840129, "uuid": "1a4d97e6-ebfa-4b3a-92e3-4dd7418e52ad", "comment": "Malware payload (RedLineStealer)", "value": "cd7db2766eec3769d771f81dee4a68f72fe567060836093a35df39ea599701a2cec54f0274eca6094e65b33e3a6c178a", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689840129, "uuid": "e9a0e8f8-5996-4f46-aa61-36a24dc7a5dd", "value": "T14FE2F10E1AA4A0DDE59651B280C39E77EA8433D314A673C8C173AFFDD787F81B591268", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689840129, "uuid": "6c81be2c-0bf4-4581-be14-4fbc0f5147f8", "value": "384:K9VD6tee+qUOTd2opQTLAdz1SvNmhpdvOjT7PbA6HBiTSnjxZMdP05ldpRMaYIBI:k6Qe+qUv8zcqdvOXA6XkPslJvGaVW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689840129, "uuid": "96015c8d-5927-4453-9b6b-eb8d9ec4639f", "value": 31364, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689840129, "uuid": "3e1150cd-595c-491a-a34a-91de8fccdd9f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689840129, "uuid": "ca977414-593b-4fe0-89c9-48221e758c82", "value": "18a3a58f3dcb3d0ac0a68307c1b4f988.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9521dc91-26d6-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1689841356, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689841356, "uuid": "7580b1a2-cf92-4f04-a380-f76fb0a7a4ac", "comment": "Malware payload (Amadey)", "value": "3c37601b22fd9a0a2a2b8292dbf7d939", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689841356, "uuid": "4dc94696-6a1c-4a62-8d8d-e5441f232fc4", "comment": "Malware payload (Amadey)", "value": "036028e38619a2b41891058cbbec38bbd4ebcfca4ce732fb7db9ad8f372c62a7", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689841356, "uuid": "1fda9806-dd1e-4e5a-9d40-53d618f78273", "comment": "Malware payload (Amadey)", "value": "04e36bfd794fb057f974ff87af40da195812f3ff", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689841356, "uuid": "9fd37dc4-0f97-4a10-bb3a-c72b83559fd1", "comment": "Malware payload (Amadey)", "value": "8c5bdf3f2340562b8bbf9d83ebf6327dffcc7cd2a80bc91e20994cfa453d8816d067e6d2d5a0329bfa11282ef8b99439", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689841356, "uuid": "25542721-9b5c-4e6c-abe3-9405e93d536d", "value": "T19A840202F7ED6032D8B5677458FA03C30B7ABCA25874436F2786584E0CB3690A57677B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689841356, "uuid": "b08fd029-f195-43d3-a54e-369ef14f527d", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689841356, "uuid": "8b90553e-da11-4db9-9184-fbdd9b4b2de6", "value": "6144:Kzy+bnr+ip0yN90QEWXOmWct9LTwWXJRjUQYoB2rEb8NVKsF3rE3:ZMrGy90UXRrt9nbvJBYCo3K", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689841356, "uuid": "00243532-3451-4525-8a6e-fe48a246d6e1", "value": 399360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689841356, "uuid": "4eadac06-8f5b-41a2-9dee-8c5b0b9009ed", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689841356, "uuid": "db4a3aea-fc8e-4393-b985-6e10e6ad089b", "value": "036028e38619a2b41891058cbbec38bbd4ebcfca4ce73.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "30b25aa8-26cf-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689838181, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838181, "uuid": "cfb41825-b984-4f10-8e48-7a920ddd151b", "comment": "Malware payload (AgentTesla)", "value": "d24643de387ab8c477280f102516fcf3", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838181, "uuid": "c72bd292-91d1-40dd-b86a-83072337d41c", "comment": "Malware payload (AgentTesla)", "value": "03728e854a392ef693c6c2dbb39d240883db16cc580da2e95b9ca15197fb7d67", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838181, "uuid": "3ff74b63-ee43-4bde-94c0-c4705bfef7ee", "comment": "Malware payload (AgentTesla)", "value": "d9baa82de293e2c058157465dacca350064f5125", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838181, "uuid": "91e4453f-952b-44d6-9bfa-41e5dd48dac0", "comment": "Malware payload (AgentTesla)", "value": "32943ca8c7a791b791cf9632d7c4bf9c9285a9e998152a67b35f6b81c36191b2e02cddd00e160d4b4fec5820cdcea91b", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838181, "uuid": "659da671-780a-4588-925a-6e9b2d2add2f", "value": "T1B7E4F12596FE8F5EC9731BB5F621193C47B65AAA7032C32F4E12B0C63A91B434601B77", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838181, "uuid": "67d77b98-d3da-4fdd-b68d-9050a8f3ba41", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838181, "uuid": "42999c72-6f89-4874-93f7-0948f68d8e68", "value": "12288:cES6ln+flo/XciMvMAArbJnMEk1eSkQYNn6fwkLCQ:ctTdCjEMAArtnkeNHib", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689838181, "uuid": "5c2f1cb6-a7ed-4818-8a9d-8b0555295c0e", "value": 704000, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689838181, "uuid": "36403125-d599-4ef8-8b45-7eeead242320", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838181, "uuid": "8c3ea1bd-c343-45af-960f-a80b9e43e17d", "value": "SecuriteInfo.com.Win32.TrojanX-gen.29222.19290", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ca66bf01-26f4-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689854330, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689854330, "uuid": "98227957-a33e-493e-b10c-ea89eaf5dff2", "comment": "Malware payload (AgentTesla)", "value": "35de3e6248be9a9f2c2094d07e44b585", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689854330, "uuid": "5aa7021e-98c1-4c2e-a3a3-41d1d2f656af", "comment": "Malware payload (AgentTesla)", "value": "03db28784d9f4e0920871f59991dda53f3179994ce1a0d18e72f5497728aa16f", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689854330, "uuid": "22efb089-45fc-44d6-92cc-e5e1fe153b31", "comment": "Malware payload (AgentTesla)", "value": "2b8268ab7035348e49b1c59e96c7d9d8ac79d9bb", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689854330, "uuid": "807d9f8c-721e-4146-b164-7e55a10b24ad", "comment": "Malware payload (AgentTesla)", "value": "325bf3eeaa25fc080ea0c05490b444979e40a0c661b8f54d3a73ad84836da7c91c776ac7c4b1c4f41e586db7cd982034", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689854330, "uuid": "ebb8be85-755f-4c96-95b8-9b726c396a37", "value": "T1A6037D5AE78E02A4CF511277271A0E89A6BDB33EB35055A1346C937433EDC3D0666ABC", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689854330, "uuid": "a7c26803-4904-47eb-831f-9fb5ffd60740", "value": "768:HFx0XaIsnPRIa4fwJMldCTUT5IbyNV3BOn4gVUhFY3XhpI10:Hf0Xvx3EMFT5Ibeqa8Xf", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689854330, "uuid": "b6a03d88-4b7b-43f8-ba41-0c7c9362a616", "value": 40607, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689854330, "uuid": "6373dea3-594c-41b3-b5b7-040da45fc833", "value": "text/rtf", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689854330, "uuid": "659611ed-104b-4f1e-a1a8-f3719fa90869", "value": "AGR_Order_23001557.doc", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "07ea2cc6-26ce-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1689837683, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689837683, "uuid": "a92edef0-6415-41ff-a14b-51a5fac9a089", "comment": "Malware payload (RedLineStealer)", "value": "0d02e79755c481904fb0881b795c5a32", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689837683, "uuid": "bf79586d-370c-4a91-a4a6-f62986d512fe", "comment": "Malware payload (RedLineStealer)", "value": "059e2cba902dcc813edf8369bc903971dbe5909bd0077d38cd371d19d15bb881", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689837683, "uuid": "38867140-9745-4fef-984d-35298445cf1c", "comment": "Malware payload (RedLineStealer)", "value": "ef256943aa4829f1421e5e99d5632de3fe0bd768", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689837683, "uuid": "b1dd5d6e-08f3-47bf-bf5b-ef27f7af6cc3", "comment": "Malware payload (RedLineStealer)", "value": "1b79aea08cc7d713f1038d9b2b01711208b6b2a4825b075417985f77bd14038e89af6359d1d35cf03337bb0948a7e75d", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689837683, "uuid": "590021f8-b3fd-4704-84ba-5c63103abadc", "value": "T1FD840202F7E89132E8B52B7068FA47D30B367CA19D78532B2765A84E0CB25C4E47577B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689837683, "uuid": "fcf55245-304f-4aff-924b-e47084f120e1", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689837683, "uuid": "1eaf86f6-d458-40b0-97bf-f42d5a73926d", "value": "6144:KLy+bnr+5p0yN90QEuKy8pFNKlP53V+WGXMjk/cBgAecGbqqZSinoGYgq/:9Mrly90YkTNKlZ4bMjk0jecocV/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689837683, "uuid": "6521d63d-7df2-4d80-8342-8e1a83e39a03", "value": 398336, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689837683, "uuid": "18100dd5-94a6-4f77-a1e9-0ef732d05310", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689837683, "uuid": "f97c3d54-3389-48d2-9450-f2211b5d03f5", "value": "0d02e79755c481904fb0881b795c5a32.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b22b8522-26ce-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1689837968, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689837968, "uuid": "a3fc454f-f635-4b03-87e2-63607b3a2efd", "comment": "Malware payload (Amadey)", "value": "5b747fb2f8a30d718ed11925cf9a599f", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689837968, "uuid": "60ab8b51-cf5d-4769-b7ac-521828dae6bf", "comment": "Malware payload (Amadey)", "value": "06d171582076df1a0fc6ce8e24ef2c656ce3ee7291cf87d8657abb5aef46b9fa", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689837968, "uuid": "72bdb5b5-d84a-4a53-8dc8-9c1964e2d5b0", "comment": "Malware payload (Amadey)", "value": "ede6f65f1be0e0c999efc17f84544f1e605813d6", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689837968, "uuid": "eff0e3b0-5661-4ef5-ae9e-468a6496246f", "comment": "Malware payload (Amadey)", "value": "42b917798ff044c28d2049c6834fdb8770dd187d97b91b87934a79a063d5104441250a9e255ab0b9d1217945036e93ab", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689837968, "uuid": "7ef15c58-cfa0-4b52-9f4f-3d54ab195861", "value": "T1C084F222A6E88532D9B52BB05CF603C70B3ABCA16D74836B3346985D0C73985F57277B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689837968, "uuid": "6aac3988-e38c-4c38-8b53-864f40f3d3c3", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689837968, "uuid": "386f1cf2-3652-46aa-9e75-2799129ec446", "value": "6144:K2y+bnr+xp0yN90QEIZkVykkW8nZNL/DVlamD+2ZK/2b/xr81NCcHnlRHzi0jpIR:qMrly90YnhR44+8/K2cHnl95O+M", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689837968, "uuid": "4b514a93-3fcd-44ac-b222-a2df73d18d7d", "value": 399872, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689837968, "uuid": "81c72896-1ea7-4569-8f8a-c4e0a5937ed8", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689837968, "uuid": "2e36e995-d27c-46b2-8a3a-fd82fe245b74", "value": "5b747fb2f8a30d718ed11925cf9a599f.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2c49cb7f-26d5-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1689840750, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689840750, "uuid": "2ddfc281-c283-4943-858b-f66ea9aa05bb", "comment": "Malware payload (RedLineStealer)", "value": "d5ec2db0d87c93dc784828d97c050c30", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689840750, "uuid": "0e7003ac-1247-4cdd-8c49-8ed19172929b", "comment": "Malware payload (RedLineStealer)", "value": "07726541bf52e05b76cdd837bcbcab17783db2b56bd28e9077dbc06ef0e86084", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689840750, "uuid": "1a587769-4dcf-4385-822e-32b07641e48b", "comment": "Malware payload (RedLineStealer)", "value": "7d96868b6c371a119ce397f3da8940f4b1bf4b65", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689840750, "uuid": "bd4048c1-1ebc-4e6c-a2dd-e3817c42173c", "comment": "Malware payload (RedLineStealer)", "value": "26bbf3b3d7519fe61ca8de6ba1b22b3b50cdf071e7bc10da5ef8ec9909cb09d2cdf1ce9cd070da00f48e8929d2b202ae", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689840750, "uuid": "18056d2e-6450-4eab-9d05-59a0fbc6cbe1", "value": "T122840112EBEC8476CAB51B706CF603D31A317C61DD34876F2786A85E0C72690A6357AF", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689840750, "uuid": "a2b1e134-c01a-4d28-9ace-a11a8d0fb30d", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689840750, "uuid": "a8b4ae0e-4cb7-4269-910f-1b9ae75add77", "value": "6144:Kdy+bnr+ep0yN90QEjNLdA1k8nepsFh7Z5hLOFKKfkGnqeXAyFE03ZAjD1DXX/3r:3Mrmy90JA1k8TZqnfbqeXAyFWtDXXPr", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689840750, "uuid": "c2263158-d1dd-402d-bc1b-f69d28ee2b53", "value": 399360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689840750, "uuid": "4906849d-1d17-4cc0-a00e-4660382c3c1d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689840750, "uuid": "28d576eb-c28f-4c1e-8526-65839007da29", "value": "d5ec2db0d87c93dc784828d97c050c30.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "495f0dd8-26f2-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689853254, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689853254, "uuid": "21c5b27a-c634-4221-a38c-8918d3b00b69", "comment": "Malware payload", "value": "18bd6b6863650cbb5d416f97199f638a", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689853254, "uuid": "839ee343-f574-42f7-b5b0-329adf6232e0", "comment": "Malware payload", "value": "085a3432ba734ed0bfd221ec828bfd99e67ba24624c46dfcc539a659b2d0717c", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689853254, "uuid": "2d2369a0-5149-4d88-b9a6-8cd9093b67df", "comment": "Malware payload", "value": "6683e11dc7ecd952af658e5d844c0786538745ec", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689853254, "uuid": "a20f489a-3927-4286-bcdf-38e84150d3bd", "comment": "Malware payload", "value": "066e963ebdc9ce666dec49a8debbb02d64713c9b1fd403e128c3f6aa9dc13f3f9966497e583e355f4e65f6fdff7905a6", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689853254, "uuid": "e0aba186-94a6-4e56-aeef-3bccd1649b49", "value": "T11E234B0262A2C073F1E7577538A86621593F3D3166F0408B6F8B297CAE707D19B78B67", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689853254, "uuid": "e54dd572-8a8f-4b6c-b798-a75d47d274c9", "value": "8735daf06cba4e1ed00bad4c4053acc8", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689853254, "uuid": "1318834e-7953-44d8-ab7b-7e660a908ea9", "value": "768:ZRAE9+/WmwPdO7DvoqhqaZSaSxmE/9GVUQcQOhDMWmnTED8N7vy7:ZRAE9YWmwyvoqhnS5xH/9GRcQCDAlU", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689853254, "uuid": "a17ebc35-5c9b-4cc3-853b-61e01eeafcbb", "value": 49152, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689853254, "uuid": "a5dc9834-327f-4e10-9dcf-9209eaf3fbe7", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689853254, "uuid": "fb68db27-3309-45f6-9f60-d8689f71c5c2", "value": "SecuriteInfo.com.Win32.MalwareX-gen.16507.15140", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9bfbf2f2-2752-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689894625, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689894625, "uuid": "7388f128-2b0d-4e0d-80eb-f8284232cd0b", "comment": "Malware payload", "value": "be432e263b572eba40cfd71407ff1d6b", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689894625, "uuid": "87a86d08-f043-426e-b89a-f0670d59f1c2", "comment": "Malware payload", "value": "08e0fe94a91ca5d3231a070b38117dead5eafbed33c97c1c37cf4d4a78fd6574", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689894625, "uuid": "18a105a2-5756-4258-a092-7c714d75ed04", "comment": "Malware payload", "value": "e7fd9dd5f71382580e0faecc769daa8bb37ef284", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689894625, "uuid": "ecc36322-eb38-402b-aa7f-11295eabf3fa", "comment": "Malware payload", "value": "4260b3e9322c5d830118a0d3d83eca77f2953752535882c0b328226a9300ef09bb8a012046d96c493cf702021e64eece", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689894625, "uuid": "68369b49-42d5-4f0d-ba66-22d2f80cbfe8", "value": "T1B1B4124377DD9073D4B557B028F202870B367D616D78D71B2289A85A1CB3BC8A87637B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689894625, "uuid": "f7d007b4-d376-41e7-b402-67f959f73fc6", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689894625, "uuid": "65132d18-a687-49d3-82e5-771c65d4941b", "value": "6144:Kby+bnr+Hp0yN90QEzZ5nfRZUcZSzWgkEJvO20E3dCAoKNKEWD+L1bSnxdxQc/dQ:9Mr/y90Ff24u3QA2l+L1OnvVXB2gMN", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689894625, "uuid": "cfe6417b-4c7a-47c7-9730-17b2e09ec626", "value": 526848, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689894625, "uuid": "be2d2ec4-83a6-4784-9b6f-054f2c808842", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689894625, "uuid": "5f1dcc7b-cf85-4421-bef9-9e96591078ce", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "81f0329d-26e8-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689849054, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689849054, "uuid": "ad9ff524-b923-4f52-b388-b68ac95b5693", "comment": "Malware payload", "value": "0e2ad5442cab256258b4b03fc5b8ccfc", "object_relation": "md5", "Tag": [ { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "SWIFT", "colour": "#5D4DE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689849054, "uuid": "4a46c843-0043-48c2-a796-21ca4ffd80f7", "comment": "Malware payload", "value": "0949b42f2c121a7b47121e7fcc49795f3bb57c9a2db662622f198b263748c652", "object_relation": "sha256", "Tag": [ { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "SWIFT", "colour": "#5D4DE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689849054, "uuid": "a6336bd4-fb67-4548-ba4d-b54df4950a5b", "comment": "Malware payload", "value": "99d530d3d7f22ddb757d2f41f9eb1df630d69ec9", "object_relation": "sha1", "Tag": [ { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "SWIFT", "colour": "#5D4DE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689849054, "uuid": "a512134f-7e44-4e19-b5d3-9a38403bcedd", "comment": "Malware payload", "value": "51cb58a140328d8d3d4f6b7f65411e820e22ac640949a5c193b3fc2fd4b85a68d803d00b6ac1c05991b8a194be290c83", "object_relation": "sha3-384", "Tag": [ { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "SWIFT", "colour": "#5D4DE8", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689849054, "uuid": "f4f39b9e-8dc2-4c29-ab78-b0eed37a6b78", "value": "T17B4423CD1C1E7FE13CCC19CDA5C213DDD8D7A838897C78A05762D768A86D54BBAA4A20", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689849054, "uuid": "073d3726-331e-414f-a019-5c5fe2413492", "value": "6144:MPR70XLzbFeI/Lwx8cZ91GDBkDqPBaBP0jwxambAIoKmV0s0pYRAH:MPEDc8QfGDoqpa50MwcAIoKmV0PRH", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689849054, "uuid": "3c2992ee-e4b4-46aa-8d94-b8381b7bcfb4", "value": 263620, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689849054, "uuid": "2dace02f-5f5c-4840-8825-a4cb0e3c6787", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689849054, "uuid": "36f90673-61ea-4e6a-9ca4-c52a4aa8d594", "value": "Swift Copy.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5c8f0504-273e-11ee-a6f9-42010a9c0055", "comment": "Malware payload (NanoCore)", "timestamp": 1689885928, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689885928, "uuid": "b10d2b6b-8ae4-44ae-84b6-5c1f3d33e632", "comment": "Malware payload (NanoCore)", "value": "aef14197205e88ba6ad0d2df46d6658e", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689885928, "uuid": "fb278917-0389-402f-9d83-caefcaf2d77e", "comment": "Malware payload (NanoCore)", "value": "09934c749b73710dfddf00ac28d3ef7f4be3a1b5a248b737e78070239ecc1b47", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689885928, "uuid": "7af52e62-b784-480e-9607-0396b0de2be7", "comment": "Malware payload (NanoCore)", "value": "c269ff30c600fc5440f3101fd2b3295edccf35a7", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689885928, "uuid": "7904ea51-a055-4197-aa1d-5fbb403609ab", "comment": "Malware payload (NanoCore)", "value": "ea6d0d947850f13b90fca13281c12b32c406e27b3feabfe770467c66c534e2bf0ebbdd7be98ce3e764cecb04f0e35991", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689885928, "uuid": "d4391395-c6e9-4e9b-8b6f-5b459a4752d0", "value": "T1A0E42318767B0767EBA60F38585872B5827D4FC6B82AD7C39D0BF1F59A91303A340627", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689885928, "uuid": "93f8e5b8-2141-4c7c-901b-0df40fa91e40", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689885928, "uuid": "96265c96-9d71-49d4-bdb2-c139c8e49994", "value": "12288:sS6ln+flo/XciMv8jzMXXDmnrDK+ci1pjKO4rv0bnhVLoKd+VmMsrtNXaJcY/WJJ:lTdCjEUM63K+ciBi0zLoKd+VmKbkst", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689885928, "uuid": "77ae6ec1-927b-4ab1-a555-49cd32213bc1", "value": 694272, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689885928, "uuid": "19d2ff71-2bf3-463f-a640-90ae210db537", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689885928, "uuid": "b1b7e2a2-ddf9-4caa-b6cf-881c3cd807aa", "value": "brr67p2XOZsMqLW.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "df76e0b6-2733-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1689881424, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689881424, "uuid": "84ecaa29-c696-4e31-b913-f0e3ec3dbf2d", "comment": "Malware payload (RedLineStealer)", "value": "040b7354f4f4de2e25a1f6b2878d4d21", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689881424, "uuid": "756e1a1c-78b4-4179-afb4-b7e9fec3cc8d", "comment": "Malware payload (RedLineStealer)", "value": "099b9c7d6a4623963497cb0479b06229a663b5878f058de5de8ea16c49fbe7e4", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689881424, "uuid": "b9c5c50f-f79c-4d93-8308-a83f840e5f19", "comment": "Malware payload (RedLineStealer)", "value": "bcb48d1be0e5127e66994c51f8cb79dcc7dcff38", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689881424, "uuid": "fa7284ad-ee01-446f-ba0f-8a8d6a081231", "comment": "Malware payload (RedLineStealer)", "value": "a9ffa9f0f552547e94ee44c249b16f04f3fe9bb0f2ed8393dc5dae23b8badd26156641f99e9712508778966770102add", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689881424, "uuid": "9d6d10e3-7b3a-44ee-bcfa-285e2a02dfa0", "value": "T138349E6435F15071D58B323393609061683EB8715F6B3E9F1BAA29691FB24D0FA28CB7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689881424, "uuid": "21639108-6b26-4ca2-b66f-7b3e7faf2cbf", "value": "dcff091e2e9aba82a244d7ff6e487382", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689881424, "uuid": "db45082b-15ac-42c4-908c-4bd406080d3a", "value": "3072:fXRaYY6ixzzLwjiR7ZwelYpKj/rlxufAoLX9dHGCW+AtHf3t+G/MJYuG9WMn3HMB:JaPKjiRVwz8oAor9dgV9+3", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689881424, "uuid": "cf0bcd3d-198d-4132-b824-ec07ed5f48a7", "value": 235520, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689881424, "uuid": "0d2da673-22fb-4f49-8815-4c04d98f105f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689881424, "uuid": "73b7e8db-e1e5-494d-9cc8-bdb234886472", "value": "040b7354f4f4de2e25a1f6b2878d4d21.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c197a10e-2738-11ee-a6f9-42010a9c0055", "comment": "Malware payload (CustomerLoader)", "timestamp": 1689883521, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689883521, "uuid": "8c7e6bdd-de96-4f45-a9f0-0d8549eae855", "comment": "Malware payload (CustomerLoader)", "value": "413e729fc2bd0766d97c4667f0fcb3e2", "object_relation": "md5", "Tag": [ { "name": "CustomerLoader", "colour": "#57A5C4", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689883521, "uuid": "38597629-bb08-4530-b7de-f156b0f18ebd", "comment": "Malware payload (CustomerLoader)", "value": "0b4e5a23c6a2567d7bd75393d2773206b9632131d3621b52cd051b6cc4f12ecf", "object_relation": "sha256", "Tag": [ { "name": "CustomerLoader", "colour": "#57A5C4", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689883521, "uuid": "859b35bb-4775-46da-b812-6e6968ca4c52", "comment": "Malware payload (CustomerLoader)", "value": "24f7cef99da750a74a2d7ac711b15cf1a618ca78", "object_relation": "sha1", "Tag": [ { "name": "CustomerLoader", "colour": "#57A5C4", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689883521, "uuid": "46d503ae-cfab-4a1d-963f-a140ea5e42de", "comment": "Malware payload (CustomerLoader)", "value": "9d845700c1721bac3daae1a6978d57312bd0bef24a93538aa5ad68cf91dd9e908553420eabb941c46774973f3258cb9b", "object_relation": "sha3-384", "Tag": [ { "name": "CustomerLoader", "colour": "#57A5C4", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689883521, "uuid": "c21df388-874b-468f-95de-e33ec749e149", "value": "T19D03E10457EC41B5C9AB0A79ECF203420B39AF97A457DF8FAECC558A1C433355622BE1", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689883521, "uuid": "a1dcbd93-c5e8-4721-ac50-12da68910ed2", "value": "768:6JO55iJPq5Tllmu24Ra2DovIieNhIPVQPa9eI8:355iqTll92m7ov0oW6eI8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689883521, "uuid": "905a2f70-8256-47b8-a8e5-9b61804c220f", "value": 37888, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689883521, "uuid": "b5f01577-137d-4554-bc93-637e012c2755", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689883521, "uuid": "9a1b6051-7290-41c1-a999-84794170e023", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2aff8caf-26d0-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1689838601, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838601, "uuid": "8735e062-1238-4718-849f-ffd5f5b21da9", "comment": "Malware payload (RedLineStealer)", "value": "e0422979e6aed92ba718f52f6437d947", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838601, "uuid": "52d9de55-f8f4-4b98-91e9-7fb6673a1bf2", "comment": "Malware payload (RedLineStealer)", "value": "0b889903aedc5acd6d42e5af45334d52cc81d1b5e84a9a67d5745b0129a464cb", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838601, "uuid": "56a1020c-18ad-4ab4-abb0-85dbcf22c5d5", "comment": "Malware payload (RedLineStealer)", "value": "7a390bf785c451eeda8a87ba7ec69864513d1a5e", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838601, "uuid": "ce45a805-3e5b-4536-a6a3-70667e86ab8e", "comment": "Malware payload (RedLineStealer)", "value": "c4ff617ab1db73481aa2e70a13b1cd78d0266b1633a32955cd885a6e2e6f32e8c5555439258110986e29734e1a7766a9", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838601, "uuid": "0f04cceb-1c4f-43ac-908f-3e23f56b85bf", "value": "T161840146A7EC8033D9B51BB018FB13C30B37BCA26D68832B2B45681A5CB36D4657577B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838601, "uuid": "be48c438-01e1-4308-a001-0478f51272b7", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838601, "uuid": "2d263026-5580-4c04-b4b4-b778ee9e4518", "value": "6144:Kxy+bnr+6p0yN90QEUNYfJ+uSsnWE1SpOgkRomCKkFzJTEVnVJ2hfr:zMrey90GNYxXWYIkamCKO8bMr", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689838601, "uuid": "8c508f36-93f1-4200-9f61-fbdee8041df6", "value": 399360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689838601, "uuid": "55f9e690-16c0-4140-826c-ca9f3db29af1", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838601, "uuid": "4e45529e-52bb-43c7-af8b-e811d13027e1", "value": "e0422979e6aed92ba718f52f6437d947.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cf75e713-26f4-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689854338, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689854338, "uuid": "538e16c7-3a5b-4535-a58a-530dc6b8184d", "comment": "Malware payload (AgentTesla)", "value": "25accefa23aaef221d171c8799a73fb0", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689854338, "uuid": "b818ec90-8e20-4135-953b-71b2d0956fe6", "comment": "Malware payload (AgentTesla)", "value": "0d03f0e57bfc9a9b4e583404b127ae9adff260762252e77d11c95bc6181188ce", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689854338, "uuid": "d12950d2-45ea-4920-a074-cc7a91852405", "comment": "Malware payload (AgentTesla)", "value": "8ee88879eb9669ee3b6419b6545fdd9fbab8c236", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689854338, "uuid": "09369cdb-3006-4ec8-bad2-5d10f252d6a0", "comment": "Malware payload (AgentTesla)", "value": "b1934026b3e9bd338dc1612652e53cddaf124735a88974fc789c3b4ff9edcb32e1ad6081236ed9294949b28b7ae23ecc", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689854338, "uuid": "cc6b87d6-8087-41ce-a080-2da54643a60d", "value": "T177D42385917B583BC25F5F34684122BA435E8FD6BC17CB03EE4FF25AA7AD307826114A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689854338, "uuid": "f9e12518-7db9-46cf-9f95-3f7b9653337d", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689854338, "uuid": "671352dc-06fb-405f-adec-f798c4b5ee55", "value": "12288:9S6ln+flo/XciMvmFg+wR8jIm2x5YDhij65tmDc1:0TdCjEmFYR84GQj6qa", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689854338, "uuid": "24848263-4594-4234-9e24-a66a4937f542", "value": 631296, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689854338, "uuid": "fd605806-32d3-4c8f-b345-ef84c50845b4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689854338, "uuid": "b1ae18db-81c9-4dfa-9481-467f446fc8d8", "value": "gvailantzx.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fd71e704-26cd-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1689837665, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689837665, "uuid": "19893fa0-6c3b-4dc7-8497-b031d8000bf8", "comment": "Malware payload (RedLineStealer)", "value": "0a8b30b18cf58b4d0a7864033a4e6302", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689837665, "uuid": "b714c432-9cc6-47d7-9c3a-b3bf29996a09", "comment": "Malware payload (RedLineStealer)", "value": "0d841835b54f0efe78c3f5b93f6d6185fbe34ae7e2b59954512c613c1300267e", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689837665, "uuid": "950b5713-8060-4290-a11e-e721ddba4674", "comment": "Malware payload (RedLineStealer)", "value": "ad9151e3c63c4705d2796cda0645d0c575990e0b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689837665, "uuid": "78a9699f-597e-45ba-9235-813b96963700", "comment": "Malware payload (RedLineStealer)", "value": "9aee610e5c1f5fb70af274a26a3a68b7a679e4073749a34e105f7d58a8c5deccd565e266aea5f441467c5f64ec71b0c5", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689837665, "uuid": "664d5a1c-80fb-447c-a3d7-0bf13144ae1b", "value": "T1A084F112EBDC8172D8F1177058F703832F31BCA19C38962B2795695A1CB3A90A67677F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689837665, "uuid": "3eeb909b-674a-4fdf-9f38-1487ccee8284", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689837665, "uuid": "67826cd3-5b91-4b24-8959-445b7b5a213e", "value": "6144:Kfy+bnr+Tp0yN90QEKsRwKX/rjBeeppcRrI1ycjjBYeFdpH7Lw5Y9MitCX6sfo9z:ZMr7y90r9riRr8jNTyX29I8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689837665, "uuid": "32032512-aca7-461f-a761-3bce28ee7325", "value": 399360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689837665, "uuid": "9b9836ed-c0cc-4291-a700-b760e4690c1c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689837665, "uuid": "efaf0b8a-0693-4604-b23d-670630acb296", "value": "0a8b30b18cf58b4d0a7864033a4e6302.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8f3c1316-26f9-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689856378, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689856378, "uuid": "42d7190b-4e92-4290-8fe3-a5c2098d0d98", "comment": "Malware payload", "value": "7ece70cccfd40e62ce5feadff2acf4d1", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689856378, "uuid": "4e529cb4-09fe-41b4-a778-5dd7db11214e", "comment": "Malware payload", "value": "0e8cba2dc7d20274933c80e7c5d6a4e22bb935b00748429be87a756ae206705f", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689856378, "uuid": "335d00b7-24b2-4d84-86a9-473d583887ae", "comment": "Malware payload", "value": "31f3dbb011d8b3713d98227e71bfac9ff2029a55", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689856378, "uuid": "9fb93d46-9820-4578-af51-4f37390a9a4a", "comment": "Malware payload", "value": "82527cdabf1896897855efe7e9bccef9e9ae307acc2d3a5486fd75132ce9ffda25aea2a0aac163ce4078b424b9af7fb5", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689856378, "uuid": "6ef03cbd-02ce-4e04-a833-05f62588e77c", "value": "T1A3234C0262A2C073F2EA537438A466215D7F3C316AF0408B6F8B297D6EB17D15B78B57", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689856378, "uuid": "29fe7a22-96ce-48f9-b249-3c0d9a418f04", "value": "8735daf06cba4e1ed00bad4c4053acc8", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689856378, "uuid": "64cea24f-9522-43cf-8cc5-30d4f42694fb", "value": "768:NBADBrsmAFKvE542QtlxCU3yiaihmE/9GFUg8NhDcmmnTED8N7vy:NBADBQmAAX0U3yiphH/9Gx8zDgFU", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689856378, "uuid": "02546f27-3d94-43b5-9c1f-e07204a7d88e", "value": 49152, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689856378, "uuid": "29dfb59d-bbde-47b3-b688-6979e7ad7505", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689856378, "uuid": "8d1b0b5a-865d-4991-9f65-9206501851b7", "value": "SecuriteInfo.com.Win32.MalwareX-gen.5513.12173", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0b541112-26ce-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1689837689, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689837689, "uuid": "d0526024-abdc-406e-8aa6-0344c58057c8", "comment": "Malware payload (RedLineStealer)", "value": "4cd2e5b028941f82914293c0be110810", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689837689, "uuid": "a18beab2-fba6-4551-b646-2adefb38cfad", "comment": "Malware payload (RedLineStealer)", "value": "0fcedda9880a4fde053b44d2ef2a6b90a87db74ea8ef6e1605822364dcd8a881", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689837689, "uuid": "0654caab-c2b5-4059-b9d3-457fc03f3080", "comment": "Malware payload (RedLineStealer)", "value": "9fe5e00f5defc489fae2355ead82831df654a13a", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689837689, "uuid": "9109ff66-155b-43f9-a688-7e0ef9b8405f", "comment": "Malware payload (RedLineStealer)", "value": "3ae6fdbbfbf93cc9cd4720608bdaa478934610ac3640c783735963113497e7dc659791b97f4e007007459944998ca96e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689837689, "uuid": "ea976a6e-b3a8-4462-836b-988c857e53f7", "value": "T18F840153B7E98033D9B127B05DFA12971F39BCA1AD38836B27426D5A0CB3190A53177B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689837689, "uuid": "67907a9c-c2ee-4e96-bcb9-4f0cbd57ad98", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689837689, "uuid": "82c2eb8a-bc2a-4d23-8159-cde7c685a358", "value": "6144:Kvy+bnr+8p0yN90QEP2QZUjtQ5JZep0uGXbA6I:ZMrky90C2sDGbI", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689837689, "uuid": "a77f8f71-05dd-49d9-bea4-66864b2c118d", "value": 399360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689837689, "uuid": "9faf8bc6-24ba-4342-9c86-6727f38227e7", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689837689, "uuid": "2edd45e1-06a2-4fc7-ac57-992a566c4d60", "value": "4cd2e5b028941f82914293c0be110810.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4415b717-270c-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1689864413, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689864413, "uuid": "174300ed-771f-47f3-85f8-ff020ab4df8d", "comment": "Malware payload (RedLineStealer)", "value": "839d6cbb65ab2966767e4b6619f14874", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689864413, "uuid": "8f22dba6-b91d-4af2-9eb1-1916506d25f6", "comment": "Malware payload (RedLineStealer)", "value": "0ffe096e263b93450e971cb1485fd907b6572638228a1cd9ddd1575a866c6cc9", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689864413, "uuid": "4b89439b-9d31-456b-90e8-79f9163f336e", "comment": "Malware payload (RedLineStealer)", "value": "61eaff80a6e4d47548a7a4c597ed601413b23f1d", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689864413, "uuid": "c7386565-fa71-4f13-b32b-bd976ce5739e", "comment": "Malware payload (RedLineStealer)", "value": "502d90ca87f0dae31375bb92b351f855272db3bf82f5c0fdee1b74f8d8fe1aef0dd470f7adcf404e3909c6046ce60e26", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689864413, "uuid": "60bf6771-0a56-491f-ab3a-24a261985f0d", "value": "T128B4F103BDC194B2C46208325B69AB21A53DBE201F65CEDFA3D42E6DDD311D1EB357A2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689864413, "uuid": "f8b2a771-3130-4cab-9389-eb8b8be9dcc0", "value": "12e12319f1029ec4f8fcbed7e82df162", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689864413, "uuid": "b5d9ee16-3d8f-4e93-8c66-83c7ef19a5f6", "value": "12288:+ToPWBv/cpGrU3yDT+tjIkCU2T3G2VVHiwDbq2XBjU42:+TbBv5rUlI1xzVVHiwD9RA42", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689864413, "uuid": "51124913-f700-40c3-9dc4-a58e24a0c4c9", "value": 536026, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689864413, "uuid": "9f38ff59-c428-47ef-b354-f982a2f2f650", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689864413, "uuid": "61cfad56-8a5f-4881-afbe-402b156a4d09", "value": "839d6cbb65ab2966767e4b6619f14874.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "65e299da-26d4-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1689840417, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689840417, "uuid": "dde6d0f0-d66e-4602-a563-06c1e2c06884", "comment": "Malware payload (RedLineStealer)", "value": "83fd843c597d41f65ddac1356476f252", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689840417, "uuid": "2340d0bf-4f3e-4614-bd2d-a16fe6786c54", "comment": "Malware payload (RedLineStealer)", "value": "10e74ddc2aef5235c9cea7022cd693d5cb3628cb41ddcdc0c9a2f65b11b9c950", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689840417, "uuid": "50f943b7-de5d-42a2-98b4-92f909d4efd0", "comment": "Malware payload (RedLineStealer)", "value": "c6f8d3da08e5caca33a55f050a2983df037b86e7", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689840417, "uuid": "d726101a-615c-4cad-b718-8d86b87ea741", "comment": "Malware payload (RedLineStealer)", "value": "b4ec407501db4620e4349557150966cb94f9c5249aff0227e3eee76c3e07dd4a29466bd23e7bcc032f0181ea67fedd41", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689840417, "uuid": "82314103-7a57-4b7f-959c-1c557de304a6", "value": "T15084F112A7D84072EDB627B018F726D30B39BCA26C2583AF2356954E1D73690E97137B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689840417, "uuid": "cc1da5fe-9df8-4a71-b110-ac14c2e5df8c", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689840417, "uuid": "9ec49b24-ace8-4c89-ad4d-60100b8589e2", "value": "6144:K6y+bnr+5p0yN90QEuqh/w6kW2nZN2UffmDGxRn2lvXkf9CcHnlRHI9CcjGNk5yI:6Mrly90Zh4jX2r5k4cHnl9ZfNEyI", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689840417, "uuid": "8464c3f5-f685-4e87-a194-a7a4686aee90", "value": 399872, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689840417, "uuid": "2d04900e-f377-49ef-9ec9-fb323c4a1ea0", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689840417, "uuid": "2bf510c4-4af0-46b9-8fe2-1c4bf426548d", "value": "83fd843c597d41f65ddac1356476f252.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "544ee6cc-2734-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689881620, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689881620, "uuid": "9611c438-46ab-4d0d-9fcc-8a70dd6aa5a1", "comment": "Malware payload", "value": "bd9d8f8221dbbd48b43c7e2cec974dab", "object_relation": "md5", "Tag": [ { "name": "ASPXreGeorgWebShell", "colour": "#818291", "exportable": true, "hide_tag": false }, { "name": "webshell", "colour": "#DEA34F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689881620, "uuid": "1ca7d422-5c77-4655-a5f8-5a365951817d", "comment": "Malware payload", "value": "112eb5bdbb1b0b04a7c03e698449c0fccd4bc5cd8cfb357fa11dfcdc0c696038", "object_relation": "sha256", "Tag": [ { "name": "ASPXreGeorgWebShell", "colour": "#818291", "exportable": true, "hide_tag": false }, { "name": "webshell", "colour": "#DEA34F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689881620, "uuid": "07b75cbc-16c1-479f-bd08-8cef69a9d67c", "comment": "Malware payload", "value": "a69248e2b519b9fdec9f96add03a735245b839f8", "object_relation": "sha1", "Tag": [ { "name": "ASPXreGeorgWebShell", "colour": "#818291", "exportable": true, "hide_tag": false }, { "name": "webshell", "colour": "#DEA34F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689881620, "uuid": "73deef84-90c1-4a10-99df-1742cb4055df", "comment": "Malware payload", "value": "5f3edb8ab7ef335ed7372c183f9eb04ac27c73da90cbaa535fe00ed35fd7515c5bc281b35f9d3feec3ef2999af50c810", "object_relation": "sha3-384", "Tag": [ { "name": "ASPXreGeorgWebShell", "colour": "#818291", "exportable": true, "hide_tag": false }, { "name": "webshell", "colour": "#DEA34F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689881620, "uuid": "767c120f-3f80-4128-a8ec-e4ea0165d496", "value": "T19D1264066D09AEA74273A37EDF638848F73291370399F267BC5D85112F7441462B1FE9", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689881620, "uuid": "841ec8e0-21ec-49f8-a70f-8751c0c03dad", "value": "192:C7aZlo5BqF9M9C+wbG3X6+XsjrZET3njtCju+G:CeU5BUPbUX6+XsjrZqjtCjuT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689881620, "uuid": "43973d99-a157-42b2-8229-611be3134f21", "value": 9182, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689881620, "uuid": "fe79b77c-5dfe-4377-9170-56fe75e0bd50", "value": "text/html", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689881620, "uuid": "8fcee52d-1ec7-4ca6-a42e-98c9d6237343", "value": "JC80YcAE.posh", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7b604a98-26cb-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689836588, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689836588, "uuid": "41bd4274-46b7-423c-8fa2-c5afbcab5fa5", "comment": "Malware payload", "value": "88bbb0b4484daec3d6a1c49e321d08ff", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689836588, "uuid": "62adb900-1a92-466f-86b7-08a222d76967", "comment": "Malware payload", "value": "1132da9239fd317b5c620cb8206c59973964b0d43afb1396f2f453e82f4116a9", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689836588, "uuid": "b8b2844e-04e1-44dd-a048-074580041604", "comment": "Malware payload", "value": "4427c667d0c6c0e2cb7d5694724198f30e0fd694", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689836588, "uuid": "f7e96a26-b558-4e12-ba8b-eaeba86f0093", "comment": "Malware payload", "value": "687299fe210fdf120639b052b339afefd465b37681ff51c66394dbb98182d7770f938079c68f2d589a775649d5fdae81", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689836588, "uuid": "d662105e-48b3-42a0-a15a-7cb04d1395ba", "value": "T190252383CBA59F18FE37A9B1D162697662280E697C556E0E43BE08313D8747FF387102", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689836588, "uuid": "590d080b-0aa2-4dfd-bba1-b16b06da28e1", "value": "24576:SR3Ptx7DwqyOKy6aM8RTecvtPwUyAhdBP7HM09SJRDOE:s35PM8RTeKtDyAhdV4BDl", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689836588, "uuid": "f80bb102-7883-446b-b4ee-32a9371d878b", "value": 1048576, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689836588, "uuid": "c410282b-b689-4d85-94da-c2f86464a716", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689836588, "uuid": "d3613e1f-2ac2-4595-9a43-b845302c6b6c", "value": "88bbb0b4484daec3d6a1c49e321d08ff.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6a327422-2694-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1689812937, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689812937, "uuid": "94c81ac3-dcf0-4e51-bd9d-965ab53b3bd4", "comment": "Malware payload (Formbook)", "value": "34310f18ab6e3d2e2706869b822360df", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689812937, "uuid": "4e9af245-7bdf-40e9-a432-b307b7b04864", "comment": "Malware payload (Formbook)", "value": "1141e3274e5eafde4e0cb3db98b685821aa34d0a7bec8be531b06347f202b027", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689812937, "uuid": "a38004c9-0a57-4d7f-878c-9b19aaf05a80", "comment": "Malware payload (Formbook)", "value": "22d30485504246888605acd4d03f99f0e1ad85f8", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689812937, "uuid": "5836d810-3ed1-49de-8c91-fb1d84182537", "comment": "Malware payload (Formbook)", "value": "e25efd5b37772ee404a96df73818da975404220521448fbfc5a445a0a10b7251045a8637c889a959c2569fdc357e0e0e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689812937, "uuid": "bf687b0b-47c1-4db9-a394-ff30426383d0", "value": "T1D854122D81F0C893ED935E714E7E56226EFFA6002831DA9F57905E18BD7A391AD0D312", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689812937, "uuid": "6c14a844-fd37-4dcc-872d-c0c1d4b9bf00", "value": "61259b55b8912888e90f516ca08dc514", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689812937, "uuid": "b4e33b36-6564-4776-977f-a84a1f108d01", "value": "6144:/Ya6eBQBc1sJmws5l0FxiMyKlkIW+EoOPDVH:/YoTSJU5l03CKljEPDl", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689812937, "uuid": "a88fe599-6ec4-4837-8d21-f03bd3a30669", "value": 279471, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689812937, "uuid": "b4c7ce89-d2d8-4bc6-be21-f3cf17e94674", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689812937, "uuid": "709c6ccf-818f-40c3-b5ee-2baa975267db", "value": "SecuriteInfo.com.Trojan.NSISX.Spy.Gen.24.20113.24353", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "72b6ed70-2693-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1689812522, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689812522, "uuid": "4916b503-5767-4bdb-b5ed-a5e70a8b9e13", "comment": "Malware payload (RedLineStealer)", "value": "745628ee56865d0007177ba0c2ca68e6", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689812522, "uuid": "853717c9-4b22-430c-bec8-e802c721bd25", "comment": "Malware payload (RedLineStealer)", "value": "116b4fa2541f40e452d7aa04de03095d97a8fcb5d2f118ec60b112e228d42062", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689812522, "uuid": "9d1c61e1-609a-46b8-bf88-66f6258d95f1", "comment": "Malware payload (RedLineStealer)", "value": "4a9df4f0697895f20b16a9694b82f8873b719069", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689812522, "uuid": "aba6d85e-5a0f-4215-876f-417e08380cee", "comment": "Malware payload (RedLineStealer)", "value": "af0820ebd8b000c5de9f5802abebe49503f91e8afd71c3cd3f7f1eb3941771e52d92218f970938b4bedadfdf2b2c2aa3", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689812522, "uuid": "c6b744b4-c41a-4877-8125-f66096f17cc8", "value": "T16574E01177A0C433D07B6A301531DAD12E3ABC716BB5A1CB37183E2E2E786D16A39B57", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689812522, "uuid": "f705271b-a955-47a2-9864-d4e7523b9260", "value": "56773f73f989bad299a87e406c009a58", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689812522, "uuid": "dba6be81-e2af-4791-825c-bf3e40a340bc", "value": "6144:JsfI5Qq6biGQXqRvj/Se9RK3qBOqMqd9RbVdfOPSS:Jbuq6b04j79R8qd9NXOqS", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689812522, "uuid": "2f97b6cb-37c5-49c4-83d1-0ac879614190", "value": 360960, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689812522, "uuid": "a3a2c5b8-a347-4de5-8cb5-33c1b89fbe8e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689812522, "uuid": "4739426c-7462-4718-adbb-89b42552c517", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "277f3489-26d0-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1689838595, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838595, "uuid": "3a612d60-935f-4cfb-8b44-adbf0239d2f9", "comment": "Malware payload (RedLineStealer)", "value": "d9913d9f643c9aaedccb2c7e055ed031", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838595, "uuid": "eeced7e5-502d-4580-a437-ce02d38fc6ef", "comment": "Malware payload (RedLineStealer)", "value": "1208df413315575653953f79f71da4afa0f3816339cca881a3bd12be0cc7f0ab", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838595, "uuid": "7e5e7f02-5ebe-4233-81df-1ef389ee184d", "comment": "Malware payload (RedLineStealer)", "value": "f9812f588b1a16b6d292bd553695404858dae7b6", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838595, "uuid": "4c1f7e65-c31b-4b13-b024-0a4ec8a275d5", "comment": "Malware payload (RedLineStealer)", "value": "b7dad1f37c2a6a65765fc2591d85a44b9c6efbbabd1a04c6405222a0031a9a2a39475c2e8849bba847f293bfca5b60a0", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838595, "uuid": "b61f7511-9262-404c-ad89-b6946581bdeb", "value": "T103B41246F7E86433F8F9637049F723870A37BCA28AB5431B27DAA41A09B25C59175337", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838595, "uuid": "4a97d9cb-0bf8-41cc-bdc5-e191778011a2", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838595, "uuid": "1c0f5781-aa14-4c1b-9370-5dda4380723e", "value": "12288:KMrxy907uK8EElOOinxnMP+vIPGBEARwMrXu72wuL:TyquPo/nZ4LPGBEAdrXu7bo", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689838595, "uuid": "35466fb7-9ce8-43fe-86f2-4e17140b775b", "value": 527360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689838595, "uuid": "69e66dee-e2b8-4d7a-94ae-7edd3254e3aa", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838595, "uuid": "9be03d3c-37bf-4058-a408-11e519f6ea4c", "value": "d9913d9f643c9aaedccb2c7e055ed031.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "529ec571-273f-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689886341, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689886341, "uuid": "67f4c6b7-ec0a-4961-a6e6-78ccd41d68ea", "comment": "Malware payload", "value": "02910edfec3c8a615e46013857e264e2", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689886341, "uuid": "6f6c6682-6379-4f8e-bbce-1ff94d06f5e2", "comment": "Malware payload", "value": "122b415e05176b7dacd00480c811bd68141ce3d793dc41f255e9557f7170898d", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689886341, "uuid": "44e48a21-9c7e-4897-980e-ba67fa20b368", "comment": "Malware payload", "value": "b0542b5d4a01bb2248d6b0b8522270cad66ee515", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689886341, "uuid": "dba75d1f-5b07-4353-800f-fd4468b8f769", "comment": "Malware payload", "value": "235c5042ad7c367ef66b9fef0bd4bae5d4a084158593bd3677da0cec42e41c09ec62bdeaab9de4122f0f45549860cde2", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689886341, "uuid": "48bc41b3-203c-4d52-883c-6be8e84d1adf", "value": "T1A9843CE383A13D45E9254B728E1FC6E8760EF2508F497BA5E2199A2F04F92B3D173711", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689886341, "uuid": "47275f29-408a-4874-a822-fbc2a6e4a76f", "value": "9de2ee79b7674f53e928d4abe630aabb", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689886341, "uuid": "d6e20a81-35dd-4c7e-acda-1634492b1844", "value": "6144:BYQL96dcGJYr/uxzMGOzWY3lo6C7OIHz1+6M0wlO:aQR6d/JWWVu3DC6kzcnlO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689886341, "uuid": "29a88552-8ebb-44ae-ae77-6b0731c7bf2c", "value": 378368, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689886341, "uuid": "b4461fe4-af41-49ce-a1b4-57b4defceb82", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689886341, "uuid": "2238edaa-0dea-46ca-bb37-09129c81a43b", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "338c4386-26d0-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1689838615, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838615, "uuid": "559f8019-63f6-45f9-813c-999f484afd2e", "comment": "Malware payload (RedLineStealer)", "value": "cf6809e9e8bb20cf3fac50872e8f28ae", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838615, "uuid": "4c88126f-084d-4684-b8ad-a06722895602", "comment": "Malware payload (RedLineStealer)", "value": "132b4ea4fb442c501afaecf9c88242e2d2bd3cfca6cceb2fb3b4f610dbd1eecd", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838615, "uuid": "996e0af6-53fb-4642-867c-dd67943bae01", "comment": "Malware payload (RedLineStealer)", "value": "601dd183283b57368370eba9d3b5c20b9bf410e5", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838615, "uuid": "c94fb585-dcbb-4f64-9d44-5719a57a671c", "comment": "Malware payload (RedLineStealer)", "value": "b2804abe1310c8cec5ba4aec8c8898ab3b2c3ce73b29b8f62a715a70104288cbb3e0cd85a909fcd9187979a6143a2571", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838615, "uuid": "4da1a2a1-26df-4f68-ad9e-c265a342f27a", "value": "T1A0840213ABD88033D9B517B058F703D31B3ABDB65978976B2702A85E1C73684A93173B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838615, "uuid": "0ac509cb-be55-4de3-9ec9-3d573503e729", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838615, "uuid": "bf2447ed-0f21-41f7-a5f0-9d0058bd7d8a", "value": "6144:K8y+bnr+zp0yN90QE7LetLJSRHf6baT5E5CXF2l8Iue3XvC6JpEBUUyYweE/0X:gMrjy90A/05xXF4TuAxEqDYweP", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689838615, "uuid": "c0681721-2fbd-4714-b2e7-008cff853f1f", "value": 398336, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689838615, "uuid": "ac05a223-834f-430b-9c2a-e8a16d77ae76", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838615, "uuid": "59b52983-960d-409f-9514-356df9dcb485", "value": "cf6809e9e8bb20cf3fac50872e8f28ae.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bccac75a-26ce-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1689837986, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689837986, "uuid": "d25b6fb7-6ba6-49d9-b0ac-3792fe14c98d", "comment": "Malware payload (RedLineStealer)", "value": "7b846a1dc7f00180909f023ea91135ff", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689837986, "uuid": "fa8b5f2a-000c-4f8d-8e8c-600eaee5108f", "comment": "Malware payload (RedLineStealer)", "value": "14e75dc508ddbdc7e6436e0cb7c2f38e82700abf941eda7aa190125d816fc49e", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689837986, "uuid": "7b264daf-53a3-416a-adbe-10a0f06ed9a6", "comment": "Malware payload (RedLineStealer)", "value": "d37ecb8cd31d98600dd1437216453d44e59142c7", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689837986, "uuid": "4ca192a4-af7e-413a-b383-37554e42b16c", "comment": "Malware payload (RedLineStealer)", "value": "0cfffecdb5dcecefd5986a46bff69f1b06114607ce692485b41d2f4cc4d4b67ae3f0ec6ed79a4a7e5d2ee09bb8b6f28d", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689837986, "uuid": "4cf119d1-e0ec-4477-8d67-1132a743b7c9", "value": "T15C840206A7E8C072D9B517B068FB43831A357CA15D78437B3B97581E0DB3690AA3277E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689837986, "uuid": "5705faca-42cc-4690-9430-7e2f3a743f50", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689837986, "uuid": "3b0859b5-9b21-4d34-a3f0-e9279032c14c", "value": "6144:Kay+bnr+Mp0yN90QE7HzxLuXBAIzJ8b9UbIYZgf8UEUunjOFeEY42JwSnkbE:WMrwy90pH0xAq8b2M81XaF5QmE", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689837986, "uuid": "ac4e1230-4a17-4a35-b491-ec93e061edc2", "value": 399360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689837986, "uuid": "7f7c10e7-3645-46e1-8fc5-ebf874e1f4b9", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689837986, "uuid": "ff2818cf-79b5-4810-904c-fbb822aff59a", "value": "7b846a1dc7f00180909f023ea91135ff.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "affc0bcb-26e3-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689846984, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689846984, "uuid": "71c2a3d3-72e9-4ee3-a23c-cccbadee06d9", "comment": "Malware payload (AgentTesla)", "value": "831411cb51d80812e38bec19af45f9d4", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689846984, "uuid": "b0769733-9f32-4b82-8f2b-5d263ef46643", "comment": "Malware payload (AgentTesla)", "value": "154698b85e29d0a57c9a84259848081e12e9d666ebbefd65058fa8bd8bce7525", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689846984, "uuid": "94fecf1f-c0e4-42ea-81a5-c7d485d8df6d", "comment": "Malware payload (AgentTesla)", "value": "48c5451638507189ef807afd7c7aa8d8f764aedb", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689846984, "uuid": "85216584-bce3-46cd-bc48-abe186172991", "comment": "Malware payload (AgentTesla)", "value": "35c5b6680815cebdc79539a6c3804ae13f6f3187e0edf568aa42aa8b5ca84976a5fadd2120e59e602948d1ff934aca70", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689846984, "uuid": "3421e514-ea44-4ea8-9209-71602a82676c", "value": "T1D3D42344B167492FD0AB0F76844513BC522CAEDA793BD34B9F2FF266FF1960B49A1240", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689846984, "uuid": "b00941e9-e11d-4082-b866-cc7b9a5582f2", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689846984, "uuid": "80c0f74c-3cdd-442b-b02c-c5471dba4efe", "value": "12288:3S6ln+flo/XciMvdBxzCwj+oHDKMCbPEumiqCvIm925EiY4U89LQoFHVBs6cSjYZ:iTdCjEdBxZOMEpmizkvnfyo1BsdUg", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689846984, "uuid": "07049a17-60a5-446b-b30f-52d313fc572d", "value": 627712, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689846984, "uuid": "82f744a5-7b09-4d9c-bf32-0b43f7ba68fd", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689846984, "uuid": "8467a069-4d4f-45ee-9c86-8165d772c1fe", "value": "PAYMENT ADVICE.pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "361411ab-26e4-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689847209, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689847209, "uuid": "aa2bc283-4012-4437-bc50-fe3ae646efc8", "comment": "Malware payload (AgentTesla)", "value": "2ea006ca42b6a1e2b79e749722656e47", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689847209, "uuid": "58a15dbf-3587-47f4-8277-7ac44ed05fbb", "comment": "Malware payload (AgentTesla)", "value": "15f5262b2a712130193850547e2d45da8c924f75df855855b6a0c2b4b333a821", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689847209, "uuid": "573b42a1-b47d-4a49-8d57-57937fd77a6a", "comment": "Malware payload (AgentTesla)", "value": "347702ae7e92ba3c7881339a4e76c395961c6740", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689847209, "uuid": "074afa3e-1058-4e6f-b59c-d96edd5d4e0b", "comment": "Malware payload (AgentTesla)", "value": "75657f3183764af2dbd9f1cc4e5d06fe044cfe483d7399ea1d3aeab6b2d759532ac219843cd9db8f2f662781fc389cc5", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689847209, "uuid": "dfc355d5-ef54-4099-bb90-c51e66b4bfa3", "value": "T179D41204AB98C727C4FE5BB96B30570053786F873416EA0A4FD7EDEA747BB005624A63", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689847209, "uuid": "9bf7f0bb-ea16-4c13-b2f0-339da3e907c5", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689847209, "uuid": "46178157-c61d-48a4-a0aa-0ee1439802a7", "value": "12288:8PYPfY7DOel3ymw9MurgEB2eX0S61UQlYG4lFL9WO:8PYPg/d3yD9X1Mex61UQlYbv5WO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689847209, "uuid": "13750b2c-5d80-4268-b516-9d630e6d7085", "value": 647168, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689847209, "uuid": "5ffb8f53-f2cc-4261-9724-08c060919b9f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689847209, "uuid": "93fe2c7a-0cfa-42c5-89a5-bfc89f1ee86c", "value": "PAYMENT SWIFT (MT103).exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "38873a92-26d0-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1689838623, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838623, "uuid": "0d689b98-83df-4e7f-b940-1fbcbe1819d1", "comment": "Malware payload (RedLineStealer)", "value": "e7c6537a13fd0c1233bd03ef3d5cc945", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838623, "uuid": "78b73758-e1d6-4b5d-8f65-61df39eebd04", "comment": "Malware payload (RedLineStealer)", "value": "16224b3dfba61b3e68f185f3dbe26d529068f81175b3faa7a016dafc2473dee1", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838623, "uuid": "8bdeeeb9-1059-43f3-8a16-dbe6469079da", "comment": "Malware payload (RedLineStealer)", "value": "b14052d5edea41717c97b8e3f446477b8f38cd07", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838623, "uuid": "6cb7ab8b-fd59-4c6f-80fa-62810638a325", "comment": "Malware payload (RedLineStealer)", "value": "78881bd6377bdc91ff61c3bc69f68eb1b101dc3cd75eb8ba05e14a159f908ff8096e97cfc073fbdc55b797ef62c58a41", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838623, "uuid": "c98361c9-2985-48a7-a518-963e0aa38dc5", "value": "T1B6840143BAE88073DDF927706CF603C31B3AB9625D34876B2346654E1CB3684A57276B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838623, "uuid": "85a7f7bd-7e81-439b-ac17-66aa4d44cb0d", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838623, "uuid": "7ccfb4f7-c448-4733-8f7a-b67bbc31ac63", "value": "6144:Kty+bnr+Jp0yN90QEZ9U0dI/ro6L8UqOuBWZg57EYCcHnlRHh3sm44fLLlm++5:3Mrty900/r6Xa35cHnl9mmHva", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689838623, "uuid": "2f032c57-304a-4f9d-ae78-775ffbabc646", "value": 399872, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689838623, "uuid": "287b61d8-469c-4d41-9c64-6df763aad608", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838623, "uuid": "5052384f-29ce-4e6f-a82d-d89858ffcef0", "value": "e7c6537a13fd0c1233bd03ef3d5cc945.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9a8e05e8-26e6-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1689848237, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689848237, "uuid": "1392a17b-9458-44c3-a2d6-f2c0e06edfc5", "comment": "Malware payload (Amadey)", "value": "d162a73e46f1d86473a90e9829a207cd", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689848237, "uuid": "e0c24a3f-6bab-483f-8197-5115bb9441e0", "comment": "Malware payload (Amadey)", "value": "1732f5e9f764c7b81edd13b467017264adbc58630b0bb744017bf7c76a996abb", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689848237, "uuid": "35ce2759-d6d4-476e-903d-e834599f46a6", "comment": "Malware payload (Amadey)", "value": "c20185784d6d15952a0882375574f900ea7a75f4", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689848237, "uuid": "31d078fc-4c2a-4fe0-8e34-f6c72c6c59ba", "comment": "Malware payload (Amadey)", "value": "6d82600ad55c60e75b63a2774b6537e2212204e7e49b0748b384826904136a980cc257ae626e5fa1ba0a3fcd9360fde6", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689848237, "uuid": "077c5a78-fc2d-4d87-b2a1-678056d5b6b5", "value": "T15D840113E7E8A032D8791BB059F716831B3AFC91AD74832F278568991CB35C5A53273B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689848237, "uuid": "7b3d20b4-31f4-4e36-b839-297ee6704a07", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689848237, "uuid": "26b2eea8-2896-47fb-9c26-2b61b8f90dc8", "value": "6144:Kiy+bnr+ap0yN90QEdYEhQIPo19uzDxAo42CfK9PA/EPjN840M/5doc:+Mruy90jYK/1UcN840M9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689848237, "uuid": "b1ad33e3-ffce-49d2-9c78-5a8ae2476786", "value": 399360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689848237, "uuid": "797b0c7f-885e-40be-8783-6a0375d965fa", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689848237, "uuid": "86bfbd9e-830c-455d-8332-984b9d64cfde", "value": "d162a73e46f1d86473a90e9829a207cd.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f7085c6c-26e4-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689847533, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689847533, "uuid": "9e0d803c-c667-426b-a9e0-aa433824bd90", "comment": "Malware payload", "value": "5ec02a77bbca9b74d4482f74a357758d", "object_relation": "md5", "Tag": [ { "name": "cve-2017-0199", "colour": "#B8DD67", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "docx", "colour": "#0DD1A9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689847533, "uuid": "4350ee0a-cff0-4be7-aab6-52fa40911c27", "comment": "Malware payload", "value": "191ccfd66985c3fe3e747d7c2c9c5ed359d1bf5e8fd0569b71b4770313c4d942", "object_relation": "sha256", "Tag": [ { "name": "cve-2017-0199", "colour": "#B8DD67", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "docx", "colour": "#0DD1A9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689847533, "uuid": "f47d7397-b81c-4967-a309-165dfcf7c5d6", "comment": "Malware payload", "value": "abf08cfb9787a9d9d6c602b7cb9fe6442cb6d519", "object_relation": "sha1", "Tag": [ { "name": "cve-2017-0199", "colour": "#B8DD67", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "docx", "colour": "#0DD1A9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689847533, "uuid": "baa88566-37ab-480d-aacd-2374f931dffc", "comment": "Malware payload", "value": "c9d45ccc9da7eacb0aa3992e30538c39c85809f6116b5a8fc8b7f7bed2d91c3f7d41af9e08893233da753956920f689a", "object_relation": "sha3-384", "Tag": [ { "name": "cve-2017-0199", "colour": "#B8DD67", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "docx", "colour": "#0DD1A9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689847533, "uuid": "d6d48161-6639-42e7-adb8-0a65acff2dfb", "value": "T110F2AFB285D2C90FD3427D3987862508D378B227B655738376748D9D8ABF9CE2E7050E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689847533, "uuid": "cb69ec0c-9bd1-4bd0-b7f3-6d3d04c901fd", "value": "768:8IBN5f4ZuQlFHA4tIgglgUS6s4O674fiAMe368R09Cm+fiAY4O60fiAnt4O6vNiE:8tE0NXtIR3s4KKCd09YK542Kst4b", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689847533, "uuid": "d7d7e67a-041e-4d9e-96bd-9ece898182a6", "value": 36177, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689847533, "uuid": "a00b9475-ddab-4893-af61-57e5bc36dee1", "value": "application/vnd.openxmlformats-officedocument.wordprocessingml.document", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689847533, "uuid": "2cd57710-dd2b-4767-8705-8c4bab06e3a1", "value": "PO #9302902.docx", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e4b69caa-26d0-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1689838912, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838912, "uuid": "e692419d-9f4f-4963-add8-0b6019f109db", "comment": "Malware payload (RedLineStealer)", "value": "7a859585a1c2851ff7a04f77df90a55f", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838912, "uuid": "8267a577-2c27-4066-8b9e-68b01ba47126", "comment": "Malware payload (RedLineStealer)", "value": "19d651b9ea9c5dd8ccaa989f2956cbe0fe87d9f72b48ca73d80dc876368ea9e9", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838912, "uuid": "91bad2dc-67e8-4022-82ae-56a77eb2a779", "comment": "Malware payload (RedLineStealer)", "value": "149076229d3f1bb5733776ba77662352fec3c88f", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838912, "uuid": "f886aed7-9d94-4d3e-b20b-ce41c80ab8de", "comment": "Malware payload (RedLineStealer)", "value": "3155825540fb8b2358b28bc643d07f4d9d2399433c79484ffe49c10a564a505e0978978058f286a4754dd20058226a77", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838912, "uuid": "e1530c52-66b7-4bce-b7f7-994e78376b47", "value": "T15FB41203B7E88063D9F52BB06CFB43931631BCA59D6893772342A85A4DB36C4643677B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838912, "uuid": "8228773a-0685-4fea-a1d3-5a3e1d5666bb", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838912, "uuid": "4e083f20-2633-4b68-8e2f-be5005a52b60", "value": "12288:lMrHy90K6Oea+qMbzzxDYOALoXzRKaljAtuPQ8SNVfljQ7V:Sy8OeAMXzxDvAEXVpWxjPfpQp", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689838912, "uuid": "8868607a-3805-475c-b85b-3f2e3592e424", "value": 527360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689838912, "uuid": "809147a2-297b-4298-b090-ea6570f63e16", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838912, "uuid": "b6437c0f-ca09-435f-9d6b-a90df81790f8", "value": "7a859585a1c2851ff7a04f77df90a55f.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "642e081e-26e4-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AveMariaRAT)", "timestamp": 1689847287, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689847287, "uuid": "eaf03d42-6dbd-40d1-a32b-fdcd3cc52f23", "comment": "Malware payload (AveMariaRAT)", "value": "c08871ba4743e594bd61e05fdcc2bcec", "object_relation": "md5", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689847287, "uuid": "03f47852-5215-4ea1-88c0-6db475ae76ae", "comment": "Malware payload (AveMariaRAT)", "value": "19dac20bb0a8c086fa2d67c6097cc2931a0dddc6fe9d9b4cd4d7e32ed961bdd9", "object_relation": "sha256", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689847287, "uuid": "051c43fb-fd5d-444a-8022-096a06e0ec98", "comment": "Malware payload (AveMariaRAT)", "value": "a2b5c78e4b061d56f16c3d37d7b52f668befd310", "object_relation": "sha1", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689847287, "uuid": "b6e1492f-3993-4b77-957d-36a4bf32d101", "comment": "Malware payload (AveMariaRAT)", "value": "528ec92501c0181a34846c08ef144cbd97c5ab3c8a2bd8924d9b8c79a50167b60cfa38359cb82a02a03f244a3673ddbe", "object_relation": "sha3-384", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689847287, "uuid": "8357dd5e-5dc6-4fc8-a8f2-a9575467555c", "value": "T10284CE2E5ED211F8C5A88870F7FDA5EDA9F6135F68526BEB508042F9DE2175F30060B2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689847287, "uuid": "3dc8f489-015c-4c15-9c05-2b09bf31f6a1", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689847287, "uuid": "4c22606e-9d5a-4d6a-ab26-008cab710402", "value": "6144:q+XYDIdyvkfesBJtKsXbi/kwAMVfVYVl5L:q+XY4yvkfZKsXbi/kwAGfVK5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689847287, "uuid": "0a5ba679-a5cc-4c82-9730-5569dbc7d3f2", "value": 389120, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689847287, "uuid": "9135f854-e823-4c22-835f-513e48f728dc", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689847287, "uuid": "b6a1a068-4093-4ed7-a039-d8d2fc30ba58", "value": "PO_24656-2023.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6aa5f4f0-2707-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689862330, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689862330, "uuid": "7e579420-6bd5-465a-b7de-2f29214bc379", "comment": "Malware payload (AgentTesla)", "value": "afd92bc6589fb29a6ba6e54bef2dc68e", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689862330, "uuid": "79c9de8f-f4f8-43a7-a41b-3e5715f79830", "comment": "Malware payload (AgentTesla)", "value": "1a245dd2d65396f9d5530ffd64b85a782218546939597f641edd40ebfaa84905", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689862330, "uuid": "e2580b3e-efa2-4115-90e8-4c27b33b99ba", "comment": "Malware payload (AgentTesla)", "value": "fbfa163ef37979618ec88714f537b9561ced7065", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689862330, "uuid": "f9d1679f-b874-4271-9bf1-2c5ee248f8c3", "comment": "Malware payload (AgentTesla)", "value": "050cd313c34b5862fb1bc31d8882111909766f1799b480fe966623d505aeaa4402fc59a7bfd56d9eba85c433998b438c", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689862330, "uuid": "e23f3d66-19c6-4073-b301-9309b17820a5", "value": "T17ED4235969B7896EC7AF4F7984C822F8421D8FD7FC1BC357AF0FF021AAA760A4454052", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689862330, "uuid": "8faaa178-9208-46a0-9a8a-090f01adf9fb", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689862330, "uuid": "67d7e52c-e653-4145-9a05-6384d554f322", "value": "12288:8S6ln+flo/XciMv53g7dQwAyuBEzd4CRQhpi/B8QBO37EshdNri0WR/uUO5oxW:1TdCjEtgwyjd41piZ873v3NrmGUOWW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689862330, "uuid": "a56de87e-e463-4a89-b939-7e09c3121bb9", "value": 631296, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689862330, "uuid": "83448ed4-7482-41e4-b0b2-e288966b5782", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689862330, "uuid": "d50cb001-9165-4f15-a7eb-01934282d5fd", "value": "secagodzx.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a751af13-26ed-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1689851265, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689851265, "uuid": "24ea2b58-f06d-47fe-bfe4-e37b490311eb", "comment": "Malware payload (Formbook)", "value": "6bb85e405489d1b26641e4fda3cf8863", "object_relation": "md5", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "QUOTATION", "colour": "#75C1ED", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689851265, "uuid": "da24bf1d-1cc4-445d-8e6c-1a8430da3aba", "comment": "Malware payload (Formbook)", "value": "1a27a1d3d9f50c11b790fe2266d4daa1334cfdce0e40eac93df8f348ffbf08c4", "object_relation": "sha256", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "QUOTATION", "colour": "#75C1ED", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689851265, "uuid": "e351abcd-bb47-471a-b345-b316976dccec", "comment": "Malware payload (Formbook)", "value": "883ce4611892505475301cb7eb867fe91a7644d8", "object_relation": "sha1", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "QUOTATION", "colour": "#75C1ED", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689851265, "uuid": "646b5ec8-e071-44e2-9e98-1c31914699b4", "comment": "Malware payload (Formbook)", "value": "e063b53419d9a1904ac250b765ddeb6be9d8949917b0024bf198d540813b16b64eb0f1e3ff4630a3e5583a07fce453ee", "object_relation": "sha3-384", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "QUOTATION", "colour": "#75C1ED", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689851265, "uuid": "bc718eb8-ddc3-46a9-ab95-b514fd81a0e8", "value": "T1364423E82CD2A6E5C30973BE4DF8B24978BD0287B053691E2F85DB5D71057CEAD80693", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689851265, "uuid": "734e0aaf-49c2-4cf9-bfae-0f01be15818c", "value": "6144:1m0+H2tYplD2MQczkVqftadvA0IqmBgTZNV:I062tYppbgglkvA1qSgTZv", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689851265, "uuid": "3f85562e-f074-4c88-ba89-c3acc62036a1", "value": 259968, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689851265, "uuid": "6b4c8a3c-78e7-4894-8ffc-cb4f4fccb72b", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689851265, "uuid": "4bbac481-efd7-4e12-91f9-63edde953f0e", "value": "Quotation.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "00cf141b-26a8-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1689821350, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689821350, "uuid": "65606864-f2ec-40e5-b564-c9386d111dd7", "comment": "Malware payload (Mirai)", "value": "18ba12dd768349bfeaa9d5f53e6c6996", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689821350, "uuid": "2bb16fbb-a785-4467-90b9-9f6015155b75", "comment": "Malware payload (Mirai)", "value": "1a766597645aaac1363b2935feb55ca8ebfc324f30483636ad934182c28f7c44", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689821350, "uuid": "bf4b448d-3623-4c10-bb39-2fcc9908fd0b", "comment": "Malware payload (Mirai)", "value": "d24e449d254f92d2584a2a575993dd71c4927414", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689821350, "uuid": "6cc0ebba-1ff1-4fed-a835-bef520314a94", "comment": "Malware payload (Mirai)", "value": "50afab853133d59a8cea527b0d0951560bd437a20e8f23f57874f633e59ad7ea6171b5f4be4261142e47c51d05420451", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689821350, "uuid": "2a5561a4-2784-4b76-b8c3-191e2ffedc47", "value": "T10D83A61E7E218FBDF759863047B79E21A75833C627E2D645E16CD6002EA034E641FFA8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689821350, "uuid": "46d6351e-681e-4659-aa2f-f12ea07ced8c", "value": "1536:CnE3bnaTw6A4fkImsj9HbcFecmB2W7hVP:CE3bnaTw6A4hmsj9Hbc824VP", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689821350, "uuid": "c6b823ce-5a2b-4fb8-85b6-0c42593406ec", "value": 85744, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689821350, "uuid": "5c7b9e6b-8e96-418b-860e-700a02ee0105", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689821350, "uuid": "fdde9399-7fdc-47db-8219-147d564b8d76", "value": "mips", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4f4e73b9-26e7-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1689848540, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689848540, "uuid": "1768d8f4-5be6-4b0d-938c-e36a43ba18a1", "comment": "Malware payload (Amadey)", "value": "a92a8e68b1d8726c39f34aaf58290ffa", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689848540, "uuid": "80b8daf9-271a-48e5-80a8-acf3ad484dc5", "comment": "Malware payload (Amadey)", "value": "1a8de156da2f0337fad44496e333c1fe2ecf51454abbd5091216f49f2a7d6928", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689848540, "uuid": "affc7ba0-3b76-4be0-8d8d-94f14483afaa", "comment": "Malware payload (Amadey)", "value": "3d55ac5ac6bffaf37ce7a6ef4177b33c59396b1a", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689848540, "uuid": "f88a55bf-85b9-4b30-8e38-416a0aab9621", "comment": "Malware payload (Amadey)", "value": "003ef36e0289e30a63eacaf757c5e42fe8484b4ba402507c3fb52a800edbac50f8f036bb18256eace0da9d4f924cfbd6", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689848540, "uuid": "cf298055-eeb0-4b32-a1b6-6b5c3cdd8dc4", "value": "T1D6840112F6DC9132D9B1677058F603970B39BDB09D7C476B2652A86E4CB3390E8317BA", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689848540, "uuid": "498e39ae-b6bf-49be-a25e-09d838959db9", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689848540, "uuid": "ae9cf813-7744-4d1f-b58e-70a345930d0c", "value": "6144:Kwy+bnr+0p0yN90QEKkT/GPxTRHY690ZycbcGdaOuWtDvFnc:8Mrsy9057YqjbhaOuyrFc", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689848540, "uuid": "1f0cc7b3-44c5-46f5-b0e2-8b33e5c951a2", "value": 398848, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689848540, "uuid": "927c17ee-4fd5-4d2b-baca-1a0d5ae85caa", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689848540, "uuid": "efa0aa43-dec8-44d5-a009-5d1a390b47cc", "value": "1a8de156da2f0337fad44496e333c1fe2ecf51454abbd.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e382138e-26d0-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1689838910, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838910, "uuid": "7895d001-6972-44da-ae51-e47e1cbf5a89", "comment": "Malware payload (RedLineStealer)", "value": "f4e3df20aa8a575adae5fc39b3907d31", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838910, "uuid": "b914b4c9-077c-4844-850e-338995dc7027", "comment": "Malware payload (RedLineStealer)", "value": "1b1800342e29a1bbd3b8a4eafa129641dc0675b48040713f971c65b0a5fe8c6c", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838910, "uuid": "48568e5d-34e4-4142-8af0-9885e57b77d0", "comment": "Malware payload (RedLineStealer)", "value": "8bd803781d881e991762921c235fbabed0daac0c", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838910, "uuid": "ee346139-341e-472c-a57c-cd12a8bbef9c", "comment": "Malware payload (RedLineStealer)", "value": "fabe3e5fccd5067acb8710d620d5bf9553a177049ab71de158902181ae790d6326f4510fffcaa0242b3f94fd363b7e01", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838910, "uuid": "7b7fbd16-a5ac-468f-ae14-10e4c9e90126", "value": "T102840212F6D88072E9F41BB048F202C30B3ABDA19D78936B2746691E4CB3585E47277F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838910, "uuid": "3b3b7e61-3182-4d2f-b954-517156c6c272", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838910, "uuid": "4ebe0b89-6f4a-424f-9209-2111262d43fe", "value": "12288:IMrBy90lG7cLaHzOTHScHnl9q35zXRGY8w:py1HzO7hH23vGfw", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689838910, "uuid": "a1a5cbd7-d6c2-4c04-9a92-635288df17dd", "value": 399360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689838910, "uuid": "f02b32db-4f27-4c38-b54c-1fc678b999ee", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838910, "uuid": "9cee9e47-cfa3-4c44-aa66-f82b0d194e99", "value": "f4e3df20aa8a575adae5fc39b3907d31.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "72fafc7d-26cf-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1689838292, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838292, "uuid": "f594a238-aae7-4f39-8900-b8387ad10c4e", "comment": "Malware payload (Amadey)", "value": "7d3070d65825433263445137864f917b", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838292, "uuid": "c7b31392-ab9d-4fbf-ad41-0857d18fad97", "comment": "Malware payload (Amadey)", "value": "1b3d81bb196ceeffc545830099cb9c834babbc5dcfbe4eca815a665302101f17", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838292, "uuid": "60f2d068-637a-4cfa-a216-1b6b583a9ac6", "comment": "Malware payload (Amadey)", "value": "77a4cf96dd2c10c3464ff2ab53a622ce0fd0e5f6", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838292, "uuid": "ad20f830-a026-4fc9-b321-2a95bbb26fb9", "comment": "Malware payload (Amadey)", "value": "8cb52ee24b64a295bb654396ffcfc6ce658fc9ab3b94a5d177dac4e6ee09a051fdfb4ec1af0043b7235c281a362cf9dd", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838292, "uuid": "dfa0dcb3-7246-40dc-84d3-c8c769a2eb2e", "value": "T18D840116E7E58432DDF51BB068FA12931B32BCA14D78935B2791A89F0DB35C0A53273B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838292, "uuid": "1c71d4ed-5a12-48fa-8eaf-1897bfa00ac0", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838292, "uuid": "ca613118-d937-4544-9a26-f804b821f9e1", "value": "6144:K1y+bnr+hp0yN90QEghdQOhZluexDc2ahFpvfss6fTW4SeT:jMrly90KbQOhG3rpvl66sT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689838292, "uuid": "cfdd0214-0cde-4cee-bcfe-cb187e7eab2a", "value": 398336, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689838292, "uuid": "62da01f6-96ed-4d86-a78f-cd4f123732ca", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838292, "uuid": "7e3bb95a-84e6-483b-b5f6-9aaeed570dbf", "value": "7d3070d65825433263445137864f917b.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2d57cf3a-26d0-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1689838605, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838605, "uuid": "aa7db5bf-7c75-4280-9009-5e0db6962e1b", "comment": "Malware payload (RedLineStealer)", "value": "daab7e0a18a03ee3723a4d2b865a14e4", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838605, "uuid": "c0499a8c-b1f7-479c-b134-c830ee4764b3", "comment": "Malware payload (RedLineStealer)", "value": "1c001e27de1715dfb8b3a7ecce00c555f740c2594561c05d56142c01963392c3", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838605, "uuid": "3e44501f-7066-4b7f-8b49-22693c5780b3", "comment": "Malware payload (RedLineStealer)", "value": "c1466f16094e6fb860952bee46521a3f7c271914", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838605, "uuid": "700c2ec3-23ef-411c-8f3f-9829473b5498", "comment": "Malware payload (RedLineStealer)", "value": "8d1afe6bb8c29125e5c5df1e0bd773d4ffa8e2878d788466ebf4fabd3285ba3e92b8526d3afd702f7baa250791f26a02", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838605, "uuid": "5acd2692-fc1d-439a-8e91-ade5d11eb66b", "value": "T18D84F117BBD94432ECB6173029F603930E36BCB59938836B3755A88E0CB3585A57673B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838605, "uuid": "4fc4c20a-5448-43f5-a002-3de69073dac3", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838605, "uuid": "804d9b2d-4538-4328-8b6e-970fa742bf50", "value": "6144:Kzy+bnr+up0yN90QE3Sm5iThUvEo/L8Y6q0buEcG7AzjGcBiFQr8+ULeUCY3Q:ZMrSy90NxsTyCu1GAzKcBul+K3Q", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689838605, "uuid": "e274640b-e605-4c80-b4c8-efee83e26ac7", "value": 398336, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689838605, "uuid": "1371851f-dd2d-4e02-9389-18f13e85c01d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838605, "uuid": "631d9cfb-58f2-40a2-8e2e-2531c0ca496b", "value": "daab7e0a18a03ee3723a4d2b865a14e4.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "00ec1a93-26ce-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1689837671, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689837671, "uuid": "1641860e-662a-4c65-8762-16d1ac911779", "comment": "Malware payload (Amadey)", "value": "2245adfded81f5615b3656bb86678766", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689837671, "uuid": "26bba534-e0cc-4376-a816-2b715d5a5a3f", "comment": "Malware payload (Amadey)", "value": "1c46e1db345610fe8ef6a2fe37c7407b77ab614fd47b00a74971f892275e38f7", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689837671, "uuid": "9a4226ff-2cfd-4b34-858e-a7bab57e961c", "comment": "Malware payload (Amadey)", "value": "5a564c26741b1918ee9614d3a032e5fbaa4831c0", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689837671, "uuid": "c2324233-7af1-4c55-8291-f9572f3e318e", "comment": "Malware payload (Amadey)", "value": "ada19d41958e81514b1d3d4b92a3cbec17c700c2c6196477926a8c187e04e0d5c7da7aa56135843d3aecc8601b1d49a0", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689837671, "uuid": "71dcdc3c-190c-4413-a020-7c2f8eb1ad53", "value": "T115B41222E7D89036C875277048F716D30B32FCA1AD3867AB3745784E4DB27C1A87676A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689837671, "uuid": "60b667c7-f1b9-47cd-876b-a8464971f079", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689837671, "uuid": "16905b59-c59b-4104-93d8-80ed56ec1ff3", "value": "12288:HMr7y903dIEV7W7qQAKEh+1mehzeG0XIBJny4:cy+IEVSzrEg1mq+gp", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689837671, "uuid": "31ca9e48-284d-45ba-a90e-f2c20a91984f", "value": 526848, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689837671, "uuid": "ee4faaf9-ecd1-4673-981c-d4b016fbb34d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689837671, "uuid": "16f8ec8e-0244-4172-b7db-be62ee560dcc", "value": "2245adfded81f5615b3656bb86678766.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "49b3e457-26cd-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1689837364, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689837364, "uuid": "dd4e7286-56bf-41e4-8924-562703e1b1d6", "comment": "Malware payload (RedLineStealer)", "value": "0941247f378e4f80595e39f8d56d0907", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689837364, "uuid": "715b5d19-e74d-4621-b717-a1150c7930c7", "comment": "Malware payload (RedLineStealer)", "value": "1d72986a22d296889c1d7b8d64d46404a442f2039d79a1eac9e366da2e7db9a2", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689837364, "uuid": "9bc65b0d-57d4-4bcf-a538-4a431c833207", "comment": "Malware payload (RedLineStealer)", "value": "691309caa8b701742818a2c282232939b132f535", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689837364, "uuid": "2e253a62-d167-4a88-be2f-468c98b82daf", "comment": "Malware payload (RedLineStealer)", "value": "f35ca8b0dd2eac13bc7efb511c83fa50f283e5a7d382e91a2ce74d7318cfd0d9c0992cd538d28dd226c2cd69a842dda7", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689837364, "uuid": "d4b93651-419d-4b05-af91-47597d95e2b2", "value": "T1C7B40213BBD95071D8B42B7068F316830F367CA68A7C936B2794994A1CB26C0A97177F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689837364, "uuid": "0bf23bfd-1f3f-4445-8fa7-7a6530d63e2e", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689837364, "uuid": "f2607da2-8b4d-48a9-9add-88253b961f9d", "value": "12288:cMrLy90nx9arZGNNhaLIDSxfL978RRMxHAI1:nyeSZGBwFxzC2lAu", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689837364, "uuid": "50393523-dcd9-47c3-acff-c8958ff97a9e", "value": 526848, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689837364, "uuid": "2f49ba61-19f9-4db3-89ae-e20bb728a791", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689837364, "uuid": "0909d1fb-9e8d-4070-926b-953ca641d130", "value": "0941247f378e4f80595e39f8d56d0907.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fae77ae7-2702-11ee-a6f9-42010a9c0055", "comment": "Malware payload (DCRat)", "timestamp": 1689860424, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689860424, "uuid": "408fda89-620c-491b-bfc6-c02b4ddb883f", "comment": "Malware payload (DCRat)", "value": "379418ead16c9bcae571de64e46c092e", "object_relation": "md5", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689860424, "uuid": "edd21606-c63a-4e85-bf5b-ee9462280e33", "comment": "Malware payload (DCRat)", "value": "1eba674b014b1a98fae6ed40b86363ea54cacc127fe5e265a9a6072a53f8dc0c", "object_relation": "sha256", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689860424, "uuid": "709c1bd4-1d48-4c5f-8c9e-2a243ded51f5", "comment": "Malware payload (DCRat)", "value": "ba94bb733acd01c9a8ccc348736d8beba99f70fb", "object_relation": "sha1", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689860424, "uuid": "060ff82b-c4e0-4dc6-b550-d5d3e0e293f7", "comment": "Malware payload (DCRat)", "value": "90a085fb066e2673226b4036c719c4c8766f99090db0fa7acabb96de89ec102df969dfacecbe8d269da5c2d962c6cc4d", "object_relation": "sha3-384", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689860424, "uuid": "f87cf7d7-0bb3-4a8a-b6f7-92cdbd96a492", "value": "T1CA05F7017E44CE11F42A1233C2EF496887B4AD9166A6E32B7DBA377D55123A73C0D9CB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689860424, "uuid": "94967da6-a94c-4d44-9c02-1ca23df92d9d", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689860424, "uuid": "4c0e55b1-a3c2-49de-94eb-d7d68c41eb72", "value": "12288:1xDjM/OkMHJyr+xoala0uwd2PKNq1z/nFUAxKV9dAbIg:1xDjlkMpyrx0uwdU1jTxAdAb5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689860424, "uuid": "803d6400-be2a-4b58-9a43-db219c3762a8", "value": 848384, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689860424, "uuid": "eb428785-0bce-482a-bbfb-118deb9eedd9", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689860424, "uuid": "c9f35154-769f-4da5-a26b-af1320ddeb93", "value": "379418EAD16C9BCAE571DE64E46C092E.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4a55a035-26f2-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689853256, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689853256, "uuid": "6f31c3cb-81dd-49bd-9f9f-80d3a6c2fd96", "comment": "Malware payload", "value": "2f84b0c0a372494335e79c2d1bf56083", "object_relation": "md5", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689853256, "uuid": "642bdeed-ce18-498b-8a0c-70b79cd2aa68", "comment": "Malware payload", "value": "1fdc7f4be2f511d63c9a5f4f22eab04deffb47b05a671c6218fd25b832be7584", "object_relation": "sha256", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689853256, "uuid": "98183fdb-f26d-4887-af92-0ac3928c77fd", "comment": "Malware payload", "value": "5c0c480ea0b4dd628402c254ba5679866891b1c4", "object_relation": "sha1", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689853256, "uuid": "4efcc0cf-6348-46c2-81bf-7f4a0a739240", "comment": "Malware payload", "value": "cacf9c3e7b61e6078c5980e668e670c93b967ee991c7b3f7b01a6d612284c45c57c2cdf9dfbe5cb2ba89875956f3322a", "object_relation": "sha3-384", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689853256, "uuid": "b42e02a8-3313-4419-a83b-383003d96c04", "value": "T1A355AFB876047DE6266F576BDE96ACDC13B617239A8BA4CD80647BC305A3335FE02C05", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689853256, "uuid": "65e377b8-64a2-4be8-b928-7ec9a3632b4d", "value": "24576:bcnCTStz7emlur+u2EFgwX46A6f1aVZb4fW25rD6FsS7cI8ZKFHARarlEIGVqUxP:7", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689853256, "uuid": "086816f6-c57f-436b-b267-177287d56472", "value": 1407867, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689853256, "uuid": "9f5d89c1-2358-401e-bd5f-05385f836f01", "value": "text/rtf", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689853256, "uuid": "f46b06dd-df14-4881-8fa1-647af9efa53d", "value": "SecuriteInfo.com.Exploit.RTF-ObfsObjDat.Gen.25049.29701", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2e958b78-26d0-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1689838607, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838607, "uuid": "32269877-a9e8-43a9-9a94-03439a211831", "comment": "Malware payload (Amadey)", "value": "dee11bd7a5d0e2408059afc209d0ec82", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838607, "uuid": "d9967b83-05f1-4c7e-9c44-1863dcddd32b", "comment": "Malware payload (Amadey)", "value": "205e4501b579fc7b8f357c55d9f22ceb1673cca3c74ffe46cbcf26440620c47c", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838607, "uuid": "b31e99c0-6371-42cd-b4e2-3e779221e435", "comment": "Malware payload (Amadey)", "value": "f2c8926df8e9aa660413552d82122a1ebd5fea16", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838607, "uuid": "503d65c0-499f-4e18-80be-251fff9a31e0", "comment": "Malware payload (Amadey)", "value": "068c03cbb71627989d4166e2d694624bdbaf7363b8c716974dca5c253942bd2dee58d874eb5be829a20cd55394c86bd7", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838607, "uuid": "fefd4265-34c2-4f3c-9fcc-ee9ecf90a557", "value": "T157B40213A6E99172DDB2177008F607D30F367D634E78836F2746D84A0CB26C5A972B6B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838607, "uuid": "6e947475-7ba5-4f8d-865c-0ee7712f325f", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838607, "uuid": "dc2be6ba-1815-489d-a7df-b76e76a8413a", "value": "6144:KCy+bnr+dp0yN90QEJ2I2l6+kWsjZNcj0FyCAFN3KaFCzeF7x7BSWHmKRpih1tzD:SMrZy90sEjApX7+cmHiIzIq2cV", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689838607, "uuid": "bc48dc00-f8bc-41d5-93c2-546035e0a4cc", "value": 527360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689838607, "uuid": "3721926e-8c36-4736-87c4-7c5c44d49347", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838607, "uuid": "b4919eba-5fbc-4514-9b6f-8477ac0f85a3", "value": "dee11bd7a5d0e2408059afc209d0ec82.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b5ba2666-26ce-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1689837974, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689837974, "uuid": "31f137bd-90cc-4a6a-a3e0-944b7532a1e4", "comment": "Malware payload (RedLineStealer)", "value": "5d86a9ed723dec7efbdd9a4a48cb0cc0", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689837974, "uuid": "71b0d06b-7b88-4861-8907-0225784e4876", "comment": "Malware payload (RedLineStealer)", "value": "2085f940a081cefe2c1f8cb2b2635ba03cb33066110af8494c16c8bb4dde398c", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689837974, "uuid": "66d616a7-56c8-4331-9fd7-83ed9f312b5c", "comment": "Malware payload (RedLineStealer)", "value": "7fc46f0dd84e0195afac078e087737ea2631148b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689837974, "uuid": "76f649c0-7672-43ea-a007-fe11d8cba1f1", "comment": "Malware payload (RedLineStealer)", "value": "ff559f037aef8d96445ea1de77462a6a5aae6179a323b870fae75d43789b8f99f8542bd7ea4917a2366f749f5661f2ce", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689837974, "uuid": "e35d0d58-8321-4b4e-be6b-e76ed7d3f7fb", "value": "T1D8B40253B7EC9032E8B117701CF707930A35BCB18D39435B3746A96A1CB3694AA7672B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689837974, "uuid": "3bbaa1c0-87c8-4cbf-beb2-570a82f0c996", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689837974, "uuid": "cb519118-3450-49ae-a598-1efc2ca06dee", "value": "12288:UMrjy90X6JS+AjZy8VRh0otuaQEDkQ3ZMfD5cJAV691MaYn2:vySIGRVb0haQAkQ3ZxJD9C2", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689837974, "uuid": "4150f38d-e029-4f4e-8a7e-d5478ff1fe1a", "value": 527872, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689837974, "uuid": "392d1a63-e5db-49df-940e-c965ebb510c0", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689837974, "uuid": "abf67905-8f3b-4e64-a418-857f7908a9ac", "value": "5d86a9ed723dec7efbdd9a4a48cb0cc0.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c6a19323-2745-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689889113, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689889113, "uuid": "56a42b6e-4b7b-4288-aab9-a970c76a375d", "comment": "Malware payload", "value": "4e7bc16f97068f640d9955f2c8021b56", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689889113, "uuid": "47c32314-c8a9-4824-a7a4-21b2c6de9574", "comment": "Malware payload", "value": "20f5256ebeac09cb02aa0fc4e1f6c3e864ccd12d93ca62ff593ba42802e7fe8a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689889113, "uuid": "bd90b22a-e4cf-437b-b43e-f3aaa073cb93", "comment": "Malware payload", "value": "9d87c74414603685809eb7d502298cae3b578624", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689889113, "uuid": "595c90aa-f895-466c-9c40-1a04750ad367", "comment": "Malware payload", "value": "fcbc8c546bc8d9e1562991a14dd7d54127a3bcabdc1d2e3f99f11786f96f32b9e97e67657e1e214091141693bde24aec", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689889113, "uuid": "75e022c5-6514-4c57-b8cf-b9f74e04e4f7", "value": "T1DB8533916756C2B5E2A165B86C38C2150B70EC366CB2891C75ECFBAD0F32C86C5EE771", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689889113, "uuid": "f675b3c0-5e40-4d2e-a433-483dc423a531", "value": "884310b1928934402ea6fec1dbd3cf5e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689889113, "uuid": "d3889847-abe1-4cec-b445-b5cb480d9e6e", "value": "49152:b2YLzyCSm1hK7jrcsGuw7QkNDxKNRw64heiPRQOn0tfUApjZB6:ytN7PtzuDwNRw6kxRmpjZB6", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689889113, "uuid": "535b07b7-8d8a-44c9-8bc2-7e4fa40d4a80", "value": 1807559, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689889113, "uuid": "4a2d9bf2-f67e-4fd6-8b6f-005a36462f40", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689889113, "uuid": "b1fe5d37-ab0d-4161-9ff7-e9b2249b1916", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bf82457b-26f3-11ee-a6f9-42010a9c0055", "comment": "Malware payload (CobaltStrike)", "timestamp": 1689853882, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689853882, "uuid": "98c90927-b5dd-4e0b-a17f-0f2df93bfd78", "comment": "Malware payload (CobaltStrike)", "value": "097992c0989c6481a5a24817f0e56898", "object_relation": "md5", "Tag": [ { "name": "CobaltStrike", "colour": "#8E4D73", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689853882, "uuid": "53223fc6-1486-44bd-a304-c80fa91ce56b", "comment": "Malware payload (CobaltStrike)", "value": "21045c5b715a16f231ecbd8f66cb2fa5b85842cbac213ceabcb0e96231fa4e4b", "object_relation": "sha256", "Tag": [ { "name": "CobaltStrike", "colour": "#8E4D73", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689853882, "uuid": "6c91a0d8-330a-432e-a54b-6d3725205c03", "comment": "Malware payload (CobaltStrike)", "value": "335edd16a42253fdc5f5e76bf582926b74091429", "object_relation": "sha1", "Tag": [ { "name": "CobaltStrike", "colour": "#8E4D73", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689853882, "uuid": "251a42f6-983b-45d4-9457-1740495e50b4", "comment": "Malware payload (CobaltStrike)", "value": "e3884a21fb7798d599c64c365b8d929fa978678498106d552f0ade1df64600d0af784c6eb977f6a0746e69cae1098d3c", "object_relation": "sha3-384", "Tag": [ { "name": "CobaltStrike", "colour": "#8E4D73", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689853882, "uuid": "31f8ebdf-2d0c-4f56-8090-f3d074a143ac", "value": "T181652A41F99B88B3E702527504FBA2EF27217D061B318B87DA60BF6EAD726E14D33115", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689853882, "uuid": "21fd0298-6ada-4135-9132-bbaa094ad0aa", "value": "9cbefe68f395e67356e2a5d8d1b285c0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689853882, "uuid": "72313791-62e3-4dcc-96aa-4f593658751b", "value": "24576:ZRcXhztTgPhWCcp/0W+8GZxAPVAdTGYNYLVsPoD1QvjVqyHHJZ7wdJ+UHE8bqYbu:ZRcoDGVuEk1HH/7QqYb1jvA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689853882, "uuid": "fe059ddd-c36c-4b90-968e-f15a0286d064", "value": 1522600, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689853882, "uuid": "63175c4a-7566-4098-af4f-a292e995bbcf", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689853882, "uuid": "0da4e3cc-3ac8-4796-bd26-f259a7c344b8", "value": "360sd.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "48adf634-273c-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689885036, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689885036, "uuid": "a530ba1e-8060-42a2-be99-a554075642ca", "comment": "Malware payload", "value": "7d2950497f54dc7ec6d1472be1663891", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689885036, "uuid": "027cddda-c416-4c0f-9e6c-ed9f6b707d07", "comment": "Malware payload", "value": "21a2cc991941bce9eca4fd9fb442281fd0e73b1546c416479d65a6d5679b5a86", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689885036, "uuid": "273338da-077c-477b-90e0-999fc4cb364a", "comment": "Malware payload", "value": "abcb06c43b3c71f9d6beacb403ad7c0c9d83e53a", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689885036, "uuid": "6873490a-e74c-43cf-ac3b-7ae2a878ec2b", "comment": "Malware payload", "value": "089ecb1768f7d9e44f0e0c023dc8b4310f706d103e12629b3f70a707959deec56949b89070e8f6069ed23ce68e351983", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689885036, "uuid": "b03b346b-4fd6-4eed-9c4c-5415900a1bb3", "value": "T18496096BB1A4812AD15DC53ED0B3DF40953370751B36C5EF9294026A0E9BADCDE3EAB0", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689885036, "uuid": "906bb92c-b809-48fc-97ae-6f7fd2656ffc", "value": "5d1b57992eb01e9a84723f1cf593c843", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689885036, "uuid": "95d35465-6cb4-41aa-acf5-1164faceeb06", "value": "49152:h93NQ9EWDZqTATFnYBP3Slqm0IH7zSj3d/jzTF3Kiglz7h01OviwPvY3JmNp:h93JWblz4TKl2MPvWJ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689885036, "uuid": "ac3bb578-09db-4c19-b34a-ab3757f81bb4", "value": 9049088, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689885036, "uuid": "9be116da-d06a-49ae-b02d-5f7356ea99e7", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689885036, "uuid": "f9cc6f65-79d8-48fc-ab64-4be2b5733fe5", "value": "SecuriteInfo.com.Variant.Barys.434263.7483.14856", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3237b1aa-26d0-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1689838613, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838613, "uuid": "2618dae8-405b-4ffc-81f9-6a35e89094b3", "comment": "Malware payload (RedLineStealer)", "value": "cb6b98070f7f210670aa67a7fc561f2c", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838613, "uuid": "f0517efa-c3c2-41ab-a1b3-1efce7d8b619", "comment": "Malware payload (RedLineStealer)", "value": "2290a18d67188ec7906bb8d3e4308b29e84d36fc48c304284f498555d86e006b", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838613, "uuid": "cb699d7d-e435-495f-861e-3dc73213d0e7", "comment": "Malware payload (RedLineStealer)", "value": "d770fab98383bcef90aec6df24ccca2844c6a9f4", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838613, "uuid": "8cece014-ef58-4880-9b63-87b55921d26b", "comment": "Malware payload (RedLineStealer)", "value": "1facf26dd0ba5ea396b35f6b2b8d9568fed89e4dfd9216a1da86770f13f7cb6b0f38a8fbf297affdb8f2cd581ed8b46d", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838613, "uuid": "1143aa61-e591-439e-ace6-660d5f32e102", "value": "T155840152A7D88073DCF51B7418F622D30A39BCA19D74A36B2786984E0CB36C4E53677B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838613, "uuid": "092af898-2559-4a1a-883a-9c2fa4b6c38d", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838613, "uuid": "8c7e2f4d-73ee-48fa-b225-ae46f7b2f91c", "value": "6144:KQy+bnr+sp0yN90QEsepIfEQtB+IiwPpEQ1tMHwMCcHnlRH/ciRSXJ:gMrwy90tpIvnhiYGQUHkcHnl90XJ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689838613, "uuid": "cb3ecdb7-643d-40e0-a405-9b6f31d476f2", "value": 399360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689838613, "uuid": "ded686cb-c1bf-4bdc-8745-bdb7db1e87b9", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838613, "uuid": "2429a6eb-25e6-461c-8ed0-384fa7cd5bed", "value": "cb6b98070f7f210670aa67a7fc561f2c.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1c17b47a-26e7-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1689848454, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689848454, "uuid": "01e84ee1-af20-41f2-aad1-7feaf69659f1", "comment": "Malware payload (Formbook)", "value": "25da98d04b93a60606dc3cf726cbc28c", "object_relation": "md5", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689848454, "uuid": "b633dac2-5727-4186-a1cf-94ec40c91dc1", "comment": "Malware payload (Formbook)", "value": "22aaa3e882155a64b8c2ded5e4c75f301e8fcb882e767254f1db7553b67e085e", "object_relation": "sha256", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689848454, "uuid": "ea1920f7-5c52-455a-98fd-8400a4b293c9", "comment": "Malware payload (Formbook)", "value": "77465442dde8d5bce140728ffdf6bc0dfa03290b", "object_relation": "sha1", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689848454, "uuid": "dfef8a2c-ed86-455b-b224-c5ec9656fb17", "comment": "Malware payload (Formbook)", "value": "71fb3de7b123c206cad86a9252a3832e8a88b10636906de1d31c3ac3f39cf0f35ce057ce06184ee32df33f3eeb36c6c0", "object_relation": "sha3-384", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689848454, "uuid": "13481661-98d8-4b1e-9dd5-3f7a9c9e7b5f", "value": "T124136C5AE78F02658F511277171B0A88AABDB73EB35155B1386C833433EDC3E02666BC", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689848454, "uuid": "d77f4b3c-9e76-45d6-96a1-cf8b3158c485", "value": "768:jFx0XaIsnPRIa4fwJMNq5wfm9GgmbM5CaUbKOBKydwFQ:jf0Xvx3EMNqGfm9GgMiCaUbd9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689848454, "uuid": "d6757410-8ea4-45ce-b042-a5eb37acf0ca", "value": 44012, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689848454, "uuid": "2ffe2833-a781-4953-b6df-30ba1292cc6b", "value": "text/rtf", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689848454, "uuid": "268e026d-3996-43b1-82cf-5774bdd42530", "value": "Invoice.doc", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "473be3d9-26d5-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1689840796, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689840796, "uuid": "d1ee4bb9-298d-4aed-962b-5a5d86ceeab3", "comment": "Malware payload (RedLineStealer)", "value": "719e6ea06a5fac6ac3a3730e45fd1b75", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689840796, "uuid": "5a104fe4-e530-4e30-bacd-16eed7e4bf97", "comment": "Malware payload (RedLineStealer)", "value": "22c5bd0a3e3c03e512f45c0ebd81b9cf7695279360a1c40cec90cf3efea5f219", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689840796, "uuid": "8a307f42-e00a-4c76-8a48-22007b984ec3", "comment": "Malware payload (RedLineStealer)", "value": "fa45885b397266a12ceb20cd060f70fd0f2e4b1f", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689840796, "uuid": "c805d181-2bb5-4014-b5ac-626dcb86ef54", "comment": "Malware payload (RedLineStealer)", "value": "2b4417cee9d7ea11af307f384a5bdc0fc3f69d0c4edd0ea16b1ea868051f65dc378c3d745f69f5c7215b61fcd77d6526", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689840796, "uuid": "6a3737d9-c44c-4dfc-8a77-fec6d4076110", "value": "T1EC840212FAE48432D9B513B098F602C31B39BCA29D78436F1387985D1DB26D4EA35777", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689840796, "uuid": "0f76e6ef-9e25-48fd-86fa-eb080a530755", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689840796, "uuid": "70ca86d1-cf2f-44e6-b140-e8a1daa85207", "value": "12288:VMrqy90GeXkEY3eepM9CcrGdRcHnl9yUBQJ:Py9VEY3sC5mHs", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689840796, "uuid": "09aa0daa-7118-489e-8f8b-151622e06b5b", "value": 399360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689840796, "uuid": "2ae031c6-1fee-40df-bedd-7132f7cce610", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689840796, "uuid": "c8d8606d-cc2c-438e-82be-b04a18b3fe0e", "value": "22c5bd0a3e3c03e512f45c0ebd81b9cf7695279360a1c.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "48b83a8d-26f2-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689853253, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689853253, "uuid": "e0708fd9-7bb2-494b-ba2a-9ae0df10b6a2", "comment": "Malware payload", "value": "8e3041066a4c5792c3d3843679957f4a", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689853253, "uuid": "4db10d81-c592-4bb0-9c6c-e2cdfe684937", "comment": "Malware payload", "value": "22ffebdd02c053dcf8ad29fdd7220ca9fd83b0222095fa85620298c6eb6a345d", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689853253, "uuid": "6424aef2-4c96-45aa-92b4-45b1ab4179b8", "comment": "Malware payload", "value": "a5b1cbcc9bd9372b7b3160785968ab4764d8234b", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689853253, "uuid": "8d823471-b6f4-44f6-8cad-b745e5f4f6a4", "comment": "Malware payload", "value": "463b308808c8fa08450d5da44a83cd29c39a74d6790eaceaa2be81832d7727f8c54d3c3c8cfacd36f8a2b5d0e68726e5", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689853253, "uuid": "d8d25ced-2e84-4ae6-9ea1-d2625143cd6a", "value": "T1B5234A0262A2C0B3F1FB577538A46261593F3D3166F0408B6F8B296CAEB17C15B78B57", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689853253, "uuid": "b695eb3e-39c1-4304-99b5-598b1fba0620", "value": "8735daf06cba4e1ed00bad4c4053acc8", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689853253, "uuid": "1e83f539-3390-4136-bd0c-201eaaaec325", "value": "768:VXASadz8Wim494rP3hXXayZafEmE/9GYUv48hDbxmnTEDIN7vyH/7:VXA8WiViP3hvZEEH/9Gt4MDmZU", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689853253, "uuid": "7e04aba5-95c7-436f-b90a-3f89c69fe3fa", "value": 49664, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689853253, "uuid": "cdace24f-dca6-4930-83a1-ecd14cecdaf8", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689853253, "uuid": "55e1de7a-6fd4-4320-8e10-11514c52974f", "value": "SecuriteInfo.com.Win32.MalwareX-gen.4887.16398", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7c7c32ad-2735-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689882117, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689882117, "uuid": "f3757d03-e3af-4ab5-b7f6-2e575566cdfc", "comment": "Malware payload", "value": "ac2de68d3e16e14d4e3032eb64937f0a", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689882117, "uuid": "488546e2-4d0d-4f24-aed5-20bb1eaaf09d", "comment": "Malware payload", "value": "23392bff27ee35d1741c5e8ebeeca33695510b025ef71e1eb0131cb82b6b26ed", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689882117, "uuid": "e973b03f-5988-4836-8c10-368bdb089cac", "comment": "Malware payload", "value": "2ce44676066d208b6ab4423d40561861efb54d4c", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689882117, "uuid": "066fbcf1-93d1-440e-a865-bafbf272f12a", "comment": "Malware payload", "value": "c3df789c4dd8cf8ab6f27de83bc4ab05014e2ae2e21afa282d2644af55b9d8341182d29cb05bdc4e1e0bcdbc59e01819", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689882117, "uuid": "4ff41161-7436-46f4-9b96-48178d7de070", "value": "T1FF54E93393913C44E9268B729E1FC2E8765EF6508F4977A512189A2F04B12BED1F3B1D", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689882117, "uuid": "f560ea8f-fbc7-4dcb-a563-16a4302b9813", "value": "685fa3a7200aa618e17fa5e3208c5c70", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689882117, "uuid": "cb316985-c3fe-4087-8179-ab478eef5cb7", "value": "3072:KLm28b2oLbgfQNs2biz7l3k+UFnnDg2Q5Gk35ll:A8rLbZs2bid0zrkJl", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689882117, "uuid": "dec9aee3-da05-43b9-8661-84ee64d50c09", "value": 297472, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689882117, "uuid": "c38884f9-cc8d-4d52-a3ec-14aa64c393d7", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689882117, "uuid": "9e0898b7-d7ae-4a2d-9b11-c323ea3c94e8", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8fdb1069-26f9-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689856379, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689856379, "uuid": "0efda3a4-ef86-4c3c-b10a-b322c244ef29", "comment": "Malware payload", "value": "6fb61cbdeb3595a90dff3daa0c0dd566", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689856379, "uuid": "bb3540bd-42fa-4fe0-b92e-52bb18a06699", "comment": "Malware payload", "value": "2368a520917cb4211af8e92445e10276764b84abae83884482674204adbf4a76", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689856379, "uuid": "3fe3f89b-38d4-4100-8a52-ccdaf8d7fceb", "comment": "Malware payload", "value": "571c4e441f55c95592599b988b07c6e7bbc8673d", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689856379, "uuid": "53d3e85e-14c5-43f3-9e1c-9bd2ab6613fa", "comment": "Malware payload", "value": "1013efcd0be7dbbb2cdddd9e901223deb96cc613e7ed39c18f1664ec320a1085504a447027e231587e3389911d4d8e3d", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689856379, "uuid": "fee4543d-36e6-4306-8479-6a65e7f5fb97", "value": "T118235C0262A2C0B3F2E6437438A466215D7F3D3126F0408B6F8B257D6EB17D19B78B57", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689856379, "uuid": "c98a55a5-0596-4781-b5c5-de53c8f46631", "value": "8735daf06cba4e1ed00bad4c4053acc8", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689856379, "uuid": "f06d5088-ea5f-4a93-b1e1-21d5e9b3f115", "value": "1536:2MATb88ZXHDMSoTo0r3IDrXH/9GxnSDDKU:2MATbrXjMSozsDySDDKU", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689856379, "uuid": "ec914d3e-6623-4265-853a-30b32170552d", "value": 49664, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689856379, "uuid": "e5a32331-7870-493b-b4b0-cf614b158066", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689856379, "uuid": "8207d407-54ca-4e48-9fa1-989bf6fca68f", "value": "SecuriteInfo.com.Win32.MalwareX-gen.16680.9247", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "90d1781d-26ed-11ee-a6f9-42010a9c0055", "comment": "Malware payload (CustomerLoader)", "timestamp": 1689851227, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689851227, "uuid": "00d29b44-ecb3-4e3f-8824-0ff0385c8670", "comment": "Malware payload (CustomerLoader)", "value": "6234113d4fb26221ad909b86d4c99293", "object_relation": "md5", "Tag": [ { "name": "CustomerLoader", "colour": "#57A5C4", "exportable": true, "hide_tag": false }, { "name": "img", "colour": "#F0AECC", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689851227, "uuid": "3dc4e1c8-f1cb-4661-89d2-b452258bd14f", "comment": "Malware payload (CustomerLoader)", "value": "23ef9e1871478c0d5c2fc5a9f91d4114a3aa7e9814ef8f15738d5b59770de2d6", "object_relation": "sha256", "Tag": [ { "name": "CustomerLoader", "colour": "#57A5C4", "exportable": true, "hide_tag": false }, { "name": "img", "colour": "#F0AECC", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689851227, "uuid": "09020d59-786d-4763-b5b8-f0cdf4dc7315", "comment": "Malware payload (CustomerLoader)", "value": "377af5c3f02ce395ab094f85efa4dcc1a037b30a", "object_relation": "sha1", "Tag": [ { "name": "CustomerLoader", "colour": "#57A5C4", "exportable": true, "hide_tag": false }, { "name": "img", "colour": "#F0AECC", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689851227, "uuid": "3e19959f-1f7d-4635-b84d-d8da96636fb5", "comment": "Malware payload (CustomerLoader)", "value": "803015190cc9c60a51cf91d2b851d4f3939ade444d5da9f258b06f252b2f1f8f5336013141bea4d16a4f2fb535dd9c7d", "object_relation": "sha3-384", "Tag": [ { "name": "CustomerLoader", "colour": "#57A5C4", "exportable": true, "hide_tag": false }, { "name": "img", "colour": "#F0AECC", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689851227, "uuid": "51f1858f-5347-4fea-8ab2-67beac9328ae", "value": "T13F45CF0097ED0274D6AE06799CF203111BB9BF5BA19BC78F7A8C560E0F473756B31AA4", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689851227, "uuid": "c57cc02c-1b6b-4442-9c6f-60ab3e7dcfec", "value": "768:jJUUE5Zuq5Tllmu24Ra2DovIieNhIPVQPa9EB8B:qUE5fTll92m7ov0oW6E8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689851227, "uuid": "f7990f96-9ade-4f71-92f1-b07868a9de59", "value": 1245184, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689851227, "uuid": "4f13fbcb-4d2b-428f-9615-496670b7d9e3", "value": "application/x-iso9660-image", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689851227, "uuid": "8cf5aef3-1aac-426d-972c-0f1ca05b1095", "value": "Payment Slip Image SCREENSHOT.img", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a07d5f23-26e5-11ee-a6f9-42010a9c0055", "comment": "Malware payload (DarkComet)", "timestamp": 1689847817, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689847817, "uuid": "7f214771-c645-4d75-93d0-3a743000ab92", "comment": "Malware payload (DarkComet)", "value": "ca70816ff1f547d1b16435a0cb4fa871", "object_relation": "md5", "Tag": [ { "name": "DarkComet", "colour": "#CC1453", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689847817, "uuid": "fbc03d74-65cd-4c72-be4a-34de3388031d", "comment": "Malware payload (DarkComet)", "value": "24d290fd917f843d7e0a7c3821770d5f21284f4d8e6815d29f14d9e258c2a999", "object_relation": "sha256", "Tag": [ { "name": "DarkComet", "colour": "#CC1453", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689847817, "uuid": "8b21dc20-9249-4d08-ad21-7573852f1ec8", "comment": "Malware payload (DarkComet)", "value": "01816a741711b10f11d496c9a7090679fa54bd69", "object_relation": "sha1", "Tag": [ { "name": "DarkComet", "colour": "#CC1453", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689847817, "uuid": "b76277f2-420c-4e74-96fc-659f189877d9", "comment": "Malware payload (DarkComet)", "value": "45248555a82f629b998b672632c7c0b694552c7ccea6c50186292cbd81582f2b5577ee333711611c0ad9730cdb09d594", "object_relation": "sha3-384", "Tag": [ { "name": "DarkComet", "colour": "#CC1453", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689847817, "uuid": "406b3c0c-c7c8-4fc2-be28-5428f2943962", "value": "T199E4E0C02381E75BC7E2A2FB10B496F4331A9E8CA505A656D21CE3441D7A51F8F9FDA3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689847817, "uuid": "3e530b1d-4326-47e3-aaa7-be6b81d6699e", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689847817, "uuid": "f25b2269-067a-4f21-9fdc-02d196ffa60f", "value": "12288:izYpuDWoVtuqLxBIztbT46g8INsE9VY3G5HkBPM/yytiygj9wO2Wyf8NB+em7r:huLxatIZ6EHPVYyUNAD8w", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689847817, "uuid": "06abd00f-8305-4498-84c8-f96569461ca3", "value": 679936, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689847817, "uuid": "77c475c6-27ed-40a5-910e-999e99a9aaeb", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689847817, "uuid": "038dcc33-ae6e-4262-9c62-ffa8bf08878f", "value": "gre.bin.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b93fe816-26ce-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1689837980, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689837980, "uuid": "679ce06b-9b8b-4301-b059-e8a322991b6e", "comment": "Malware payload (Amadey)", "value": "63832d2e98e05b8a9c8254a1fe704035", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689837980, "uuid": "944bc57b-f267-4ab7-86bc-9d50b5390fdd", "comment": "Malware payload (Amadey)", "value": "25ed98009b3401aeb6775e771964594ff65ad8fd7f0d830da8508a4f3869d437", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689837980, "uuid": "48df1492-fbd0-4cdc-aa85-b3d71684013d", "comment": "Malware payload (Amadey)", "value": "71b57a1b67c81f3e43f7b8b0d24165122d70a1a0", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689837980, "uuid": "d417374f-a8b1-4af1-92d3-daeca3968291", "comment": "Malware payload (Amadey)", "value": "e02b60d9d9b62bd80f802eafd84c58fb1441324ce033dc7045a811f87c60ceee49700842592d1ad46960220cd9914f03", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689837980, "uuid": "960a7c7d-a5f0-463e-8ee6-0842c09ea633", "value": "T106B41203EAD89032D9B1677159FA43D70A3BBDE04D25826E3787D89E4C736C0693276B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689837980, "uuid": "403d35de-7cb5-4d0b-9cb2-46429c5a7f63", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689837980, "uuid": "5df8530e-e13e-43ef-a91b-a2892b417bbc", "value": "12288:OMrby904gw553CZLAjmAWVEgAdK60UA0+zmOfK:1yXgwD3Qot+EVsvPCOy", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689837980, "uuid": "f5006f5d-9791-4573-80b2-3dd0e64ffc38", "value": 527360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689837980, "uuid": "433c9fa7-75d6-4160-9663-3cf48d590af9", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689837980, "uuid": "bc4f77b0-eedd-47e7-a326-978c65c37d19", "value": "63832d2e98e05b8a9c8254a1fe704035.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bf1bd164-26ce-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1689837990, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689837990, "uuid": "bd1592d2-2d54-442a-b34a-777972e1bb90", "comment": "Malware payload (RedLineStealer)", "value": "50d09ab8422bf471825c27915c23e458", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689837990, "uuid": "c0bc89f1-7360-4b27-b0ce-b68636fd9f34", "comment": "Malware payload (RedLineStealer)", "value": "27162c7fa17ff69c42ad37c72dad61908b58d2744ee37bb6a7f1e318bc2d7cec", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689837990, "uuid": "07fcb30b-ab8a-473d-8997-95ebf4eee0a2", "comment": "Malware payload (RedLineStealer)", "value": "e205befed9bfa38130e8d807d5190447b71e58bd", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689837990, "uuid": "934ad498-ce79-4529-9f18-7ca3a6ae7117", "comment": "Malware payload (RedLineStealer)", "value": "57f7fe2f5e9b8e7041ff00c1940359984bb0c77c759bd7c052302c7b702dc9935064e9297c7eaf8485704d4e5438b39f", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689837990, "uuid": "85ec1781-26ef-47d1-87cd-52df52f7dec9", "value": "T19284F142A7EC8033C8F51B7019FA06831B3ABDA15E74836B3795A85A0DB3984E57177F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689837990, "uuid": "aba5014f-3c32-482b-a036-e8aa95bca5dc", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689837990, "uuid": "cc2bb7fd-dfac-405a-94be-f0a5b6493431", "value": "6144:KDy+bnr+Cp0yN90QEfKeQknBPnTRUAtiRi8HfyadLXs7IymVB8CcHnlRHyWSwhMY:NMruy90dQ+ndB+izadDr9cHnl9nMY", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689837990, "uuid": "265e1bc3-c05d-426a-a875-753a20899fa6", "value": 399360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689837990, "uuid": "366c96a6-db43-47a7-968f-8f5fe72889e8", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689837990, "uuid": "c8c5b0cf-cf06-4c35-8066-544977004027", "value": "50d09ab8422bf471825c27915c23e458.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e9e98efa-26e5-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1689847940, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689847940, "uuid": "8d0f61d0-4dc5-402f-839f-2c198159e42b", "comment": "Malware payload (RedLineStealer)", "value": "be20e8d108cf9e94319678c0f61393d4", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689847940, "uuid": "e82b5b7b-0101-4591-a623-cf426d1a56b6", "comment": "Malware payload (RedLineStealer)", "value": "277f52adcffdae3b95ac4c1b928de6c4a507600023471054f5c9d34f3b852f94", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689847940, "uuid": "79506754-589d-4091-a37e-aba50cc0ccb7", "comment": "Malware payload (RedLineStealer)", "value": "9ca7da9916d071095a2985ecb2408f24f9978453", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689847940, "uuid": "b2dfa88b-03c0-4dbc-b9ce-9a593a2e3823", "comment": "Malware payload (RedLineStealer)", "value": "ffd115e30d6ba0e59dcc39a2ada6e2dd293de301bcf8397a0d695079c17ef5041e4e84e75cac1e69e5f8c64759389cd5", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689847940, "uuid": "8864c816-27cb-4480-9987-86c2ef57dd10", "value": "T12F840147EBD58033E9B527B058F723D30A3ABC91587887BB2795A8891CB36C4647173B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689847940, "uuid": "30fceca6-4347-44fb-a0dc-5600d714cdbc", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689847940, "uuid": "a49eb7aa-b4f0-4671-bc76-5cb189c0edbc", "value": "6144:KPy+bnr+Lp0yN90QE9dx9l253NzJGHDRezddZ5ULvrGEf51/HmbTME:FMr7y90P25uFEnwrGEr/YT5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689847940, "uuid": "e5a69ca8-d5f1-4787-b786-4f8c7d56eed7", "value": 398848, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689847940, "uuid": "b6ce4964-63dd-4b57-a84b-fe3514e5e12f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689847940, "uuid": "5440f721-d00f-44ce-980a-dbac4f7681b4", "value": "be20e8d108cf9e94319678c0f61393d4.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4f03bc7a-2710-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1689866149, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689866149, "uuid": "300149f5-972d-40e5-8276-9d3b53e8d719", "comment": "Malware payload (RedLineStealer)", "value": "7878569b0aa1715f37b8ba4b18aa50b0", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689866149, "uuid": "c0908a08-f346-40d3-a5fd-d20b12f27e91", "comment": "Malware payload (RedLineStealer)", "value": "27939e0c5b1fe6f52d27e4bc1fa21b9e20837e0aa4a7d6a12a8564fcc8928106", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689866149, "uuid": "7b0caf7e-4f15-4294-afd0-f11cac351ec3", "comment": "Malware payload (RedLineStealer)", "value": "744912f6e77d25224f2dc610fa756ec7fa93e263", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689866149, "uuid": "1c382568-a83d-4861-85b2-8460797da981", "comment": "Malware payload (RedLineStealer)", "value": "d253fa15d8dc8fdbe64dbcc5d765808e66b15c64003ab1e3e577d2f37e58122c0500f41fdf0c9bde5f1c0aeed4d97fd9", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689866149, "uuid": "dab7e82e-f564-477d-9cf3-3dae71a7b547", "value": "T124940A83C7A23D44E9278B729E2FC6E8764DF6608E4D777D22189A3F04B1072D1A7718", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689866149, "uuid": "7ca87093-6b6b-4c50-956f-0d0d0715504c", "value": "4204b9f7d0ffdbe2928a3ddb092604a6", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689866149, "uuid": "81758e2d-9ec9-43bb-b1f6-dca7d02b6ab0", "value": "6144:LJZLuctuJ0YzcRxpck8F47MWvtYtPyiuSm:1ZqctszGxpck17jvtmP5uS", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689866149, "uuid": "478f57c3-45af-4f9c-9199-c4a092e90665", "value": 413696, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689866149, "uuid": "5c7b4a45-e6a9-45bb-b2f7-c1e4d52bb5b4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689866149, "uuid": "3d92e402-b755-40e4-ae3c-6adf41dc05be", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f1536e65-2733-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689881454, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689881454, "uuid": "f7882b9e-9b63-4337-9f6c-be012fadac1c", "comment": "Malware payload", "value": "f584c9a6bff7b3a7e974ff15448ef8ca", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689881454, "uuid": "913dca3a-278c-468c-ac26-b31fc3053401", "comment": "Malware payload", "value": "28e0e5becfb8045063d9c9403bb7491aa14143f86074c0e63d54402841d2d905", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689881454, "uuid": "03b65a98-88f5-4148-8944-690a203d2776", "comment": "Malware payload", "value": "5532ff195f29fd36c7f9c59462f0ab79e160f333", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689881454, "uuid": "ce0ccce7-eac9-4f50-a527-50b0c52adb93", "comment": "Malware payload", "value": "d6c2ddd2417b53b965a33efd26d2238f646c707e0e7f8485c6e9308c650c7cb8d2e4bcc83da416c4d2c413aed6566d30", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689881454, "uuid": "97e8644a-7fd7-40ae-902a-dac5dea7d9e7", "value": "T1CD852343E7A499E0E0524FB42DD1D0046BE1BCA4BD386A947299AFD9FF32663060F75C", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689881454, "uuid": "184b35a6-8c03-4ef8-848b-2d90796de6af", "value": "884310b1928934402ea6fec1dbd3cf5e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689881454, "uuid": "d4c1881f-8347-4c81-b1e4-3f25fd4be43e", "value": "49152:b2YLzyz0veLuXiQvqYtr0qR+uNrqHjmlgpCax+xZbmzB6:y6vR90qRf1LUCaxobQB6", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689881454, "uuid": "b4de7bbf-9e4a-49d6-8ac9-e1d326f1ddc4", "value": 1796967, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689881454, "uuid": "4cde6674-ace6-4851-8f08-c31295c2b82a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689881454, "uuid": "78b143b3-1b80-4e56-8534-89f4ad6f06a9", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0651ae66-26fd-11ee-a6f9-42010a9c0055", "comment": "Malware payload (DarkCloud)", "timestamp": 1689857866, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689857866, "uuid": "6a21230d-c1d1-4e2c-9d2e-316d44818bf7", "comment": "Malware payload (DarkCloud)", "value": "1dc6a4dd8ac552c5bb6aa2f12d83926b", "object_relation": "md5", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689857866, "uuid": "cd4adb72-adf3-4f06-970e-4c257dbfd1c4", "comment": "Malware payload (DarkCloud)", "value": "295757477a07e2f8c97054d3293539518781c52206b5deb274f955082d8e7d87", "object_relation": "sha256", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689857866, "uuid": "7719dbf8-d613-4557-8d45-c46906fadc49", "comment": "Malware payload (DarkCloud)", "value": "3c06b68bc42bc79523815d47af13b6b69be6946a", "object_relation": "sha1", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689857866, "uuid": "aee6420e-432d-4dcb-8c60-bf31f0e6d9e4", "comment": "Malware payload (DarkCloud)", "value": "c1dee7d9eafd686dc52060b11f0ad01c747f2eba03b76aadf253a90114e594c4fb45feb0e13668133b09385e0fb768e9", "object_relation": "sha3-384", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689857866, "uuid": "5b430274-218f-421f-bae8-62d72a95f9ce", "value": "T13915121469A49717C990D7F80664E68063FADFDD2491F63D9EDBDCC6B0B5F0009A0E2B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689857866, "uuid": "a1f625b6-c2fe-4eca-9171-df792558d974", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689857866, "uuid": "32e43a6e-5707-401d-af32-8948de50f5b0", "value": "24576:2PYPgrtqyNZPoFJhdK/FtzVOCie84PPtU+e:2w2qyNZAgMH4PPtg", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689857866, "uuid": "454181e4-ae3d-4984-9f11-bd51052dbe02", "value": 929280, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689857866, "uuid": "2453f112-9072-4f75-b75d-e895ca78a2a5", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689857866, "uuid": "d6e101b9-e93e-4e14-8595-6b834d6a70ec", "value": "NEW PO.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e10d8b9f-26d0-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1689838906, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838906, "uuid": "e07aae8f-5bec-44ae-b220-308e5b061bcc", "comment": "Malware payload (RedLineStealer)", "value": "e5ebd965f3862d505d96dd3a06a3c6a1", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838906, "uuid": "ac7282fe-68db-428d-bfd1-5e963b6cf093", "comment": "Malware payload (RedLineStealer)", "value": "2a304f26aa8050b08f23504ee2bd995b52e7a47b2fcc9741abc9004b69286109", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838906, "uuid": "f3f63ea0-4d4d-45a9-aebc-eba0161fa95e", "comment": "Malware payload (RedLineStealer)", "value": "c8cb5c6a3b15867e548237bdc353cb1cc45aa20e", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838906, "uuid": "f62b1741-f0b6-4929-8a8e-7bfe366bbc48", "comment": "Malware payload (RedLineStealer)", "value": "ba3a84b677127e9261baac6676a3ab4557ce87400aa55bea7951a671b553be3a1ae5df06c3e40f99212801085a4975d0", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838906, "uuid": "7d95ec45-e042-40c1-bac7-f3b460e45e41", "value": "T1EEB41212A6E8C132EDF52730ACF613931F397CA15D75871B2B456A8E0D725A0E63237B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838906, "uuid": "ba9ea449-1c29-42b4-8275-706910bf0bc5", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838906, "uuid": "883eefc8-184d-47f3-91da-19af8c7b4fcb", "value": "12288:SMrDy90v3UKyQUCfKjPZhL4BK8uPQKSR9aFciWDAi:5yXNRhL4BKrYKSAFsl", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689838906, "uuid": "9a214a60-a39a-40ef-b363-d3250831d26d", "value": 526848, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689838906, "uuid": "04f14425-71e3-4d2f-9260-7752d1a1287a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838906, "uuid": "d39b5350-3033-4497-9a0b-7bd8396a39f6", "value": "e5ebd965f3862d505d96dd3a06a3c6a1.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "692356fc-26fe-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689858462, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689858462, "uuid": "cda9cc1f-b06f-4a48-813d-ba0d8aa94d3f", "comment": "Malware payload", "value": "e040670bac3e2ee10dc266c6bf6c07d9", "object_relation": "md5", "Tag": [] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689858462, "uuid": "9f5b62c1-c743-4bd1-8a49-cf9a93a10ada", "comment": "Malware payload", "value": "2b05753bc632ec1b4f66631be14ddd5757a56cb5d1593b7c86f386b3e8672968", "object_relation": "sha256", "Tag": [] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689858462, "uuid": "b1c5654e-73b2-4b9b-b504-c9245bd3d881", "comment": "Malware payload", "value": "5a63414e2485bce19531562cbf033a83bcc2580e", "object_relation": "sha1", "Tag": [] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689858462, "uuid": "49955fd4-7759-4e1c-99d3-d748e53a766a", "comment": "Malware payload", "value": "e07912dc9bdad7b291e0254e61008082f390cd66db4ede593c9eb0c72aea9d404024ae0d090ac8090d849e4feab6d7d0", "object_relation": "sha3-384", "Tag": [] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689858462, "uuid": "033a6a69-3f8d-4904-b3b3-f80b5c59d355", "value": "T130510D8273DCE20877639605966F23F14B3F761F7B3E8A4B408D4C8D97E24064A577A2", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689858462, "uuid": "b31318f4-13b9-447a-b4c1-516a5071a844", "value": "48:oRpNA6spkeVl1DBcrOuf+vM9jrgnASH1+XI3VtegWQQ5VC9:o/66zOFf3OlC9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689858462, "uuid": "dcb81cd6-310c-4443-9305-065e640f35b0", "value": 2822, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689858462, "uuid": "f2dd280a-7627-42ef-9574-e7316e85cac0", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689858462, "uuid": "ed688d2a-94f2-41db-b285-9becdb1e3eb9", "value": "Swift_EUR69483-20230718.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1b3fce87-26e0-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1689845446, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689845446, "uuid": "0d0fc941-4d4a-4769-98f6-5a802e755e52", "comment": "Malware payload (Formbook)", "value": "d72c3bb3172d13ac1cfc172c389e52e5", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689845446, "uuid": "25d95cf3-a3f2-46c9-9fff-dd6e03a575c2", "comment": "Malware payload (Formbook)", "value": "2b7c90f224a3f2964f56820652ae35673cb830d152dc2203ec1629f69b8f5a00", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689845446, "uuid": "0d0636d5-09ff-4ba5-89f5-df467382aca7", "comment": "Malware payload (Formbook)", "value": "a0bf2dc6ba08e4702098576b8e91f08c91a201ca", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689845446, "uuid": "d8f5aaaa-a956-497f-a6cb-3e62eabe5d51", "comment": "Malware payload (Formbook)", "value": "64cd63994c44c37cf791b255258f8ce527727ccddfe78fbf22c5e85821c753a0c7ac473f87291dcf33f39821e71f0da1", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689845446, "uuid": "1aa7d8ec-81f2-4afe-b284-da1d2cfa2688", "value": "T197E402815F525076C206BF398744B7B4C11F9DD6742BAB0BAE93F257A8FB6C27A03058", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689845446, "uuid": "ef939aa3-b16d-4385-80d1-101813ea4807", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689845446, "uuid": "166929b4-b602-4e1a-ab0e-f84aa37aa75b", "value": "12288:pS6ln+flo/XciMvHqpJr5OM2roh+AvKOdSHYYb+4YTePd0iTffYqHey2YQPdOl7N:wTdCjEHor5h8SnkYYq5Ud0kffL2lk74i", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689845446, "uuid": "4644a868-990a-4033-b566-b5adac76d309", "value": 714752, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689845446, "uuid": "9474d2da-cb7c-4bfb-8411-0926f36c4e11", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689845446, "uuid": "b2e24c5d-b590-42a5-9bc5-e8f8236d506a", "value": "SecuriteInfo.com.Win32.PWSX-gen.11935.10916", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e9102320-26d5-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1689841067, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689841067, "uuid": "3f4afffc-ca14-45cd-9028-e13d73a72b83", "comment": "Malware payload (RedLineStealer)", "value": "61f9fa54d7b7412bddc266435180ebbd", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689841067, "uuid": "11fe4cb8-39f9-43a2-b2f0-a9f8a2472e30", "comment": "Malware payload (RedLineStealer)", "value": "2b9096c454fbe14e2a9e3d5d730d7e08c0aab35dbebfb33fd50e447323edce96", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689841067, "uuid": "86480816-a08a-40ab-bae5-97f1b819b281", "comment": "Malware payload (RedLineStealer)", "value": "12a27172773bbac5b1bb494dce2c4ddfae98704c", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689841067, "uuid": "99092688-532b-4499-aec6-c425b192065b", "comment": "Malware payload (RedLineStealer)", "value": "1dfb3221717d9cb186ee81da89ad3c4a5d1a0ad17d358489bd7a22f3fb8578b385f84cd691be66239b9a9c8f6ec933a1", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689841067, "uuid": "407e747f-c2b6-4883-8f6c-80c646f920f6", "value": "T1EC840102E6E88133CEB95BB058F203D30E36BCA14D78876B2795A95A1C735C0B57677B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689841067, "uuid": "db7239a1-958d-461a-af0b-c5d8e9a3eb77", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689841067, "uuid": "e10dedc3-22c7-4ee9-9283-a90575e17366", "value": "6144:Kiy+bnr+Sp0yN90QE+pQDqRcFCkWsjZNc0cRRpKjO2TpX4+a86Fjm:+Mriy909OcXo+D6Fjm", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689841067, "uuid": "8b91f467-585f-4062-9415-9e9c43d894a1", "value": 399360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689841067, "uuid": "34c89c8c-5f74-4d77-9637-7d3e851514c1", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689841067, "uuid": "3d351037-f722-404d-8bb8-626d022f375e", "value": "2b9096c454fbe14e2a9e3d5d730d7e08c0aab35dbebfb.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "848b29d4-26ec-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AveMariaRAT)", "timestamp": 1689850777, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689850777, "uuid": "a5a73f23-74fe-48bf-a091-b4ed84835f0e", "comment": "Malware payload (AveMariaRAT)", "value": "f9e9c20b55676430e09d02281ea54927", "object_relation": "md5", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "gz", "colour": "#97C949", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689850777, "uuid": "ce63fe3b-3f86-4b24-9288-3ff51be53484", "comment": "Malware payload (AveMariaRAT)", "value": "2b99489e7a38c3bd5c6d5c892500fa293c5ddd8ef8bc2b466c5f48e06ab42430", "object_relation": "sha256", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "gz", "colour": "#97C949", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689850777, "uuid": "11ec3980-83be-436d-bd1b-73c6b014b52a", "comment": "Malware payload (AveMariaRAT)", "value": "7e162cafdbb5214a64489662660932e605e4f1af", "object_relation": "sha1", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "gz", "colour": "#97C949", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689850777, "uuid": "ee3a0493-a7e5-4ed7-90b1-5e8378b4b3c1", "comment": "Malware payload (AveMariaRAT)", "value": "c663122c63b4ab32d42e64ff7fc43d1c57f170273392873aafc5a552ac292feaa1b86a4808be9943f045ee2d433d1d52", "object_relation": "sha3-384", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "gz", "colour": "#97C949", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689850777, "uuid": "73d9478d-32e4-46fb-acbe-bbbd4f571687", "value": "T19DE2F126B0315F1535100CE925E81803BEEE8F76F6AA4FB2855D92FE097C629B72D0DD", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689850777, "uuid": "9539a658-a608-4ef2-b4ca-8ab7507e0a63", "value": "768:pduG/vniINWBRDEg/x24Ra2DovIieNhIrV6z3UfCynyafEI1Fj:pdVnPNSJ2m7ov0ohia8If", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689850777, "uuid": "33a990af-ffe7-4769-83d3-bc0c52ac0740", "value": 31168, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689850777, "uuid": "478d31a9-574d-440a-85d2-ba7aeb1ec17f", "value": "application/gzip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689850777, "uuid": "b32e9c48-8be3-43f8-b946-31f3765121c9", "value": "JulyPaymentAdvise.tar.gz", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5095491e-270d-11ee-a6f9-42010a9c0055", "comment": "Malware payload (GCleaner)", "timestamp": 1689864863, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689864863, "uuid": "cd07b5d9-0857-4281-9b5c-be98b67392c0", "comment": "Malware payload (GCleaner)", "value": "fd7b70bf684a9d53e60baa6de5fd7604", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689864863, "uuid": "8fae799b-6646-4cf5-afc7-d61807510bc7", "comment": "Malware payload (GCleaner)", "value": "2bdb1e8fdbd38cab702b92b9f77a3d99db0afe2f4d45775003ead8fbf443e201", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689864863, "uuid": "ecc33adc-c624-405b-85fe-cc4a1ccb1ec2", "comment": "Malware payload (GCleaner)", "value": "2e73792982e9410696e8ac7f0d89d8722370eee4", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689864863, "uuid": "fe939c16-4c79-48bb-992f-4c5884bd9755", "comment": "Malware payload (GCleaner)", "value": "8c3c23e41d3fb1e1e5a72cb28f78905f8e4ff821ae419ce355837652b5f6fc10bc14f7eb2c36fdee9fcafe6f1ae8e223", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689864863, "uuid": "21695e94-5eb7-41a1-aea7-a207854f74ac", "value": "T135853386E5C106BBC5A356F90E205410E3737DA53C35389CB4CD2A6D5F3B9EB4AE23A0", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689864863, "uuid": "fa0c83ad-9fca-45ff-871a-d2cdae58cdb8", "value": "884310b1928934402ea6fec1dbd3cf5e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689864863, "uuid": "9bc5ea43-7bc6-4faa-9a0e-271f5c7880d0", "value": "24576:E2lWLzyMb/jcKd2Azt5neR8ZNBoJHtxFTwofwSklfdVh8whzAg8nhKFc/jRX150Q:E2YLzyMHJe1htxlOfd7Oxn9jR1qwkB6", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689864863, "uuid": "6f1be3e3-7aaa-4484-93f2-19dea84a5c39", "value": 1735121, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689864863, "uuid": "e9ac7436-e629-4a8e-b7f7-2ad66623a552", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689864863, "uuid": "ab40c8d9-9bbf-4eff-8bd6-d642e0f18020", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ec067594-26d0-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1689838924, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838924, "uuid": "98198da9-998c-4ca7-bdf6-6932aa5b7208", "comment": "Malware payload (RedLineStealer)", "value": "10d6d24c1d3ecb404d5b69fc8761cb62", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838924, "uuid": "338933c8-a0ef-46a1-afd8-7808fb90920c", "comment": "Malware payload (RedLineStealer)", "value": "2c5627850f2c8ed462789b67350ff732920e65ca8f1ea23eea129fcbdeb35e17", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838924, "uuid": "9cade2b1-b6eb-416c-bc23-536f119f11d3", "comment": "Malware payload (RedLineStealer)", "value": "6e85f191e092179712a2af6762fc4241b7882afe", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838924, "uuid": "d18cfeb8-c528-4257-a3e8-c7b658f285e0", "comment": "Malware payload (RedLineStealer)", "value": "fbe3f66f9c913f0eef4efa3e06a3c9edec087fe9d7c096a8bc08e8103525a9e17e35cb958a0a1f66ea65ac6adca66e8c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838924, "uuid": "c9373abb-cd6a-4c4a-ae16-39c168f6c882", "value": "T1BC840152A7EC8123D9B427B028F613C31B367CA29874836F2399A96D1C736D0B53577B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838924, "uuid": "cfef656a-8842-4650-9647-87adc0157254", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838924, "uuid": "ed5bb598-eea0-4e65-bb64-5ff4ab0349d9", "value": "6144:Kty+bnr+Yp0yN90QEPyZ5LUUy4rbACmJAbfYt4tXegiG2NtJ5sqgSm4X:XMr8y90dyPyyuJ8SQXegiG20qgSr", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689838924, "uuid": "c85e0f6f-c6fa-48cb-bb10-064201c4cd08", "value": 399360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689838924, "uuid": "085e5a81-f899-4814-bd5d-0e6ea1bd1712", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838924, "uuid": "a86f27b8-09fd-4b41-9e07-86fccf4e14cf", "value": "2c5627850f2c8ed462789b67350ff732920e65ca8f1ea.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f8ca1984-26ec-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689850972, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689850972, "uuid": "38fbb34c-c1b8-4eb3-9961-15897104688f", "comment": "Malware payload (AgentTesla)", "value": "f18a1e0bc9c11b0c6c1d0791b396cfb6", "object_relation": "md5", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689850972, "uuid": "43590ec2-a88f-4112-aa02-cb49c7a3cc3f", "comment": "Malware payload (AgentTesla)", "value": "2caa293a79a77c550bb762d0ffe030819322cc2caf6f1e60f7d5c53babb8a6b1", "object_relation": "sha256", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689850972, "uuid": "a02cddd3-dd48-458d-87dc-1676fa7b4c3b", "comment": "Malware payload (AgentTesla)", "value": "4ebddbb80939190e70ca82803089dbffe4bb6699", "object_relation": "sha1", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689850972, "uuid": "17f48cc6-2357-42e2-835a-717340bdbcac", "comment": "Malware payload (AgentTesla)", "value": "1253eb5f2737118e417fab740d496850280245b8611b68329098469275189fa5058108ba63043a972875989b4e9f222e", "object_relation": "sha3-384", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689850972, "uuid": "f0d202a6-c78f-453c-b288-b70587bfc531", "value": "T10D9423228FB8EBC03DB27FD14B3459F2DA8940D86549F5DE8141CA9BF0D94E85E68E30", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689850972, "uuid": "675e081e-a8f6-4876-aa17-2565fc808d63", "value": "12288:HGd2xU9MQCBz69cLTbpL345g12N+wwcxmP4bhddE:HsJ9Mtbh345g0bwke", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689850972, "uuid": "32f1adf5-06e8-48e9-8924-af832f56fdee", "value": 447426, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689850972, "uuid": "e2426013-1143-4296-9051-c13bb9aa7ae5", "value": "application/x-7z-compressed", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689850972, "uuid": "2de57350-c547-4e08-9b7f-591156b654a4", "value": "CI-23JC0607-TWO USA.pdf.7z", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6e7f15e9-26fe-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689858471, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689858471, "uuid": "740f0cef-3e53-4719-a88b-07d67dca740b", "comment": "Malware payload", "value": "24eab22864ac9669755c94afdca20bc7", "object_relation": "md5", "Tag": [ { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689858471, "uuid": "6daeaedf-7b5d-442a-814d-c97a22b7ff7d", "comment": "Malware payload", "value": "2d29cd9fe0392036c8e10dccfe3a3e56a4c1dca60ece6dbabe903885b9723d6c", "object_relation": "sha256", "Tag": [ { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689858471, "uuid": "2c700d07-f816-4dae-b710-09bc51351717", "comment": "Malware payload", "value": "927be2f4c69c189163228b481ab8e577d8a32ebd", "object_relation": "sha1", "Tag": [ { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689858471, "uuid": "8ad88152-ac1d-4f5c-8393-b6a0f4c68dff", "comment": "Malware payload", "value": "adddf00c2dac0e4e35490cae6a9ce66916c94aff2638783dcb76a467eea5db48712e4d2c9ea577f7bd58731bc8dc14fa", "object_relation": "sha3-384", "Tag": [ { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689858471, "uuid": "9be3a16b-cf6d-4add-bd85-d8c03f77a3e5", "value": "T10EA63A6BB1A4812AD11DC13ED0B3DF40953374751F36C5EF9294126A0EAB9D8DE3EAB0", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689858471, "uuid": "d332a897-7b9c-4ef6-a62e-de7337d9c64b", "value": "49152:AvfCx9893NQ9EWDZqTATFnYBP3Slqm0IH7zSj3d/jzTF3Kiglz7h01OviwPvY3JW:Z893JWblz4TKl2MPvWJo0", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689858471, "uuid": "943b612d-a5b7-43d6-99be-27b0c2f85717", "value": 10192384, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689858471, "uuid": "bc3e2928-06b5-465c-a51f-ce5a124d844f", "value": "application/x-msi", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689858471, "uuid": "cf0b2283-fe72-4bc5-88bb-ac2d4ab0f4f3", "value": "Copia_de_La_MismaELCSLVIZTTvjczsZVDZUHJUSHztmcv.msi", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b6e7d582-26ce-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1689837976, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689837976, "uuid": "f4e7b993-a1bd-46b3-9dff-f68584e296e9", "comment": "Malware payload (RedLineStealer)", "value": "5282e0ac5fa65eac3bff0c1c0fb89e66", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689837976, "uuid": "47b24553-8043-4774-9a92-e3e6cae7aea2", "comment": "Malware payload (RedLineStealer)", "value": "2e704d46c206ca5f2aa354b4df87739b6f3093d568b4d36d850487fba4198711", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689837976, "uuid": "237cf290-b395-4195-89c4-072cbd01518a", "comment": "Malware payload (RedLineStealer)", "value": "9fb25fe09574c65f48e13a5bfc00e65be6e21cb8", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689837976, "uuid": "ca86b787-9a62-4c7c-8626-2067ae7c0bc1", "comment": "Malware payload (RedLineStealer)", "value": "683a79cf463bc320ad1ecdad0e655481367338041197c1a81dc8a43e334ffc7becbf9b95cc72e0c3cd1ae638e297c004", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689837976, "uuid": "2d7ff4e7-39d6-4cb6-b7aa-94c46d484a03", "value": "T1BA840102EAD84433D8B6137028F612D71A35BDF1AD7847AB2B80A95F0CB26C4E57577B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689837976, "uuid": "c76000c8-4aae-444b-aa20-889b4907dc29", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689837976, "uuid": "bfbf91e2-488e-4452-99ac-d93a3118ae0f", "value": "12288:/Mrfy90+JKJxggY+JOSlT2TtJJBXd5ltQ:AylMnx8i2T/JHC", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689837976, "uuid": "05cbc380-8a40-410a-9ad9-600f75b59bc7", "value": 398336, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689837976, "uuid": "a246d0b7-cff9-4b4a-9bdc-2cc6417949a5", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689837976, "uuid": "d2703568-b735-4ba5-9b41-f7111988afe7", "value": "5282e0ac5fa65eac3bff0c1c0fb89e66.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "19dccd6f-26e0-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689845444, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689845444, "uuid": "189aa12f-2aa2-4cf9-be8e-18eca97abae5", "comment": "Malware payload", "value": "32379d7b30e1c8d906e57fa8bf1aee86", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689845444, "uuid": "35a085fa-a2d2-42c8-ba5c-27f1414439a2", "comment": "Malware payload", "value": "2ef788275f064925fd3f4e995b651529e920c86323e99a54c1ca05dd15514134", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689845444, "uuid": "e88680be-e5a7-4170-b49a-3fecdb8980e6", "comment": "Malware payload", "value": "d3b9c441e88f4e885aedc5fb5647ff78536a45f1", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689845444, "uuid": "57808907-1992-4039-b30e-9b8ed0464da9", "comment": "Malware payload", "value": "37eca8edddad8a37c12e578467f279897a626aac0d4031a93c1adbfa916291693a7dfdfea14f6830784308382b547b06", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689845444, "uuid": "3d31b027-a526-4cb1-8ef3-9961b03b1fc2", "value": "T1D0338D05B6A0C0B3D96B073559B997210A7FBC628AF484833FAE064D5EF11E1763D367", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689845444, "uuid": "7f5089d3-a572-419e-b10d-7f1eb6ffe5cf", "value": "b3c5e81c2a49c8b00d13a96c67599538", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689845444, "uuid": "d79e908e-a734-40e3-a9d8-8e4b21df377b", "value": "768:aemr74kkFo99JEn2ZObYkBElRWFNKojistyxdjPTtVQ98ltzzOP5QjvXg:aemr7TtiSJBD7PTteky5Qj/g", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689845444, "uuid": "41280199-ff14-4a7d-adce-ad5ead3ec7d7", "value": 54272, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689845444, "uuid": "9b4095f8-a041-46d2-a51f-89ab512eb35f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689845444, "uuid": "3df4a2b5-ac78-4265-8f02-7a4a3e030766", "value": "SecuriteInfo.com.Variant.Fragtor.324720.25337.13556", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b4900bf5-26ce-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1689837972, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689837972, "uuid": "0edcb533-b1d1-45e7-8a81-31602dfcc76b", "comment": "Malware payload (RedLineStealer)", "value": "5eefca970668dd32f430fafd3cdf4db3", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689837972, "uuid": "30abf29a-db58-4c80-bf45-b779fb962d60", "comment": "Malware payload (RedLineStealer)", "value": "30ad046cf0aedf4921ec882d7e0d5547054f8fc5f95a022b632155eef795fdc2", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689837972, "uuid": "08523655-88c9-4e98-b3e3-e498bf311d2e", "comment": "Malware payload (RedLineStealer)", "value": "1f84aa1ff5482e7da4c01906a7c77f8fa423d7e5", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689837972, "uuid": "6fd60db6-f8ae-41ff-8db4-347d734afb71", "comment": "Malware payload (RedLineStealer)", "value": "ee56bf744859b77aed5efe13ecc8c410161341ef7a794ddb2a88ee43ff3119be01a93ac3f23051c4aa8c6b1dab668852", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689837972, "uuid": "562e3ef1-a03a-40c7-9072-28e6d464175b", "value": "T111840212A7EC8031DDB52BB058F203C30B357DA19AB843BB2796985A4DB39C8D47577B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689837972, "uuid": "fdbb2a35-6790-4dd6-ba30-24fac14c3c02", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689837972, "uuid": "ce639069-c449-4303-aaeb-6329a93abccb", "value": "6144:Kgy+bnr+yp0yN90QEDlzabyaFVI+w63lvY61PKLsoPLLsK2+mVuCcHnlRH8eaxEN:MMray909Va2wj1PKLsoPwBcHnl9VrnD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689837972, "uuid": "97dc61e3-de08-42a3-ab1d-2e0ae49fc4f9", "value": 399360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689837972, "uuid": "338a3d4f-9ed9-4b06-ba02-93f234c2baad", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689837972, "uuid": "f92418a6-c80f-4561-a547-93a7d1e4a899", "value": "5eefca970668dd32f430fafd3cdf4db3.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "05f22a1a-26a8-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1689821359, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689821359, "uuid": "18f94aec-861c-4885-a3f6-44d32492ee23", "comment": "Malware payload (Mirai)", "value": "964009aca92d555e466d85ce6cc414f2", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689821359, "uuid": "0da7856a-769c-40ce-86a1-cb799d997039", "comment": "Malware payload (Mirai)", "value": "312f25d60b0b4a3fe005294afc23d28b4f19682f81495908ba1af62acb0b73f7", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689821359, "uuid": "d2392fa0-6da9-4ab8-9e89-a653aa22f0ce", "comment": "Malware payload (Mirai)", "value": "fe2dcba54e6daa7d0616c854a3626f1a166ef559", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689821359, "uuid": "7ca7858d-fea5-4370-8cff-6b1c6c721eb9", "comment": "Malware payload (Mirai)", "value": "66577790bd983ab886c3199a3000effb52b25afb316f30aa4dfe7d7f8af3b81b46a2a738f2015128cf58a8f0e5f19d57", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689821359, "uuid": "d74072db-d740-4ad4-9ea9-b4f5ad22e67f", "value": "T10F93D615BB550FF7DC5BCD370AE91B01358C964A22E8BB367934D828F64B24B49E3CA4", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689821359, "uuid": "f7fb74b8-d8b9-4b64-b698-4a2c112b9f57", "value": "1536:Wrbs/EiigkYx62036FBdvbHrREYZmlqGYcVQp0Wqv:WrbcDjy36FrbH6Yci0rv", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689821359, "uuid": "cda19446-1bf2-481e-9b86-42060480ab6c", "value": 88880, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689821359, "uuid": "7842f092-e350-45fd-9c53-a77980dcfddf", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689821359, "uuid": "4061ecf6-9abf-49a7-a17f-2266bbf82bde", "value": "mpsl", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a6868541-26e6-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1689848257, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689848257, "uuid": "f43249fd-72ac-4a7f-b25a-14754fad5597", "comment": "Malware payload (RedLineStealer)", "value": "8965f85cd8ceaac637f7ce969b31e87f", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689848257, "uuid": "3d83f606-8e2e-4e27-b72f-6be415d72c7f", "comment": "Malware payload (RedLineStealer)", "value": "31714e287ace88f54febd6e8f4714a27d61ad35bc95ab8b019334acebd9cd459", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689848257, "uuid": "df4ce3e0-bde1-4a17-a3c6-a52931db3990", "comment": "Malware payload (RedLineStealer)", "value": "e83a34bca6d34e37cc4652d12d30e994aa9856c7", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689848257, "uuid": "041d736c-48eb-46e7-baf0-42484db9b806", "comment": "Malware payload (RedLineStealer)", "value": "d9302444c5bb2a86e3e9df5577788e4c786164a5c5867b51e2ab6eef682802e3d0e68d563e04c548d565b690c760659e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689848257, "uuid": "9e00a8d4-18df-44aa-8a47-b6156c705a09", "value": "T111840153A7E85432DDB927702CF612C31F3A7C615DB8832B2786A85A4CB36D8A531737", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689848257, "uuid": "01bf3088-c4fd-48c2-a381-680fb3188548", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689848257, "uuid": "b711bb59-d471-4bc0-9d44-7540237c835d", "value": "12288:vMr5y90TOiPLI6kQHj0rPxqcHnl9va4w5N:iyYrLVDuPx5HTa4wf", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689848257, "uuid": "f66fd3d4-d085-4242-b1dd-8535b7ffc3cc", "value": 399872, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689848257, "uuid": "7990059f-aa58-487b-a44f-ac5bc8b3d32b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689848257, "uuid": "6addaacd-89f4-4c2e-8962-2660138560b8", "value": "31714e287ace88f54febd6e8f4714a27d61ad35bc95ab.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e9d4b5fb-2730-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689880153, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689880153, "uuid": "7debb7bb-638a-45a2-bf6b-078b8d3872ee", "comment": "Malware payload", "value": "105ea394d876b44b10a1e8e34eae1d29", "object_relation": "md5", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "stealer", "colour": "#CABE3B", "exportable": true, "hide_tag": false }, { "name": "strela", "colour": "#C58EDE", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689880153, "uuid": "b0af9e13-e5f1-485e-8ecc-5282a4eb54e8", "comment": "Malware payload", "value": "31e9953ae2a8a367ce5abd6f72031d8e50fa57de1ce617d5f07360f43f358206", "object_relation": "sha256", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "stealer", "colour": "#CABE3B", "exportable": true, "hide_tag": false }, { "name": "strela", "colour": "#C58EDE", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689880153, "uuid": "27626af6-7ecf-4e30-adac-2836ae1c745b", "comment": "Malware payload", "value": "f9f5939b0303f948a76631b8adb7628482092931", "object_relation": "sha1", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "stealer", "colour": "#CABE3B", "exportable": true, "hide_tag": false }, { "name": "strela", "colour": "#C58EDE", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689880153, "uuid": "a693dc90-1051-4176-81ca-e7f25d94c38a", "comment": "Malware payload", "value": "b844a1d6cce9787e9b46253f0be87faa3810312561b9e678274762006b4eb5085807d579e15ba6dab8c81c005418ae93", "object_relation": "sha3-384", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "stealer", "colour": "#CABE3B", "exportable": true, "hide_tag": false }, { "name": "strela", "colour": "#C58EDE", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689880153, "uuid": "994fe590-6ded-43ee-b933-cc871f2f4504", "value": "T158E44BF476E07BD70F75190DB3CE40B23D54B857F4EDAD8622890E1E9284299C9BBDA0", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689880153, "uuid": "ed2d1797-d213-457c-a26e-6c8e4d3e4109", "value": "12288:xKXO8t3iNqvuv7EB2QQwQlHUMFgEoYxYUq/ATZrcDNHmOM9mos:4e8tSNHzE4QQ3l0MFgE3bFoUOL", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689880153, "uuid": "e45414e6-4802-4130-bdc9-b6b74db369a4", "value": 673500, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689880153, "uuid": "69e528ae-c95a-4620-bb6e-4e009db43ab3", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689880153, "uuid": "c7a99cf9-d67c-429b-ad9d-8536e6b764cd", "value": "41371455924907.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "91182f40-26f9-11ee-a6f9-42010a9c0055", "comment": "Malware payload (CustomerLoader)", "timestamp": 1689856381, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689856381, "uuid": "615b5ba0-0dfd-460e-9f61-d9c3d971f715", "comment": "Malware payload (CustomerLoader)", "value": "4c2a031d0cc56086cc43301542371219", "object_relation": "md5", "Tag": [ { "name": "CustomerLoader", "colour": "#57A5C4", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689856381, "uuid": "0f512b12-425b-43ac-9cf8-69ea600482cd", "comment": "Malware payload (CustomerLoader)", "value": "3221d31ff9f0820ff9682639db213103f4f4ad42d3a6778cfcb4aaa223239903", "object_relation": "sha256", "Tag": [ { "name": "CustomerLoader", "colour": "#57A5C4", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689856381, "uuid": "e6be19ac-086d-4757-94e6-c08b697509ca", "comment": "Malware payload (CustomerLoader)", "value": "b0c21a2b4446b910333f6f774f50a54075d1b021", "object_relation": "sha1", "Tag": [ { "name": "CustomerLoader", "colour": "#57A5C4", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689856381, "uuid": "29c42b3d-3ff8-4627-83b6-7f929901fcae", "comment": "Malware payload (CustomerLoader)", "value": "9abe1a96eda01cea345dd4f937b538030f7c6adf81eb7995cd702f5e449da8797504f3389035a79df0919a9b31747acf", "object_relation": "sha3-384", "Tag": [ { "name": "CustomerLoader", "colour": "#57A5C4", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689856381, "uuid": "45096632-43f0-4473-9403-75d62c11df01", "value": "T1DAF2E1045BDC0174DA670A79ECF102421B3A6F97A957DB4FAFCCB64E1D4327522227B1", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689856381, "uuid": "be372142-9d1e-425b-8967-a776c2325521", "value": "768:zJCyOqGS5fUq5Tllmu24Ra2DovIieNhIPVQPa9+7S:NtGS5rTll92m7ov0oW6+7S", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689856381, "uuid": "ec5c689c-75cc-4814-aa31-82fa6db57bea", "value": 37376, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689856381, "uuid": "5fdc0f84-453d-41b4-8a9f-2a1ba536be35", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689856381, "uuid": "489ce3a6-8844-4c90-b28a-d38da8c9153f", "value": "SecuriteInfo.com.Win64.RATX-gen.22569.4798", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e754643c-26ed-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AveMariaRAT)", "timestamp": 1689851372, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689851372, "uuid": "23805b63-0e13-46d2-9be6-afcbb2e245af", "comment": "Malware payload (AveMariaRAT)", "value": "0ea4440a5150a623e4d2ddb9125adce8", "object_relation": "md5", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689851372, "uuid": "605a0980-4ca6-4734-b7cc-6bcfd4f2da7f", "comment": "Malware payload (AveMariaRAT)", "value": "322c5cfe15e41f03aa2ee2622fe119f52e8a55284132046bcfd37593b51bd591", "object_relation": "sha256", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689851372, "uuid": "6e004feb-2f98-4ce2-8c08-7aba70cd6c66", "comment": "Malware payload (AveMariaRAT)", "value": "3abc1b5de19571fb4653a489f06e2ab2883044bb", "object_relation": "sha1", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689851372, "uuid": "0d5cd804-8f14-46eb-a4fb-7d13ad3552c4", "comment": "Malware payload (AveMariaRAT)", "value": "cd124280a023be065f12ed40e23af1e73f13d07653c54466159c0932c0a478fad514bfc5f10302ec2850d3717acd4a70", "object_relation": "sha3-384", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689851372, "uuid": "aaa0698f-0a11-415f-a738-24d6aac5e3a1", "value": "T166E4F13495B98B5ECA731BB0F925093D47B76A667532D32F4E1170E236B1F038602BA7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689851372, "uuid": "6e5768c4-4162-460e-a3fe-b9e3b49d20c1", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689851372, "uuid": "56a9b858-2b58-4434-bdb0-644ea3a63bd6", "value": "12288:QrS6ln+flo/XciMvtQth1kjFln1V3JaTrllEBM56djlm5SYWLj:QWTdCjEWH1CDzJavllFuxmYY2", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689851372, "uuid": "7401b0d9-2f57-4caa-9952-7dc33977d41f", "value": 680448, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689851372, "uuid": "f97ddfa7-3865-470e-ae69-2c73f1f7e022", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689851372, "uuid": "c16860a8-2b92-45e8-bc0e-d4b9346a843e", "value": "SAMPLE-ORDER.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "99df11ae-26ed-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RemcosRAT)", "timestamp": 1689851242, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689851242, "uuid": "3ef23dbd-02f8-4ff0-9b33-f6c88be601a9", "comment": "Malware payload (RemcosRAT)", "value": "4ac2c263ecf47d72ebc0d897db660bfb", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "remcos", "colour": "#0EEF17", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689851242, "uuid": "58af69da-d9f8-497b-b5a7-4721eade4bb7", "comment": "Malware payload (RemcosRAT)", "value": "327a977795643eb169e5bd5df1c5dbbfcea5533adf8f206aad9f8e5ee0832ca4", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "remcos", "colour": "#0EEF17", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689851242, "uuid": "6342ddfb-66ba-4fdc-b88e-cf0e733c4111", "comment": "Malware payload (RemcosRAT)", "value": "c8a2f84bba82c6c6541fa0ee96836b4fb62b5498", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "remcos", "colour": "#0EEF17", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689851242, "uuid": "7f4d3eb2-7f85-446c-896e-255be764541d", "comment": "Malware payload (RemcosRAT)", "value": "c238252163298208d4e71cd50b1d647440034f1d43d7a2173f60d3b32be3db5eacb4587a9d5705c5c17e52e3ae574138", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "remcos", "colour": "#0EEF17", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689851242, "uuid": "d076f36f-3c75-4a8a-a288-b3f88abc4548", "value": "T1163412A86B2EC859D194C7FC8524D5F222E95C7E0D2665CE1BD8FE2FFD27200EC910A1", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689851242, "uuid": "169af23b-f78c-4e4f-9875-f643b5c94082", "value": "bc4f8e98d1041d53dd63bfb91ed10d0a", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689851242, "uuid": "0a465cd2-24dd-458f-9f40-31d66a64fe1c", "value": "6144:KvGSN9gWuLpcBKnVBYAsmrzpyDfOXXVxB:KvbGWulcBKV3uOX", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689851242, "uuid": "2bbe2cde-879d-423b-9594-a49b31baf859", "value": 238080, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689851242, "uuid": "13936c7e-6f8a-4bb1-b7c7-f84531bcd186", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689851242, "uuid": "c17de6bb-c82a-47f5-8b4d-87c47b659c47", "value": "bOwP.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "71cc7989-26cf-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1689838290, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838290, "uuid": "8493cac6-2b2b-46c8-bffa-f4e8eb2901dd", "comment": "Malware payload (Amadey)", "value": "7cef3bd388b302e9c958a48ed6ac8371", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838290, "uuid": "5356904d-cf0f-4b2c-81b8-0195d0659e89", "comment": "Malware payload (Amadey)", "value": "331c6be39fad820452af9b4f32e59e7e9869038b06fb102afd714092f986c2b4", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838290, "uuid": "12d9e9eb-2735-4810-aa9c-56d5be3d55a0", "comment": "Malware payload (Amadey)", "value": "a63880f34d38720ff89d6999cc40074fe6ab7e34", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838290, "uuid": "52a369b0-86e9-4a10-8fea-26961da1b0a6", "comment": "Malware payload (Amadey)", "value": "a81ad017d4f840ed636158f5ffeabe01673f4e82636f997a4d591058274c50a27957da26c25dc8409ec8f61cb9aebbc7", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838290, "uuid": "49a52fb8-fb33-443d-b54d-02fcec01e382", "value": "T13E840102EAE88133ECB927B018F703931A3ABCD19D78876F3759694A0C725D4A53577B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838290, "uuid": "305c5e62-1496-4bdc-8b9a-850d76dd2860", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838290, "uuid": "3fc920d3-54a6-4b3d-ad07-54bc95b5c5bc", "value": "6144:KLy+bnr+Op0yN90QEeOC7lX3kW8nZNXpD1md7LeWuOQDUvh5xqbV5OE4AwZO:RMr+y901uaEnnQShHuVg/XO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689838290, "uuid": "bf90c801-766b-4feb-aedf-3ed91a8c43ea", "value": 399360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689838290, "uuid": "1594f59c-83b6-41e3-b19c-3100804f87c7", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838290, "uuid": "e3c02467-0ddb-4fba-8b78-4c4ff3183829", "value": "7cef3bd388b302e9c958a48ed6ac8371.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a2bf3227-269c-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689816468, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689816468, "uuid": "90972005-891f-4006-be7f-46bb02ab9028", "comment": "Malware payload", "value": "116643b03ccdb1f50f417b1c7bf4d21a", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689816468, "uuid": "5e7727fb-1e56-4bec-9661-38a3f5d62f8e", "comment": "Malware payload", "value": "35b5117ed2ef867a91e48ea5b4c1d8cd22cb1812071027b71df7b41f6e04dc1c", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689816468, "uuid": "dc7a8d7a-04e5-40c8-aecb-6ac1897b7824", "comment": "Malware payload", "value": "8b4271e65cb970cc266355cebecde0e19ced9b05", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689816468, "uuid": "2faf1df2-c8fa-427b-a0a4-9fed69418141", "comment": "Malware payload", "value": "e283414c46dc59fc7c1d762638906505f3333f92e109e74bc96b6bccc71fe85769f7278287ce21734003e6e440be8248", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689816468, "uuid": "bee1b25e-fff3-45b3-8ec6-8e01d9ec5f36", "value": "T121238E017400C0B3C22A253D6559D6A18A7E69211BF565837FFB0BBE8F716E1B73E34A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689816468, "uuid": "204ccd0f-3488-4cda-ad84-24086645eec9", "value": "9fb005de05885508ee358053ad39fca9", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689816468, "uuid": "eadd0450-5049-4dd2-b28d-14ee7620b891", "value": "1536:fEAzJjj3/xXl2NHTABM36YIMRDTtBppqmc1a:fEAh5Qj36BMRP/ppA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689816468, "uuid": "6e38ae1c-36ec-4d07-8144-3837cae9db74", "value": 49664, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689816468, "uuid": "3bb7a632-932b-4583-a65d-5ab309561718", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689816468, "uuid": "2db59f12-0728-4219-a6dc-070972031000", "value": "SecuriteInfo.com.W32.Injector.ETCV.tr.1536.23188", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "59c7801f-273e-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689885924, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689885924, "uuid": "f6c7c94f-c633-406c-a034-afbc1657a8ab", "comment": "Malware payload", "value": "480ee4fdd9e26a154647d8a020c6d61c", "object_relation": "md5", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689885924, "uuid": "440e4902-10d4-431f-8920-7be36735970a", "comment": "Malware payload", "value": "3647ef514955c8e09ef42944b95da6acbf6c9b3f043a703c0c1fa0a48966eef7", "object_relation": "sha256", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689885924, "uuid": "da163379-624d-4c6a-9484-ce0ebcc5213c", "comment": "Malware payload", "value": "65c22cacf3d2ac5085fc03fc8ca16575996936d8", "object_relation": "sha1", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689885924, "uuid": "e8e48774-ffa5-4291-9367-be415a91cb71", "comment": "Malware payload", "value": "8a8bb82e29bb4c97651a2d0c909651aa6a2051555eaf7fc118cd7d0453050ef10cab1f34b9243306a56021cee2b91368", "object_relation": "sha3-384", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689885924, "uuid": "2f11ea37-c08c-4826-91e9-3534ffb81a4c", "value": "T141E423EAC86C9ACA09DFC5E44941EAA25D724F9BADC97F3C9D0BDF20A10C655442B40F", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689885924, "uuid": "23298706-0d6c-44d5-b330-34f642e49006", "value": "12288:hOT0vkl5FGll5SLBTfKmKPeM8mIPCNQA/x9+9+XZxf8w3Obs/9QDNAIk6O4sxHta:IAvkz4QmPSmI6T9+AXZd3j9QDNb+tX+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689885924, "uuid": "232faf40-7deb-45c5-9ffb-cb853204a25a", "value": 711374, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689885924, "uuid": "9069175c-e26d-4a56-989e-d6032d79b16b", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689885924, "uuid": "3e1ceeab-938e-415f-8006-51774bd196fd", "value": "DHL564.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b049be16-2703-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AveMariaRAT)", "timestamp": 1689860729, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689860729, "uuid": "c97553c1-8b2d-4ae7-b564-2be73498f258", "comment": "Malware payload (AveMariaRAT)", "value": "2d5b5766b9671f29c16e778336b52500", "object_relation": "md5", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689860729, "uuid": "a5904716-cf7a-48b8-80e6-88cc3cda2f77", "comment": "Malware payload (AveMariaRAT)", "value": "3669103bb71a217263881bcd143b2f60a68b75ccc08f0fc3e7520f44db68b8c7", "object_relation": "sha256", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689860729, "uuid": "fcfe2a8a-fc57-4a8e-9137-955c10ef6b39", "comment": "Malware payload (AveMariaRAT)", "value": "6ae2cc9c00e22baf46c828d7ab33a5a6ad59738e", "object_relation": "sha1", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689860729, "uuid": "fd652968-8243-49a5-959d-11b744fc22a2", "comment": "Malware payload (AveMariaRAT)", "value": "f887f6e1587995e703a976625b558bee669fcbebf0b92c00fd94f24b27f60db2874fc5cb41584186c0efee68068f42a7", "object_relation": "sha3-384", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689860729, "uuid": "bde3a507-201b-4096-a9d8-f7e8acb03358", "value": "T109459D2AE9842B76D0D895B88192FC6813FCCC421165EB9F1DFBF2A446F7B4F0A35185", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689860729, "uuid": "08c81cb7-8017-4b84-98ad-416b697d6ed5", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689860729, "uuid": "deb74011-11a9-4434-9cd9-aba6063766bb", "value": "12288:Cbt12i2c9b20yCX4q4aUFUYqtRtcIi1gS0TH4Y:lT1gSwv", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689860729, "uuid": "45c9fd0b-344a-4590-9cb3-90ff0842cc2b", "value": 1203200, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689860729, "uuid": "8537eb06-9d79-4bd5-8668-fbf5a6071e68", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689860729, "uuid": "adc62909-3709-4014-a8ca-544dfe4fc733", "value": "3669103BB71A217263881BCD143B2F60A68B75CCC08F0.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1a8def1b-26e0-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689845445, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689845445, "uuid": "04757027-6796-4aac-9fbe-c4dfed9845c0", "comment": "Malware payload (AgentTesla)", "value": "d8980ef378dd762d46bd3a743743d0c9", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689845445, "uuid": "95076f6b-6b7a-4d4e-9626-9854e25cec51", "comment": "Malware payload (AgentTesla)", "value": "368898c44f1e9babf0b8f9deb50f591846eccc2a834a149c2c14148800da1171", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689845445, "uuid": "00e597d2-3c4f-4ec7-987b-48c4adca51e5", "comment": "Malware payload (AgentTesla)", "value": "aaf1dec3b01aab311531ef996a8ef3313a7ac66b", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689845445, "uuid": "07c39e81-2073-448e-9a89-e800c3a2d4f3", "comment": "Malware payload (AgentTesla)", "value": "86a5cbab4bbe9d80c1202cf9adcfa02ae62da57f6bfefa143d42fb8cee4a8d78b8a2946108aad3894530d02da84e6dc8", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689845445, "uuid": "7795c0db-5736-4d52-a6c9-6fa3c3c80972", "value": "T170D42347A2BA492FC2464FB57C0031748228DFDBB89B9B9F9E3FF058D71634D9611988", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689845445, "uuid": "b6b8adcc-e1dc-42dc-bd54-a8ee5f7656c5", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689845445, "uuid": "eae6b2f5-ec2e-4f89-87d9-e87655bc2ed5", "value": "12288:FS6ln+flo/XciMv2Fh6ps+npt4N35WrH1oRbnXhJX5zF654GGKbyL5aOWuJ:MTdCjE2ipnpObWrH1oRbXzpZ6+5YZu", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689845445, "uuid": "9b65ee9c-6f94-492d-86b6-40b17e5ad1de", "value": 627712, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689845445, "uuid": "0eeb9024-a79c-4bc8-b9c5-f61c0035ce05", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689845445, "uuid": "9c9b10a2-227b-43f1-a05e-e53309cc2208", "value": "SecuriteInfo.com.Win32.PWSX-gen.12406.23090", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "33bf6d8f-272c-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689878129, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689878129, "uuid": "08312acf-0b20-4961-93c1-e03727ef05ae", "comment": "Malware payload", "value": "9203eed923eb95cd1a6a4a1324050e99", "object_relation": "md5", "Tag": [ { "name": "PowerShellDropboxScreenStealer", "colour": "#A62721", "exportable": true, "hide_tag": false }, { "name": "webshell", "colour": "#DEA34F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689878129, "uuid": "c74c8e16-21f9-4f43-b830-c47aa3e5b7df", "comment": "Malware payload", "value": "36ba5e68f70c8b3807fa118f34ede30f320a04b29ed37c4f73d353af4a200b94", "object_relation": "sha256", "Tag": [ { "name": "PowerShellDropboxScreenStealer", "colour": "#A62721", "exportable": true, "hide_tag": false }, { "name": "webshell", "colour": "#DEA34F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689878129, "uuid": "6de08d3f-4afa-4cd4-b0fb-59c87582a4fb", "comment": "Malware payload", "value": "d5cdeb7c1399fdb9bd949399cb222d91d8db87b5", "object_relation": "sha1", "Tag": [ { "name": "PowerShellDropboxScreenStealer", "colour": "#A62721", "exportable": true, "hide_tag": false }, { "name": "webshell", "colour": "#DEA34F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689878129, "uuid": "b78f7dec-94da-4e1e-b046-fe4ec92b5044", "comment": "Malware payload", "value": "f1b818560e9e6d189d36820bea1d85d640acc42ac27722dbfc99e4f7284a6eb0c865f227edf99c7f0346feed8fda27de", "object_relation": "sha3-384", "Tag": [ { "name": "PowerShellDropboxScreenStealer", "colour": "#A62721", "exportable": true, "hide_tag": false }, { "name": "webshell", "colour": "#DEA34F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689878129, "uuid": "23da6467-6930-42f5-86db-77462cc5d749", "value": "T1864196F2F727C1C44476A677ACA7D08AAE78806D0021150A7ADCCDDAA7B0A705276F87", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689878129, "uuid": "5a4105f5-7c2f-42f7-970f-66ade970bb31", "value": "24:VJYcgZSedaNr1Vje1N7GFuNKOfvIPyIHWb3zlb19EZOVxD1cWyPsc3/FFO+gfj5s:8cxeUr1Vje11Z9IYb19Z/cPFFpgfqpg4", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689878129, "uuid": "b01d4e1f-4a57-42b1-9bfc-52522f2c4568", "value": 1948, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689878129, "uuid": "321e684b-c4e3-4611-9805-7c3b8e5cdc1e", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689878129, "uuid": "5468f42f-5c48-49e6-b8aa-0c776fe08dec", "value": "bshS53Wc.posh", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bc647b72-26d3-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1689840133, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689840133, "uuid": "0be0783a-99d8-4ba2-bf89-dbd3b99749d1", "comment": "Malware payload (Amadey)", "value": "7d114e866f3aebbf65ea5e0322ffa6a4", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689840133, "uuid": "812ff8d9-a8db-4be9-9b2f-49dd3be1dadd", "comment": "Malware payload (Amadey)", "value": "371f83e057f13466e2fea9ea5acee438ac49fa63875096d8859e4b0dd31df2f2", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689840133, "uuid": "4ee890da-173a-4752-9007-081127211929", "comment": "Malware payload (Amadey)", "value": "831e43f1dd3bd60dc0b8175b4b614942300d81d7", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689840133, "uuid": "1152291d-3be5-4fab-8fba-eda094cea6b5", "comment": "Malware payload (Amadey)", "value": "bdb8c4c3d2ec5597645365e35730a560c8622890abfb6924fc7634c9f3a3d527e0d52862d01099af96cdbbe23acb695f", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689840133, "uuid": "7a8c1117-069d-4256-8266-674c9e7bc843", "value": "T1FA84F117E7DC8122D8B527706CFB03D30E35BDA1AD34522E27969CAA1CB3290A53577B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689840133, "uuid": "188f1e9c-696f-4d5e-8055-036b6b05a4a9", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689840133, "uuid": "7472a15e-84cc-4bd8-b895-bbf5c79c553d", "value": "12288:0Mroy90rmKI+t0AnCwrcSor7h7XZvMvL46a:0yX+thC8cSShFUvL46a", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689840133, "uuid": "20748988-a47b-47b2-bba4-9b963b445916", "value": 399360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689840133, "uuid": "3d86cdb4-f288-434c-9ac6-9029573505d0", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689840133, "uuid": "15b1d52a-e438-493d-95a9-645820e32cc7", "value": "7d114e866f3aebbf65ea5e0322ffa6a4.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5059d111-26e7-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1689848542, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689848542, "uuid": "77416baa-2b16-4f89-ab12-fa7caae5351b", "comment": "Malware payload (Amadey)", "value": "4b24ecf2b34c4c389446939c060ddde8", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689848542, "uuid": "6f6ffe8e-8527-438f-b0b4-1acc695630ea", "comment": "Malware payload (Amadey)", "value": "3754d1115a8a0a19cc2164cd88182e48f6c2435bfbbcd6af4c63cc5dc0d61e68", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689848542, "uuid": "23e040d6-781e-4de5-b10e-1558450ca283", "comment": "Malware payload (Amadey)", "value": "0623f7a45306d3849c5045acdac3dbac60039df9", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689848542, "uuid": "85a2ee56-2d07-462b-8f63-5f353beba515", "comment": "Malware payload (Amadey)", "value": "7cb28a4af88c4bfd8b49871452401d30d1745512c48ebcc2f52f9b6abc374a138e37ea5cbefa274dcaa95bb16655a194", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689848542, "uuid": "e9cc74cf-6b41-42a6-8173-14fe3f6d6452", "value": "T1F7840102A7ECD032D8F61BB059F616830F3A7CB1A970836B3395980A4D73999E671777", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689848542, "uuid": "2ceb827d-83df-48dd-92ff-a02f73affc0f", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689848542, "uuid": "8874cdb5-dd71-4ce9-8c37-be6912423bd5", "value": "6144:Kgy+bnr+Pp0yN90QEKOK9pK9K6wWp+BnuyjamdLXs7IgmVK3CcHnlRHm8TttASdt:YMrvy90y3K9FYVdDmycHnl9rsSdt", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689848542, "uuid": "4abe546f-bfd6-47a3-b296-0325b33fc97b", "value": 399360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689848542, "uuid": "532891eb-6e4f-4e53-a9c7-2e61aabc97cb", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689848542, "uuid": "344d031f-abfc-489e-b600-8bed15dc63cd", "value": "3754d1115a8a0a19cc2164cd88182e48f6c2435bfbbcd.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4d8011e1-2703-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689860563, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689860563, "uuid": "7ed0a578-4fd1-4418-bc9e-c6ff20bcd5f4", "comment": "Malware payload", "value": "e71ef2f3f2cd8205edd79c5befa2f36a", "object_relation": "md5", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689860563, "uuid": "afa81fbf-eaf6-4ba8-8bdd-3d0fc0e9f45f", "comment": "Malware payload", "value": "37a8c46406fd8de799256f18e2e9593c0350311e82e4a91ee0367702fba67e92", "object_relation": "sha256", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689860563, "uuid": "a8ae70ad-5450-4a04-80ec-77e326e8482e", "comment": "Malware payload", "value": "f08771def9a53f3c8a1d4035987764f64b08d4b4", "object_relation": "sha1", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689860563, "uuid": "a9df5410-328e-48f5-a373-ea7ce675974d", "comment": "Malware payload", "value": "24b80ecef14cc8b45a0c0c0b77865a3419c72754526f6951e8ad417631bd3dabd4360e4529a1d4f04f42fd5945e67718", "object_relation": "sha3-384", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689860563, "uuid": "ed0fe752-4930-484a-9b2d-8895bfb03297", "value": "T1ABE65A07F89191E5C4AED230CA269252FA303C445F3067D73B64FAB92B72BD46B79394", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689860563, "uuid": "8da6e8b1-7905-4c54-94a4-0f2f5cd1774b", "value": "57c9b357ae0cb2f414b0a5873e2f216d", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689860563, "uuid": "796d3071-c294-4fe2-9dec-c8a6f09356c7", "value": "98304:iJZ9OH1lg6lIabm0Ud0TxEjt/4zHEFe9KDf:iHwHHg6lbad0WSzH4", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689860563, "uuid": "51981842-0b77-4cbb-9841-efdd44c12b2f", "value": 14533120, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689860563, "uuid": "5a11e66d-2f30-49d7-bf45-f60885bda0f2", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689860563, "uuid": "8a8e57fe-446a-478e-a877-007aef3fafc9", "value": "e71ef2f3f2cd8205edd79c5befa2f36a", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bad6a74c-26ec-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689850868, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689850868, "uuid": "f24a84bb-c109-400e-986a-f2462a8e9498", "comment": "Malware payload", "value": "8ede417cd7e008001b81e503c418e391", "object_relation": "md5", "Tag": [ { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689850868, "uuid": "78972629-274b-43aa-b4d8-b134741a6c74", "comment": "Malware payload", "value": "389eb4d08b6e32973b65a932ec36321f861f1ba4a61edb53c28a5b3e22a3e8d9", "object_relation": "sha256", "Tag": [ { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689850868, "uuid": "646a557f-d8d5-4dce-b624-0e007a9e5159", "comment": "Malware payload", "value": "f33900d6f3c522ed153037041c3b6493263c59f8", "object_relation": "sha1", "Tag": [ { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689850868, "uuid": "922cebff-cef2-4683-9af9-6be35b3daea0", "comment": "Malware payload", "value": "4b9f25be9ec1579d67cc3ceaad3bfd96b47fb52e30c3fa1bbfcd9607df9d6bd897fcdd155c076b722f77a7164acc56f2", "object_relation": "sha3-384", "Tag": [ { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689850868, "uuid": "ffc46da4-2cb8-4c6d-a0f3-92363ee87452", "value": "T13E4423CD1C1E7FF13CCC19CDA5C213DDD9D7A838897C7CA017629768A86D54BBAA4A20", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689850868, "uuid": "f872fdb4-1e03-4080-8a80-5061060c1a8e", "value": "6144:aPR70XLzbFeI/Lwx8cZ91GDBkDqPBaBP0jwxambAIoKmV0s0pYRAu:aPEDc8QfGDoqpa50MwcAIoKmV0PRu", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689850868, "uuid": "2298e888-0cff-47f1-85d2-572fe3849612", "value": 263628, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689850868, "uuid": "d287b707-bb05-4900-8394-788b316c4ee3", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689850868, "uuid": "566e6e93-46db-41d9-8f2b-d57346ec849c", "value": "Urgent Request.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9651229b-270f-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1689865839, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689865839, "uuid": "90147bdb-c080-420b-93e1-1114e65ea0e3", "comment": "Malware payload (RedLineStealer)", "value": "c2610dec1191296b50478b4e7f299076", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689865839, "uuid": "2ed5ebb8-178c-4689-b23b-af12637ad8e1", "comment": "Malware payload (RedLineStealer)", "value": "3990aae06754619a3d7f203404585dcba7ff89238a417ee30948d0b8d36a4bf2", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689865839, "uuid": "71c1c383-550c-4c9d-be91-27d324262cc3", "comment": "Malware payload (RedLineStealer)", "value": "1ba4a54e5a8fc1cd7e5d18f2f2ae704013607f8b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689865839, "uuid": "ec9b4600-6b2e-498f-9d1a-c352be0535c6", "comment": "Malware payload (RedLineStealer)", "value": "953311182827f52bfd3813de77e862b66cfc83d29a63b529d8908455d3e4e9e8443cbd8f632588742bb7a899cf74a272", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689865839, "uuid": "f81610de-f4c1-41ca-b29c-b8db153d05de", "value": "T139B41203EAEC4572D8B52BB049FA06830B39BDD15E75835B23856D5E0CB2BD0A572B37", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689865839, "uuid": "a6c43ddb-976f-47e3-be24-40d45c9bb4e8", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689865839, "uuid": "2606be62-8a06-4a6e-9274-aa13c828d038", "value": "6144:KYy+bnr+Tp0yN90QEzNneEyPNxfGjYEIA+6iht0616mK03sJwQJ9/kCw+8fur3KK:8MrTy909B8lJjbomKksJwIGR8jV", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689865839, "uuid": "8c032da9-46b0-4df1-b5e5-41c91cee53a3", "value": 527360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689865839, "uuid": "0e783ddd-973b-4069-a7bc-39879ef76f7a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689865839, "uuid": "5bdfb900-b21e-480d-b570-89cc1e86d571", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3d8753da-26d5-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1689840779, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689840779, "uuid": "f0833ab2-8e94-4349-9032-146aba4f88f3", "comment": "Malware payload (Amadey)", "value": "e5623dbb07c715bf40d82dd36df6cd45", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689840779, "uuid": "7edfef3e-f17e-467e-881a-245afd083eb2", "comment": "Malware payload (Amadey)", "value": "3a484bb7d4882d8f4ab5dcb7c60a4d1397a642611888b68c5e13702926794729", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689840779, "uuid": "cb36f0a3-e498-4ed7-a0be-9cbf0cc5f10d", "comment": "Malware payload (Amadey)", "value": "1e636843ca903406cf011d2359e300737cbc9176", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689840779, "uuid": "81205838-72a5-4059-bc48-a2eccf77b13e", "comment": "Malware payload (Amadey)", "value": "a13676288a5fa429ce0035dbe88773737bfba775cff64cb0d4555a8f1aa534589aad15f7e7838e484757b3b663be64e9", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689840779, "uuid": "ce159474-ebf6-4517-9784-802f208f2ae6", "value": "T1BD840142A7D88033E9B157702CF703D31F3ABC61AD78866B23866C5D4DB2694A47277B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689840779, "uuid": "5d8f652f-21a5-450b-a49c-b90b79bb699a", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689840779, "uuid": "12d184e5-4caa-43a9-8080-9a365a9041fc", "value": "6144:K6y+bnr+2p0yN90QELJRVtUdXkWcnZNTQR52pX5B9I9/VULECcHnlRHnnXUQtLQ9:6Mryy90VnbyWpDy9/ihcHnl9XXtLQ9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689840779, "uuid": "4cd6c36a-ed95-44c5-9571-c5fd4dac7909", "value": 399872, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689840779, "uuid": "4ca88a7e-9f53-4bdb-af96-958e14d841cf", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689840779, "uuid": "d8b31adc-511f-4319-9835-5e0cb847bc37", "value": "3a484bb7d4882d8f4ab5dcb7c60a4d1397a642611888b.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7bc746ec-2706-11ee-a6f9-42010a9c0055", "comment": "Malware payload (NanoCore)", "timestamp": 1689861929, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689861929, "uuid": "aa7a0f4e-20a0-49cc-ad3a-c5cc676f3d44", "comment": "Malware payload (NanoCore)", "value": "42fbf4768f936b594e154b259b5064c1", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689861929, "uuid": "d2936164-ed22-4f63-8d04-93aa1c8005a8", "comment": "Malware payload (NanoCore)", "value": "3a91172e3abf9fa8c77eaab7bb0115ea0425e45b7f7e684f9114ea5051bcb341", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689861929, "uuid": "e58b3ce7-195f-4c62-b882-6471c83d343a", "comment": "Malware payload (NanoCore)", "value": "0e3f00ac24ddbb88055491e81b5d7ba0ff0892f1", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689861929, "uuid": "58ae0ae8-74b8-4088-b9c5-c1ecf022ba8f", "comment": "Malware payload (NanoCore)", "value": "781f8603d636b540937106c9733420b354b20251d3bf3e615aeb5a5ae25e26f74586a906df16a7c076d55b8d0c67f9c5", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689861929, "uuid": "fd68f5dd-811a-468e-ad55-a1d78dc8675f", "value": "T179F6D00A3B889ED3C2455B7944F7EB6A073CA4B6F807E39BAC4C15A52875BC17523F06", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689861929, "uuid": "4dad8e43-8650-44fd-b710-7456534ff1b5", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689861929, "uuid": "ec63bb78-70d7-4157-80e8-4fb0d6c36100", "value": "6144:CjRfbsw9j74aiGZcpFpD2+iNoKZsy8WU7g/ke2FYD5Fj1:5wl/sLDrimKh8WUkP2Fg", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689861929, "uuid": "837cd048-d538-404c-9600-9912ea8e0f05", "value": 16777216, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689861929, "uuid": "84cc3bc0-3432-4876-aae6-a5ab80ac0fa4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689861929, "uuid": "848fdc96-8297-4757-bd08-5ae9ad3f01db", "value": "3A91172E3ABF9FA8C77EAAB7BB0115EA0425E45B7F7E6.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "058e8871-26ce-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1689837679, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689837679, "uuid": "3ea69af5-49e8-4700-9878-d66ba7e282a0", "comment": "Malware payload (Amadey)", "value": "0c314c3384c85c50e9da541ac5b0893f", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689837679, "uuid": "31fa104e-b3a3-4b97-8fe4-005a5023762c", "comment": "Malware payload (Amadey)", "value": "3b8cd7306bcee474040656c20f071e99345caea6d53f3bae9bb55dfbe680b571", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689837679, "uuid": "badd367a-80b2-4f38-9214-9af6179501a0", "comment": "Malware payload (Amadey)", "value": "efd1f83a21c41e8a55d9a13e4ed57ea2a7cb7d9a", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689837679, "uuid": "67fb7ad9-f753-449f-a662-783db0a1fa23", "comment": "Malware payload (Amadey)", "value": "bd5e68bb8f219bb4d8e3659fe87b6f07776a3dd0f27799c8a4b9b633017655c5ccb9ff15497d33f3d5bd5add8863b9fa", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689837679, "uuid": "d288643d-6e16-4d8b-ab16-5cc159d6b8ce", "value": "T193B41242E6D58032D8A61B704CF603C32B3AFCB1597C82AB33856D9E0DB39D1957676B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689837679, "uuid": "6b6320f1-fada-48e9-92cc-ba7d80ec20c3", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689837679, "uuid": "8c34221a-7f7a-402b-91b0-f55299573893", "value": "12288:mMrXy90Wc0SidpHIxieOutu7FyVekPhbiAMd1Juj:5yXc9idN5eOuc72vbi9d1Ja", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689837679, "uuid": "04ef212c-0e6f-404f-b86c-f5ab8266c15f", "value": 526848, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689837679, "uuid": "989722f9-4684-4d3a-8714-fd522eda1c7a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689837679, "uuid": "488419ae-a9a4-43bc-bccd-6935e5c68039", "value": "0c314c3384c85c50e9da541ac5b0893f.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "058b4446-26a5-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689820069, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689820069, "uuid": "66494572-4807-4024-aa65-3748f3265af1", "comment": "Malware payload", "value": "11e61c420ace60b06381cb2b9548e839", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689820069, "uuid": "b6ad95ec-a20c-42fa-809e-dd86b74389e9", "comment": "Malware payload", "value": "3bbb94a57766691a5d08af3551ef6755459515198a3230a12414750146ec52e1", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689820069, "uuid": "ab019ffd-2d22-4487-9f06-ae84933c5f29", "comment": "Malware payload", "value": "f83a63181092cbaf6479fbed4d653346ddfe46bf", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689820069, "uuid": "78c9e4bf-5b17-4ba2-bb24-9a45afc0a165", "comment": "Malware payload", "value": "322102163160bc3536cad969fa9d41ef90a25f1ca3788a22ee5857fa8a66fd2561f57ba059595ab62c40622128c06878", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689820069, "uuid": "8f834feb-0617-4a35-aa05-9b35ae78d3ab", "value": "T11BB49E30B5D6C432D9AF06B42529D78B95697DA45BF2C0EB03C82E1F0EB39C15275FA2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689820069, "uuid": "6bedf24f-700f-4329-bd93-1fe468df61e0", "value": "86e1cc10a4459a30bed399af61da7a84", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689820069, "uuid": "f07f08c7-e569-4e90-9079-d7b978aa2a02", "value": "6144:vrDow+ZsrLg3bmfKlGzIqSqYf+SAOfVKE/M5TiyXIMFOmZciHjuMr3P8Q1Ko4pK9:3owv43bqKlRHJVa9iyXI3bK", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689820069, "uuid": "7cbf32db-28a0-48a3-8aca-f0ee8bec7baa", "value": 499200, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689820069, "uuid": "e96fc06d-539b-4b9b-9914-1ef0c0967107", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689820069, "uuid": "ffb7cc15-6a7d-4d5e-9df4-db5b64b8799c", "value": "SecuriteInfo.com.HEUR.6564.14182", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8118b5f7-26cf-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1689838316, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838316, "uuid": "41bd162a-edbd-4d4a-8f26-afe1de0afdc8", "comment": "Malware payload (RedLineStealer)", "value": "c182aa859c597c66830bced890420ebd", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838316, "uuid": "c9b4da7e-e571-4ae9-8056-0687f60ad281", "comment": "Malware payload (RedLineStealer)", "value": "3e5983819eea590abf46a987b2cc797383e020e36e1c3fa003b871be87b6b364", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838316, "uuid": "d2b52345-1a77-4bc2-93cf-0982ca37a211", "comment": "Malware payload (RedLineStealer)", "value": "73cf9e81e7aaa022e87ada31ed65a7eb23955d1e", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838316, "uuid": "3fa4d774-44ca-4b83-bbe0-c496115c18ea", "comment": "Malware payload (RedLineStealer)", "value": "3584114e089d22580fbe085ac7cc85517acaf97294f042d6e3888e6caff8f962600d75b1ca9def16dc336f687ccfe6e5", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838316, "uuid": "fef45bb2-a150-4bdb-9631-3d804e06e5ab", "value": "T1AA840112E7E89032ECB113B048F703931F3ABDA159B443AF2696594A4EB39D4E57533B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838316, "uuid": "adc4814a-9f38-4aa4-9f8c-35cc138c5889", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838316, "uuid": "384838a1-318e-4bd4-9de2-3693d80d3949", "value": "6144:Kry+bnr+Mp0yN90QEZwA//STL2qJvD+EIYhP9HPLLsHafcCcHnlRH7S18E8ch4Vh:VMroy90jwG/Xe15dPrFcHnl9uR2b", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689838316, "uuid": "fb74e141-8683-49fc-8afa-97e5664d5eae", "value": 399360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689838316, "uuid": "33cc268b-1fba-4f77-90ae-a47da3d67f67", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838316, "uuid": "36a56a8a-ab54-49cc-93d8-b0a4feb27964", "value": "c182aa859c597c66830bced890420ebd.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ee8fc99d-26d0-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1689838929, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838929, "uuid": "371e09ee-48a5-46d6-a254-b765c9be0034", "comment": "Malware payload (Amadey)", "value": "729f507ef97e8a85f7a80276bb686ba5", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838929, "uuid": "218c3199-581e-4b2a-a481-c69462cb1036", "comment": "Malware payload (Amadey)", "value": "3e97c0e3dbd6fd2e44ce5766e0afb82e34f18f758bad6264090d0b0c7457b613", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838929, "uuid": "2f7dce05-cac7-44ad-962f-96d1a066d4bf", "comment": "Malware payload (Amadey)", "value": "6bfbe7e750934cf51996d3fc8966593f602f2431", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838929, "uuid": "f1a063d6-3ff6-4f7d-87e0-81c153090879", "comment": "Malware payload (Amadey)", "value": "4097612ba473708d2b1cf17514dbb55a248692dcdc309cf074d71036af759396a8dcf42b83b205557bb8797db096c7c3", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838929, "uuid": "dfdb4271-3f2a-42bb-b54b-29de1b7e7c88", "value": "T1E9840112EBEC4033E9F61B7014FB03931B39FCD16D64876B2789999A0D72694A53273B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838929, "uuid": "6e46dcf4-bdda-46ea-9aa0-5f1a88f31e1c", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838929, "uuid": "e49e9592-113e-4826-b781-24aef81fc832", "value": "6144:K7y+bnr+Ep0yN90QE83fs3X6LWhUgE/GV75uxsCcHnlRHJaYlPryW0s7:VMrcy90iAbyYVgxNcHnl97r/L7", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689838929, "uuid": "db4d9b0d-ead3-4367-9ec1-c850a1ca3878", "value": 399872, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689838929, "uuid": "a2577389-b808-43e0-b802-f8428e4d5b34", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838929, "uuid": "76ffb1ed-7d72-42de-89d1-0a744d4b2fd3", "value": "3e97c0e3dbd6fd2e44ce5766e0afb82e34f18f758bad6.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5af2f853-2704-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1689861015, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689861015, "uuid": "f41079bd-0956-46de-a1e5-bffc8d5c1fd5", "comment": "Malware payload (RedLineStealer)", "value": "1f42845cc77788cdff450881958e68a4", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689861015, "uuid": "b1fba992-b0a0-4f1f-a13d-72d6688b10ef", "comment": "Malware payload (RedLineStealer)", "value": "3fcdecef118704af028e93d5e5624849f86bd6b9af7f67e226675accc5ed44ac", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689861015, "uuid": "fd09c311-7704-4bc7-93b3-1bbbe5e74d4c", "comment": "Malware payload (RedLineStealer)", "value": "4c9dcbb076b6da2f49ac5d9f8f20aa2c1d428169", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689861015, "uuid": "995c76ce-5ad3-4f2d-b785-221b14155085", "comment": "Malware payload (RedLineStealer)", "value": "1cfe036952a5caab83d4e9a45a9cadf969d1dcd69a42a1e3576fa5144788672193c5acd647ec62b9ac65e9841929b5f0", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689861015, "uuid": "3afc6baf-2a1d-49db-bf5e-aeb9aaa5ec35", "value": "T1B5840A83C7A2BD59E9278B729F2FC6E8764DF2508E4D7B7D12189A2F40B0076D1A7710", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689861015, "uuid": "071e4a03-709e-40f8-a2fc-31c84f34887b", "value": "4204b9f7d0ffdbe2928a3ddb092604a6", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689861015, "uuid": "fa491c16-2a87-4e37-ad29-1d4bb85dff97", "value": "3072:OkibvLmLAvc8bH+66gUljGecuHXacRsfeHlLCpeQdc6TXXLiGuLTTLkckC5WL6TA:UjCLAbLovcrcBcpesPXXLiGYWRUySm", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689861015, "uuid": "6cd506bc-7d3e-4765-823c-90793d6dd237", "value": 404992, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689861015, "uuid": "3e014e14-4d22-4ad6-8892-93f88352e261", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689861015, "uuid": "25b2654e-68cb-4a7d-b7f0-9f8869642c94", "value": "1f42845cc77788cdff450881958e68a4.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a1105f90-26ec-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689850825, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689850825, "uuid": "3fc11b1b-50b1-495a-8003-0dd802fa9eb6", "comment": "Malware payload (AgentTesla)", "value": "5b084bad2ad80646af86c7c0bdedf2ae", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689850825, "uuid": "df4022f5-78c9-499e-9189-93be3036cef4", "comment": "Malware payload (AgentTesla)", "value": "40805393b22c88b1020c8988471404f08efee5e48ab79e10031e0e285330741c", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689850825, "uuid": "e38ab4c7-3e8a-4792-b848-ea1a2bdd943f", "comment": "Malware payload (AgentTesla)", "value": "96c26348343e9cddab645aa49978ac051424d30f", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689850825, "uuid": "f7b37ab3-c7bf-4899-a740-430c70bcafa7", "comment": "Malware payload (AgentTesla)", "value": "4a5e50b307a94a22ba1398df4c852b2ece70f321011d977286dc12c93bde30118a8a325bf1f69f0079e207a33c535ba3", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689850825, "uuid": "2bf176ce-f3c4-47c5-af2a-67688c435de6", "value": "T1ECD4236974665EFCF4C790617BD0F3DE326A79A2849F6E84C6CC8D06E66CDC0C0A3265", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689850825, "uuid": "34c426e9-e652-488d-8229-9862b4cddd0d", "value": "12288:KDTUvkcDYkDn7jjcyPXExetzyUOcqxbKFPWd6H4g9ATynmyY8e8Mj:KDTUvk5kz/YyPE8yxhgPWe4XTvr", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689850825, "uuid": "4779ee38-91b1-4a1c-9401-aad50a538407", "value": 616030, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689850825, "uuid": "409dcc2c-84e0-4b4c-9750-383812854cf6", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689850825, "uuid": "5b490a7c-c371-4f84-ac08-d9d7c380221f", "value": "PI, SC.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a21d5ab9-269c-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689816467, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689816467, "uuid": "225d4f4f-8e7e-4d45-8c31-4f9265780e59", "comment": "Malware payload", "value": "6510a826f68fd5b0be7bd807b537fb82", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689816467, "uuid": "6698a00a-cb01-4cf3-b07e-0500f3e36eda", "comment": "Malware payload", "value": "40e47ed593576e440a2ae57c533fda03ff065355a5e7a47e5fe58fad655453d3", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689816467, "uuid": "82c8c657-6d51-487f-b7b8-01f3ebcb6242", "comment": "Malware payload", "value": "696862343f61aa7f2965574b75830a4f81d56270", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689816467, "uuid": "f4d6ced3-9929-44b9-95e0-8c968a4f45a3", "comment": "Malware payload", "value": "f59314a290ec97e1726178c446f4995f5643f828a6692b4ea521dce208d471455f712da608978cece0f56a118c2a19bc", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689816467, "uuid": "cdfd4b8b-8664-494a-b2c9-c56d34753319", "value": "T199338D107400C0B3C52A657E6569D6625A7E79201BF965823FFB1B6E8F312E1B33E34A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689816467, "uuid": "8e4ab0ef-dcc8-430f-9bb0-68f4c2f89123", "value": "9fb005de05885508ee358053ad39fca9", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689816467, "uuid": "1eb7fd03-0b79-43b5-8b76-c2c0b3c2d415", "value": "1536:sEAXpjyfG7kqr5iGT5I6AvemZIMRHTtBmEc1a:sEAAG7tT/muMRz/mt", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689816467, "uuid": "d2ad769a-b3c0-48c0-8031-dfdf7419f35a", "value": 50176, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689816467, "uuid": "29de25c8-1ea9-4f4b-9946-b2daebd08b0b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689816467, "uuid": "7ee16d1a-7dab-4fcd-9c54-5afc09014d06", "value": "SecuriteInfo.com.W32.Injector.ETCV.tr.14425.4346", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a4c82025-26ec-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689850831, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689850831, "uuid": "56126d97-8371-4c0d-a468-0b32ba1fdcca", "comment": "Malware payload (AgentTesla)", "value": "748c7dd32bde0f6a73169419b5e62095", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689850831, "uuid": "be730bea-b562-4d27-a54e-4254df7663d2", "comment": "Malware payload (AgentTesla)", "value": "412ff7468d7dbbc678aed09859a5bf0781eab379554fa2397b2030238562b94a", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689850831, "uuid": "7877d7bc-32f0-47c9-af8b-ba86813b5651", "comment": "Malware payload (AgentTesla)", "value": "92c52832dca099b3384cf1456ae0eedfaab07cae", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689850831, "uuid": "8ba4bcd8-a767-4d5d-8179-433fa869cbd1", "comment": "Malware payload (AgentTesla)", "value": "9e0db363e14155bbabfe65510b87b131c7c4a4be150085443d34ab4dfc8deb6597c11f7db37001fc2416fe07263ba214", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689850831, "uuid": "cf86e043-8c18-47e6-8a1c-a2adeccb3a94", "value": "T17CE4F12495F98FAEDA7327B5B524263C07B6BE6AB436D31E5E01B0C63450F435202B7B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689850831, "uuid": "f8f58a54-a609-414b-b725-56ae6c355f2d", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689850831, "uuid": "bdeb0629-917a-435d-b2dd-4a4c66e84001", "value": "12288:F7BHvS6ln+flo/XciMvN2vNUZnLEte5ZuUGcmxbKZPWd6HKgPskbktPJF:FFHqTdCjENM4LEI0PhOPWMkthF", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689850831, "uuid": "a5b2063b-a05c-47d6-8a14-6fb15d258df4", "value": 702976, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689850831, "uuid": "9ae8fe9d-6d11-429f-9151-bae96b7b41d6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689850831, "uuid": "2f57228c-efa8-4a6d-9c8d-ad7e72354866", "value": "PI, SC.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "87f21d9a-26ec-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AveMariaRAT)", "timestamp": 1689850782, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689850782, "uuid": "708d6ef0-1fca-4129-971c-be8686e84476", "comment": "Malware payload (AveMariaRAT)", "value": "41254a388ee801fe48154b12889f8705", "object_relation": "md5", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689850782, "uuid": "2ee13867-9b28-46cb-a34e-3f19475866ef", "comment": "Malware payload (AveMariaRAT)", "value": "419bb3eb3cd2a179ed58cd79a0bbdafa425b1eea1e63d990e95b75916abcfdd2", "object_relation": "sha256", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689850782, "uuid": "abe9969f-f2b4-43d0-bf6b-b71424956277", "comment": "Malware payload (AveMariaRAT)", "value": "b1b3150c3d3e9c51b7cef87ee7fa55458ef74c35", "object_relation": "sha1", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689850782, "uuid": "ec1db0ea-421e-4add-8405-8c1da657adef", "comment": "Malware payload (AveMariaRAT)", "value": "36f7cd61773d23a54dfe32ebbbb2961d492b2bcdd60c24489107cf1fece90e2e3b93cb06b865ab7d44747f4d14e5b67b", "object_relation": "sha3-384", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689850782, "uuid": "18a8aac9-3270-4117-b132-85d6fa852aa3", "value": "T16003D00057ED41B5C66B0A7DECB202420B397F97D4A7DF8FAE8C994A1C472396621BF1", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689850782, "uuid": "1ee3fb6b-72ab-44af-bfb4-bf1475481201", "value": "768:OJoQWT526nq5Tllmu24Ra2DovIieNhIPVQPa9c8V8:mWT5dQTll92m7ov0oW6c8V8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689850782, "uuid": "839675d1-bfc2-4592-bebb-0331b127ab43", "value": 39424, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689850782, "uuid": "b91dd227-fadd-40f2-b51a-feff8e9be03a", "value": "application/x-tar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689850782, "uuid": "d873a2d5-d0da-4e3e-8e32-40e780c4bd01", "value": "JulyPaymentAdvise.tar.gz.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a886a180-2734-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689881761, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689881761, "uuid": "1f931d05-2054-45ff-9e27-ecbbb996844d", "comment": "Malware payload", "value": "3669aa55c05935ac296882cde2f785ba", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689881761, "uuid": "356483d5-2b01-4b6e-b4c7-f8b49ac9ab1a", "comment": "Malware payload", "value": "420ea11f0973a7f7a4cf45a383861460b1171f5c3e05d1eab79dd64773f7f062", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689881761, "uuid": "9903dec0-376f-4ad8-946e-c7e09c3dc525", "comment": "Malware payload", "value": "12e3d1f5479b92b88d83e625bae7831c59d61ecf", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689881761, "uuid": "473cdef5-55bb-407c-a743-abe80e5ac6e1", "comment": "Malware payload", "value": "5de94344f14d5ad4e180843a416fe7bc54d11a973709d51d32453c64fd7d6cabdfba92d733465b09abd1ac65dc56a368", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689881761, "uuid": "530601a5-3f34-4f1c-b7a8-51e63b4889f7", "value": "T13C843A23D2A17D44E9258B769E2EC2E8761FF6508F497BA62218DE1F04F12B7D173B10", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689881761, "uuid": "28c01382-57c6-4732-8dde-a1489dacf196", "value": "9de2ee79b7674f53e928d4abe630aabb", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689881761, "uuid": "183dac94-376d-4511-8e52-e73de2ebef53", "value": "6144:FY8LlxBmNsrdnwRDw/vzX3yq1sNJhtrzRsiwFvzA7l:+8ZLnaW/vT3yqkPdzkBE7l", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689881761, "uuid": "c6f66136-bb61-4d2c-9323-29bc85998683", "value": 387072, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689881761, "uuid": "035425a4-9316-484a-b06a-73c2cafe0cee", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689881761, "uuid": "4da4015e-b771-47a4-8b8d-f62a359c30f5", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "32d1b222-2736-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1689882422, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689882422, "uuid": "8f96e959-3362-4fde-afa5-6fb025454162", "comment": "Malware payload (RedLineStealer)", "value": "553e00500d378ac6c88ebcb49f0c11b2", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689882422, "uuid": "ffccd194-9853-4e92-920e-6a2e5a5b151d", "comment": "Malware payload (RedLineStealer)", "value": "4288cf23e3f7079623b595c70496f28f4678e173ed25b2ef6101e66d3e99e2b7", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689882422, "uuid": "a183e198-a714-4710-af9d-623ef425aa3c", "comment": "Malware payload (RedLineStealer)", "value": "b0640e712ebde50090ee39742411f065e998128c", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689882422, "uuid": "d80473e7-7d5c-459d-9755-60b0420fd28d", "comment": "Malware payload (RedLineStealer)", "value": "e30b46808d6fa422d4022743423309cc2fee2ea1842cb98420b50d9916d09be129c255813842e5af6a73618094cab7a4", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689882422, "uuid": "e3b190e9-cce5-4120-bde5-cf4d75e28144", "value": "T1B7B40202F6E85536EDB62B7049F752830B397CE1AD38926B3255A85E1C73390E83177A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689882422, "uuid": "c1bf5a74-4a96-4031-82f6-37512f397725", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689882422, "uuid": "b4b14c28-5ad9-4358-a3c4-ce5e8091ad4a", "value": "12288:rMrry90RaLXTfYqGozYJ/1epNJeGQ9Fyw:IyNgqGozYB1eXsGQ/d", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689882422, "uuid": "33934919-b925-4dff-9998-d6c12f17f3f0", "value": 526336, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689882422, "uuid": "372dff6e-db9a-460f-b2ad-b6b0337e9ad8", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689882422, "uuid": "f6e6c18b-677e-40f2-8a3c-c908b79c0e66", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ffcebb60-26a7-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1689821348, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689821348, "uuid": "8cfd7c59-a3a9-4f6d-9809-a6a315422001", "comment": "Malware payload (Mirai)", "value": "a73fd9ace31bf0965aa78d08a44a2f56", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689821348, "uuid": "0d6c3081-0376-4d00-9dcd-f5dfb1d3ebe8", "comment": "Malware payload (Mirai)", "value": "448da5e1ffc3b5002230b675e1a4af8288b2b65e1374b9c4d7f0c59b711b91af", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689821348, "uuid": "d08fb174-cede-4d8a-9b06-c396da2dc822", "comment": "Malware payload (Mirai)", "value": "4a4093dfcf45da8132195f218d0732483af94b9d", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689821348, "uuid": "173c231c-775e-4586-a27c-b72c9a3a6c64", "comment": "Malware payload (Mirai)", "value": "4459c59e93dd27d594e439074ba432c13771b22524c96fe6c17855ad133183d54a298c3037320f99ed3e49ff5295f9af", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689821348, "uuid": "f5264482-62ff-469f-9ab3-ad8661ffbc62", "value": "T1E5434BC4F647E8F5DC5706741136EB778B32F6F92218D743D3A99A32AC92601E613A8C", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689821348, "uuid": "d040ea0e-1497-442a-a7e5-3b0c09d29584", "value": "1536:ka4CVvtTO8yJT/0fSGUzU+nU61TH6V/Ps06r6MO:d4CxtTO8yd/0KGUw+n31Ta9k0JJ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689821348, "uuid": "5735c027-541d-41af-b9d7-7559a0cbb1bd", "value": 58448, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689821348, "uuid": "c2aa4ded-d5c9-4447-a5ba-011e03cd3ce0", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689821348, "uuid": "8836051e-d8ec-4ffa-84b8-fff60ddec8c1", "value": "x86", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0a56904d-26c1-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Glupteba)", "timestamp": 1689832103, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689832103, "uuid": "73510657-b580-4552-a50f-9c7fc9ad3e00", "comment": "Malware payload (Glupteba)", "value": "b0953b435761bcd8e367b085d8c71272", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Glupteba", "colour": "#9BA385", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689832103, "uuid": "0a8291b4-66b6-4cb9-9d45-642aa202d70f", "comment": "Malware payload (Glupteba)", "value": "44c503bf0f13b5bb45b08ea9011f7557ae6db5cef4d256e625149d4d8339ac00", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Glupteba", "colour": "#9BA385", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689832103, "uuid": "0706a23a-4481-47d9-a617-7f7b4bb4e9c7", "comment": "Malware payload (Glupteba)", "value": "7c99a40218e3f7253cd902118ebf3d4917fba2b4", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Glupteba", "colour": "#9BA385", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689832103, "uuid": "b4ebfc33-674a-4b9a-b86d-2b1a917cdc94", "comment": "Malware payload (Glupteba)", "value": "b0fa46b1291a1336dd64d05b57374d8ce31ce79cade0c594b4b3f6a7357c47cccc15c12a53f70f95716d4e5a089c3fe9", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Glupteba", "colour": "#9BA385", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689832103, "uuid": "9ada0dc6-4c50-4c8b-bb62-b19a224b05e5", "value": "T111162393C6923C95F5178B738E2FC9E8F64DF250EE49B76912599A3F00B41B5C2B3620", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689832103, "uuid": "15d8a6d4-8ffc-4e00-ac9b-fcbaa8221703", "value": "2c1d6f07319e916f23334deb261840fd", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689832103, "uuid": "dc2c9eec-7af6-47d2-947c-09a8c167da68", "value": "98304:OufsUk3aDtjlj2kBOZ+gews7CMPUV88keixL3RFSr:7maDtjPBOZ+pwsJMm8ji53o", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689832103, "uuid": "ffc2d2cd-52de-49d3-86ab-1c3c06a8b991", "value": 4385648, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689832103, "uuid": "26770e8f-8513-4781-bf8a-3fdb46f084f1", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689832103, "uuid": "a11d5daf-5f9b-4247-b5d2-48485e8512ba", "value": "b0953b435761bcd8e367b085d8c71272", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c03df955-26ce-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1689837992, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689837992, "uuid": "d8f545ac-6d20-4976-83d0-570ed5629b53", "comment": "Malware payload (RedLineStealer)", "value": "848d469499c7d5622994d10d1bc72774", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689837992, "uuid": "a27a3c65-ba4b-47dd-8f8d-7ad0edb4f693", "comment": "Malware payload (RedLineStealer)", "value": "45d1cd224029dc1bd054d73b8568017ffa05b27db5f20fff39b83fdf080344a5", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689837992, "uuid": "5b8ce414-c76f-41ad-8ed1-953c1b61faab", "comment": "Malware payload (RedLineStealer)", "value": "dcd7829f817181be26944699d05147b3101f2592", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689837992, "uuid": "29119c99-545c-430e-a0d7-387d21bb4fde", "comment": "Malware payload (RedLineStealer)", "value": "2b31f45e6ca7806b08b176468d4ec76dbad8ca66c67b69f6692fc72c795ff44802c831f69dd4767d99593a14f9d5f957", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689837992, "uuid": "233a3796-3cdd-4015-89c5-52efdada5683", "value": "T190B41202BBD89072E8B6277004F612931B3ABCA09D7583AF3785586B1C736987636777", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689837992, "uuid": "68638aff-f45a-4cf7-b5b0-9779cdf1b021", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689837992, "uuid": "49f0a9c9-46f9-48e6-947f-03762740b020", "value": "12288:qMrzy90/OnFWs67F3mqCfVgwtnG+wnNkPJ7aLjHn9lbS8z:5ytnFXAFWTfRtnG9n+PJuLTn9les", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689837992, "uuid": "87fe2cf3-493c-4895-a5b0-d19acd763e5d", "value": 527872, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689837992, "uuid": "54afed89-eccf-43c6-95d9-d617ee6e72fd", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689837992, "uuid": "8f142a0a-3708-42b4-9141-7be1398225b8", "value": "848d469499c7d5622994d10d1bc72774.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "72e1b6e3-26ed-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1689851177, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689851177, "uuid": "b7b9bc1d-a7d6-4cfe-bcb3-b4d1903991e2", "comment": "Malware payload (Formbook)", "value": "7de0e90918aba40065f40f756d1ec23f", "object_relation": "md5", "Tag": [ { "name": "bz2", "colour": "#AC1CC3", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689851177, "uuid": "42990a44-e9e6-4f48-8028-6193af959efb", "comment": "Malware payload (Formbook)", "value": "45dd44709b73360ffeb574d9f0a01bb5d33bb27fa5688f6dabd52bb281533982", "object_relation": "sha256", "Tag": [ { "name": "bz2", "colour": "#AC1CC3", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689851177, "uuid": "72ff3f23-5d1f-49c3-9731-dbbb1ec6ddfc", "comment": "Malware payload (Formbook)", "value": "bd794cbd93c4b95e4e6a38af5fe21deeefad35f0", "object_relation": "sha1", "Tag": [ { "name": "bz2", "colour": "#AC1CC3", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689851177, "uuid": "71d5893b-9d85-486c-a76c-dd25a17dea28", "comment": "Malware payload (Formbook)", "value": "34b68566f69357e7fab16c561f4c0765a94842dd058081d3a519d851e5bfd2725e67b19f2111ab820f2c9f926e1499f3", "object_relation": "sha3-384", "Tag": [ { "name": "bz2", "colour": "#AC1CC3", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689851177, "uuid": "b9194d16-b0d2-400e-ad43-1551515c9330", "value": "T17D442345D712B8BD8D829F4313202425EC8F118D3DA9CA13D6B9A6A4B7EC7C42E9FDC1", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689851177, "uuid": "9d9ad087-4c87-41a8-8277-9d1e8e9c24b6", "value": "6144:oG2ryL2CkVKNZ3W07Se2oiF+3SvkCPBLjgMEIlJL88G+QYCMIN0l/:oBrQkSZ3p72ojSsCPB77L8bhYOql/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689851177, "uuid": "81b46cad-bc3c-4682-b0fc-badfc3a8ad6f", "value": 266462, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689851177, "uuid": "020b294d-b009-432a-b0cc-b85504e7f0d5", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689851177, "uuid": "bb19b80a-f30f-4821-98ae-b256355d2d66", "value": "Order-20230720.BZ2", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9f1c0806-26e6-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1689848244, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689848244, "uuid": "5718e704-75e3-41f1-a305-fc4c65f3879b", "comment": "Malware payload (Amadey)", "value": "d008c38a0cec533e979021be3b9e2c6b", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689848244, "uuid": "3686a928-9a4a-4145-ba77-e9bffb64918c", "comment": "Malware payload (Amadey)", "value": "48552381782e62c902d2278648ccde0d5a2efdd9ce9fe6f2edbb6e74cba01def", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689848244, "uuid": "2bbf98f4-8963-4484-8fbd-1ca4253dee3b", "comment": "Malware payload (Amadey)", "value": "1b38a24c104eaeff0cfcbdad3247a4ebc292e8e7", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689848244, "uuid": "a6e364bb-c8f2-43cf-9475-7aac063dd8c5", "comment": "Malware payload (Amadey)", "value": "89b484451a46add351a7edb1b8491eb2a9f4bd0c44dada5102e5370bc84913506afc52a245525a4f7ab79f6196bbb7ee", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689848244, "uuid": "c0419e77-29b2-41e0-9d06-443a7e3afc37", "value": "T173B41253A7DC5833ED7A27B428FA02930B36BCB10974822B27855C9F1CB24C97976367", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689848244, "uuid": "2737c14c-cec6-4f58-add3-3fe383711b0a", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689848244, "uuid": "28e8b8b7-f450-4e50-b11d-2432b93ff965", "value": "12288:eMrVy90EWQIXjs+qw3lFPJhhIGAHHtd8nZL:zyFeXjs+bXentmnZL", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689848244, "uuid": "b66dd39a-9d6a-4acd-a81b-c47600cd8b2e", "value": 527360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689848244, "uuid": "cccd3eca-5014-40ae-bcc1-04695d5e4951", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689848244, "uuid": "5d34be9a-43a9-45a0-aa72-36d2fbe9f6b3", "value": "d008c38a0cec533e979021be3b9e2c6b.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "768754ef-26cf-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1689838298, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838298, "uuid": "c3462dd7-7e45-4efe-9f9f-b096440f4e73", "comment": "Malware payload (RedLineStealer)", "value": "854a968a928f8971e1631772fcd77137", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838298, "uuid": "b64aa96b-0045-4040-8fca-a681974e4e6f", "comment": "Malware payload (RedLineStealer)", "value": "48853e35379d8683b28098a2fe1e8a5e0f62d4558fe6a64b14e8ee41030fd3eb", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838298, "uuid": "57a6eda2-866d-457b-b57f-f5339cbbfe7e", "comment": "Malware payload (RedLineStealer)", "value": "e9bd728e4d5f9d7e82d40a4af8fabf5957e29b33", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838298, "uuid": "cfe628e3-8889-47d5-bb2c-c05e0d1650c7", "comment": "Malware payload (RedLineStealer)", "value": "6cbc9bdb2e3f47607c0ea5d839980892cc80f1ac9ab3526975b8b0465af3419668258b8d378e1922c084db13d8ec214a", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838298, "uuid": "f745aa6e-f305-4b31-9583-54708020e44f", "value": "T16384F113F6E98072D9B52BB058F703931B36BCA15C78476B3702A98E08B36D1A57536F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838298, "uuid": "d2f91c82-65c6-40cf-9c60-16c4651b8f08", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838298, "uuid": "09f568c1-4925-4c5d-81e2-9aa53c83def6", "value": "6144:KAy+bnr+5p0yN90QEHxjRyukWGjZNJEp7TqYX/KO5Y9gonH4/hjcZfp:EMrFy90EwsYARH4/hjoB", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689838298, "uuid": "24016d93-34cc-4714-8a3b-f662c5d19fb9", "value": 399360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689838298, "uuid": "9c87a556-c131-4c67-9a90-cb4e1aae26da", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838298, "uuid": "66457bc7-0e41-4b1b-94ea-d3dc6ef97382", "value": "854a968a928f8971e1631772fcd77137.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "70a451e9-26cf-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1689838288, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838288, "uuid": "31c17329-e6a8-4353-b864-c77b092f697f", "comment": "Malware payload (RedLineStealer)", "value": "9dbfc204e889d772833d8dd6578a1449", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838288, "uuid": "995130cf-fa06-45fd-953b-26873380b18f", "comment": "Malware payload (RedLineStealer)", "value": "49596a55c58a5cc3635f8847d8a92d6e1b5ae825d3eb6c91137f143b36cc47df", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838288, "uuid": "776db733-99c2-426b-a71d-908436a9b964", "comment": "Malware payload (RedLineStealer)", "value": "c86bd8f71b5351d82b625ba8e834b213b4132fb1", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838288, "uuid": "36fcc128-5485-4423-ab63-19bcd0d2bcd3", "comment": "Malware payload (RedLineStealer)", "value": "f1450a6ba1a4921fc76b4eb7366271cbc6aa5897f4fab52b85954170eb372a44b42588ae9db823196dfe6553942aea90", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838288, "uuid": "685d3bab-9589-46c8-9afe-b3d5d339546d", "value": "T1EF840112F7E84032D8B127705CF652D31F3ABCA19D74432F3B46689A1C72A98A93577B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838288, "uuid": "a6ec5b24-8792-46c5-a20e-0c045e49ec00", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838288, "uuid": "53eda4f2-cadc-4aeb-8552-976757634301", "value": "6144:K0y+bnr+Mp0yN90QEOlsnFVETr2S7clnEFbbJhkq+tDvV0P8:EMrMy90pnFVFSoiFbjErV00", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689838288, "uuid": "d34535e4-027b-4850-841e-7eef7345f0a1", "value": 399360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689838288, "uuid": "9fed0ae1-ceed-4753-9327-bce86dc19034", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838288, "uuid": "71490f8f-7a4b-47a3-837b-cad1dade308f", "value": "9dbfc204e889d772833d8dd6578a1449.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6fce341f-26f3-11ee-a6f9-42010a9c0055", "comment": "Malware payload (NetSupport)", "timestamp": 1689853748, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689853748, "uuid": "b4867423-5a8b-49b8-a671-7689c2b80631", "comment": "Malware payload (NetSupport)", "value": "9ce58abb1148769a00177ceae3eaa7cb", "object_relation": "md5", "Tag": [ { "name": "config", "colour": "#747DBB", "exportable": true, "hide_tag": false }, { "name": "ini", "colour": "#995D98", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false }, { "name": "unclesrug31-com", "colour": "#81C2A9", "exportable": true, "hide_tag": false }, { "name": "unclesrug32-com", "colour": "#EA200E", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689853748, "uuid": "a99764e2-aa4f-40fb-84d4-e0eac2fc4fdd", "comment": "Malware payload (NetSupport)", "value": "4a7eaf5f60f0592f534d6af36a49df8038f48ffa8b17446cf164fc4d9a2119da", "object_relation": "sha256", "Tag": [ { "name": "config", "colour": "#747DBB", "exportable": true, "hide_tag": false }, { "name": "ini", "colour": "#995D98", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false }, { "name": "unclesrug31-com", "colour": "#81C2A9", "exportable": true, "hide_tag": false }, { "name": "unclesrug32-com", "colour": "#EA200E", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689853748, "uuid": "89becc22-4c36-4aa9-8623-499fbb5c6c72", "comment": "Malware payload (NetSupport)", "value": "04f11215113dddbdadf411b68c1e7295ed32ca4b", "object_relation": "sha1", "Tag": [ { "name": "config", "colour": "#747DBB", "exportable": true, "hide_tag": false }, { "name": "ini", "colour": "#995D98", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false }, { "name": "unclesrug31-com", "colour": "#81C2A9", "exportable": true, "hide_tag": false }, { "name": "unclesrug32-com", "colour": "#EA200E", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689853748, "uuid": "310495b3-5102-4d1c-ab36-297582865583", "comment": "Malware payload (NetSupport)", "value": "81c553e4ee4034d10a3fe0269b4ee415efcda31aede8d79d8223c2dfeaedc10cada1dc2932b6a0302462098bb484a648", "object_relation": "sha3-384", "Tag": [ { "name": "config", "colour": "#747DBB", "exportable": true, "hide_tag": false }, { "name": "ini", "colour": "#995D98", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false }, { "name": "unclesrug31-com", "colour": "#81C2A9", "exportable": true, "hide_tag": false }, { "name": "unclesrug32-com", "colour": "#EA200E", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689853748, "uuid": "62e74341-75ce-4d8e-b065-04bd4c05c1ca", "value": "T1E1019723164AFD5D155FF289B5B410502FE34040A0AF79226B98684FAF369AF5ACF848", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689853748, "uuid": "a2d5dcf1-9bef-47b1-ade7-d70eccc1913e", "value": "12:yR/ex/vONhH+vI8nJGSyDWVTXuZ7/PfY8o1TTDGXvHWGmCYubluYrfrKBeUofjn:CWpOheQoC1l1GGXfL2uFfrKelL", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689853748, "uuid": "59b5c9d9-a877-445d-9526-c6782f63bf6d", "value": 712, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689853748, "uuid": "1da2976d-ce67-45df-88f7-29197ca57835", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689853748, "uuid": "16c7c9ae-355e-4f41-8178-fa82ac7ea9ca", "value": "client32.ini", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7e7a1568-26b3-11ee-a6f9-42010a9c0055", "comment": "Malware payload (GuLoader)", "timestamp": 1689826285, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689826285, "uuid": "28261236-0082-4549-80ca-e342e851c337", "comment": "Malware payload (GuLoader)", "value": "99b387d1de76dcfbb4cb6c33eb919a49", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689826285, "uuid": "f4fec601-7807-497d-bcb5-23f77554eae2", "comment": "Malware payload (GuLoader)", "value": "4aea5f6079cedf9c5205a0939e9c05119d5df7d73dde0f3a19ab2fd09a6443da", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689826285, "uuid": "7e9e2f02-5cc2-4db2-8e63-42ef4a0df1b8", "comment": "Malware payload (GuLoader)", "value": "1dc8d59df6c8845b354da2b60e9b1926167dcd7a", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689826285, "uuid": "b13d6f47-9e69-4836-885f-17443620d5ab", "comment": "Malware payload (GuLoader)", "value": "8ee64cca03217fe207bee5ffe1e8d2183f5c833f38d804758c7d75318ec69c4b3df6765c52d6c5dc633d62f7d3a86305", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689826285, "uuid": "57887c9b-b941-437f-9b11-1909bd388d10", "value": "T10884F11A3640D16BD7D10A70B8B8E6761BB07E283E55960337D67FAF3F317E1850A2A1", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689826285, "uuid": "ab3fc13d-352a-4e10-98fb-759d9d90e129", "value": "ea4e67a31ace1a72683a99b80cf37830", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689826285, "uuid": "ad8f1665-c612-4d06-9d65-2671c4f49bef", "value": "6144:pPXoDQpcUz+TfBDma1bGy0IvoS8JK2ZLvTh0XTTmVU5t/HQG0TLi:hWDfhMeoSl2ZLLGXT6eP/HbEO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689826285, "uuid": "43a89ed6-4885-44e1-94c0-81d0b8be0a95", "value": 397760, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689826285, "uuid": "389eb467-81ad-421a-8c0c-5d86643282bc", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689826285, "uuid": "a919e3a6-171e-452d-9309-13fce7dac2a9", "value": "99b387d1de76dcfbb4cb6c33eb919a49", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e28ec67f-26e5-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1689847928, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689847928, "uuid": "9259d509-be12-4ae4-8e0c-285fef2c5e26", "comment": "Malware payload (RedLineStealer)", "value": "58e4449aa86b61950fb5afb1ae7092cf", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689847928, "uuid": "e8ab556b-89d7-4d07-ad9f-caf645a6c2ea", "comment": "Malware payload (RedLineStealer)", "value": "4b177696fa37794b9ac0932c1f1a4d4ac9d52d9cf4611574e79ee2d043a3416c", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689847928, "uuid": "94790cd5-729b-4e2e-aa42-960249d77def", "comment": "Malware payload (RedLineStealer)", "value": "728e0efc1d020598d4a1cee6b1240a9c9670ebb1", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689847928, "uuid": "69e0ebf6-e1b8-40ec-948b-a3d2db6fdd65", "comment": "Malware payload (RedLineStealer)", "value": "91af0e473b360a267c671aa0cb18fe16d9c5c5ec8c3ba9f3812110ecb256efbaf3f901f53c2a85237876abf757b3ad4a", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689847928, "uuid": "cff7b3fd-b293-49f2-90bb-485054ab7bbe", "value": "T1AC840212FBDC4432D9B927701CF712832E35BCA15A78939A2395A85E0CB36C0B57577B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689847928, "uuid": "7fceb785-3b5b-4c8f-a993-2760ef19ceaa", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689847928, "uuid": "8aa1dcdf-1c97-4f76-82a4-2afa8c3878de", "value": "6144:KYy+bnr+hp0yN90QEvg4btdrogTPomLF6E8RGZ+1evIUxiAQG5GCCsq:IMrly90dg43U0omLx/+0vIcidG5GCO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689847928, "uuid": "6eb88fd1-45ef-45fc-9a27-5281ae291673", "value": 398848, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689847928, "uuid": "c6e35b47-f4a8-45b0-971d-ea7d664fade9", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689847928, "uuid": "e596ad90-a2f2-4886-a0d4-27970a2e5e70", "value": "58e4449aa86b61950fb5afb1ae7092cf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "55e5453a-26ba-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Glupteba)", "timestamp": 1689829224, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689829224, "uuid": "5ff0c9b0-bd3f-4d66-9f21-f32cfdb665f8", "comment": "Malware payload (Glupteba)", "value": "4dad48fbfd1b421e0db0a8f0bf3e8543", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Glupteba", "colour": "#9BA385", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689829224, "uuid": "c4024c74-b41e-4ca9-bcd9-3ea46b06c52e", "comment": "Malware payload (Glupteba)", "value": "4bb06394c728c7cf57e0bc1ba40bf14bbb01c23aaabe0f7175cf38085c364b4e", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Glupteba", "colour": "#9BA385", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689829224, "uuid": "e323780b-672c-4fa3-b71c-981581a3ef06", "comment": "Malware payload (Glupteba)", "value": "151570e3eca684cfcba5a11b9c86f616aad80f89", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Glupteba", "colour": "#9BA385", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689829224, "uuid": "095779ca-311a-4a33-8ded-4db4ea8e8b3f", "comment": "Malware payload (Glupteba)", "value": "df8c1667cc9128a69ce5a6ad12227791b1d335f93fe24cb4c7cab5aae7097582a78ab2128c0a54da6fd0c028197361ca", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Glupteba", "colour": "#9BA385", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689829224, "uuid": "a8dfdca9-6ea8-4646-ac41-08912394da31", "value": "T1B31633093C916670C292087003974BBB2D6BBDD343B6E0CF66A5399B16797815E31BFB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689829224, "uuid": "65c9f48b-a089-4596-9f99-7f038d5b22fb", "value": "5dc16ea88b2eab7740fd105d5e24a675", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689829224, "uuid": "0717eebf-9fbd-44c9-8583-13b526849510", "value": "98304:+DFie9VH8jZZET08mLXJRMokEW34xHbYw8q5UC7bv:WiqZ8408mL+EWohbj8sUob", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689829224, "uuid": "a649cb26-7ec6-46e3-9d09-13467f85876f", "value": 4352392, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689829224, "uuid": "e9917500-f131-448b-a714-7da3f96fcdc0", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689829224, "uuid": "2e1f7773-2639-442e-90c0-8e10d3c6d169", "value": "4dad48fbfd1b421e0db0a8f0bf3e8543", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fc5115d5-26cd-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1689837663, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689837663, "uuid": "86b39c37-7d43-46d9-b52c-a34cde25cb6b", "comment": "Malware payload (RedLineStealer)", "value": "073f84f40946716ae47ea59af7fc3979", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689837663, "uuid": "f4aff839-efcf-461a-a5dc-745cda2d1433", "comment": "Malware payload (RedLineStealer)", "value": "4bc64c0375f3ffea0f45741a1f4ed6af4f66e8f13084960da4aeb003e9f45675", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689837663, "uuid": "7ba2b307-0706-4ac1-9fc7-8b28a1e665a8", "comment": "Malware payload (RedLineStealer)", "value": "f39ce1dd5b30a263986c6831bc7bf4b662b3ce5c", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689837663, "uuid": "b42dce85-49ce-422e-8989-ac5a1673e571", "comment": "Malware payload (RedLineStealer)", "value": "595883d3ea822db373901a7550b77ce38a650938637bc56fbc3da150b0e452f9035a96ae4a6f7d6f26eee7d969be5c26", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689837663, "uuid": "4302fa3c-2d30-4dba-8fe5-89c4155f7806", "value": "T150840203A7D85033E8B627B059F603D31A36BCA29D74836F33956D5B1CB2694AA35337", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689837663, "uuid": "a2f3abcb-6838-47e8-a826-5361668bb74f", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689837663, "uuid": "f3f46d49-c431-451c-a922-33f1c26aced3", "value": "6144:KGy+bnr+xp0yN90QESFxnVkONlvhYZbG7qMh+hn0E3+YIu5ly4RChw/:yMrFy90wSONcbG75w3+YNly2Chw/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689837663, "uuid": "681841b5-3dc2-469f-8f86-c4ba49e27533", "value": 398336, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689837663, "uuid": "1c3caa63-bb82-4b5d-88af-ded0b0046263", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689837663, "uuid": "0d12d056-b29c-476f-b545-a52d2632dbd6", "value": "073f84f40946716ae47ea59af7fc3979.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "31114dbe-26d0-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1689838611, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838611, "uuid": "3e9a230f-bdda-49c7-a90b-a05bcfac764e", "comment": "Malware payload (RedLineStealer)", "value": "d5d08b37926c458f05e786f7ea9b0578", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838611, "uuid": "4ee37a24-444a-4ab4-85d8-470c482e60a6", "comment": "Malware payload (RedLineStealer)", "value": "4bf91217481256ef40a9d6eb87ee3411be81beddd1cf3c2992225f442fb8936a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838611, "uuid": "8b136fd6-2e1a-4d14-8f10-4ee32033b2b8", "comment": "Malware payload (RedLineStealer)", "value": "e0d6db0d262a56aa8b7807202eb9c0a06a7f3d62", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838611, "uuid": "e0c54088-349a-43c6-826f-71fd37cd68d3", "comment": "Malware payload (RedLineStealer)", "value": "47df47b0d46353eabaab3ef8b1dc64975a1d48c56ce4d1cd28ff2dbb15e4c309c366b1deaa768ecc8a8240e63fb13fab", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838611, "uuid": "80361f28-c76d-4d0e-bd27-f83173a46c57", "value": "T15C840252B7E88833E9B507B068F603D30A39BDA148B4436737D59D9E1CF36809A3576B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838611, "uuid": "f3624ce8-537e-440a-9d97-a12a9aa99153", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838611, "uuid": "7f8375cd-cdc3-47a1-bc27-67e2b86b988b", "value": "6144:Kuy+bnr+Ip0yN90QEorn3yJCvHGfWjHTtxY2vhQE+BQulejS6Rt/SRtXD:uMr4y90w3FP7pG2Sprf", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689838611, "uuid": "8bf43ca3-cb6a-40c0-b47a-64778d6c929b", "value": 399360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689838611, "uuid": "27946618-b1e6-4709-8c64-00db1bff56cd", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838611, "uuid": "6f109a2b-ad65-4e76-a560-ae584188f6d0", "value": "d5d08b37926c458f05e786f7ea9b0578.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c7eda6ed-2751-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689894269, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689894269, "uuid": "8672bcba-b15f-4963-82c7-9e549675bc7d", "comment": "Malware payload", "value": "0db772dacf3d478709678a280138038e", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689894269, "uuid": "d172912e-3ed9-4c63-bdaa-81cadef4ccf7", "comment": "Malware payload", "value": "4c86cd82bbd7ff9d6061d6469c92d1e81e9a5dfb3805a8e62bc7d94d99f85218", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689894269, "uuid": "c3ed5985-2cc9-4c99-ada0-0e86d5ce9408", "comment": "Malware payload", "value": "9208c0161d6113240b119ec17f4e7ccc7d9a156a", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689894269, "uuid": "08740898-a75c-446e-97a2-603b4965e5d7", "comment": "Malware payload", "value": "421802ef89aceef87dfa065b7a82104393758d708f324c1764d7bf69b53c382ae12495241928f5a1626f5e1e362ab535", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689894269, "uuid": "dce7aa31-2bc7-4a6b-b3f0-d892db79d7ea", "value": "T1E49533136F85817AE401EDB428B7FE179B46FD404CB6696472EE9E8ECF372824949330", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689894269, "uuid": "f490a590-4b14-4cbe-a86b-1d7f837318b4", "value": "884310b1928934402ea6fec1dbd3cf5e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689894269, "uuid": "e13b5677-f747-49df-9b15-d0b6d5e86647", "value": "49152:b2YLzyfwu8s469FkQDR7TfyxMDDkCBMI7wqB6:yeuF3kQDlDo1qB6", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689894269, "uuid": "26cd0a4b-e498-4d1a-ba21-507b844b0059", "value": 1929892, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689894269, "uuid": "926346fb-7e93-45bb-bb18-b36d9a6892d9", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689894269, "uuid": "1b146372-24b1-4241-ba40-dddbcf8d83b2", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7425cc95-26cf-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1689838294, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838294, "uuid": "8979f343-538d-459f-b5f4-f7b1dedccdd3", "comment": "Malware payload (Amadey)", "value": "7f5c28c101279574467da265bd0ed14c", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838294, "uuid": "41c36857-a65d-4486-9f04-8ee7e949c7ee", "comment": "Malware payload (Amadey)", "value": "4cd16e25ccfb534f4874b674c63063fd27217b1ddc08d86a3c2d92097c9294f4", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838294, "uuid": "4abfc0f1-8a29-4b16-97d9-757dd7837a23", "comment": "Malware payload (Amadey)", "value": "36c88fa6def29e21716dee8351286beda9550a33", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838294, "uuid": "4b004ccf-fe8e-4e3e-b6ec-23762bbfb0f6", "comment": "Malware payload (Amadey)", "value": "e2c89313de42e8ea93bd52b4d7a74537a0bc806bf1609758873ac0eaf8b2c4e2dc8ba2adf54e8f57bc3de7f7afaf5080", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838294, "uuid": "d5f89e95-66e4-4609-b150-c3c5b13fff42", "value": "T15C840113A7E98073EAB917705CF703830E35BCA04DB4536B2B45A91B1CB3694B63676B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838294, "uuid": "6e06247a-03ff-4a22-a31d-a10602c3bf4c", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838294, "uuid": "e2adf19c-a503-4901-aaef-fe3e802c8234", "value": "6144:KCy+bnr+ap0yN90QEZRQdt/RS5KRc+YKOegOy4JhWsHH+IWKlhO+YRJ3cGSEEwh:+Mr+y90XwtM6cdh4rW47WKlfwbcwh", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689838294, "uuid": "cb28f019-e15a-4077-835a-231c4df9dd62", "value": 399360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689838294, "uuid": "dbc18bb3-36cb-4168-a82b-f154d6ad07ce", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838294, "uuid": "2cadfe78-bd3b-41a3-b06d-416a6500e52b", "value": "7f5c28c101279574467da265bd0ed14c.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4437468a-26ad-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1689823611, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689823611, "uuid": "447a194c-20d5-43fa-9d2b-ad2d1c822db2", "comment": "Malware payload (Mirai)", "value": "7810f0d05e54d56f6d5fa26e660c5435", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689823611, "uuid": "c9231c22-1973-46a6-8bb8-be608f0c62ec", "comment": "Malware payload (Mirai)", "value": "4cdaacc42a1f01273e1e97f00dc9d98049a5100f56d890dbc2dd390f0f290027", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689823611, "uuid": "8e29ffe2-76e7-4342-b27b-21e880596ece", "comment": "Malware payload (Mirai)", "value": "4d7010bd0d19f373e1ffd8beb0bbc8a3c180dbef", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689823611, "uuid": "85ef3420-a7d3-4974-b058-4409bc402eb6", "comment": "Malware payload (Mirai)", "value": "50f44fab9979a99584f26c9a710b4fe9ad6ad736d6b84dab75f015334d987f4687610a129b265c18770971678f6324d4", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689823611, "uuid": "3311846e-50b7-469e-bf4d-e51f5b757acb", "value": "T11A632931BA761E17C0C1A47A21F74B65B2F146DE26E8CA1A3DB20E4EFF719406543AF4", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689823611, "uuid": "882f7016-149f-497d-9ca5-ed48c25f7c85", "value": "1536:u0eYQR0slbt4HK/0Vw/Gc8tQ0Yt75caLtstf8:DelwHCLOYtVGt8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689823611, "uuid": "b27d49ee-e9b9-4888-963a-a3061d163c2e", "value": 70136, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689823611, "uuid": "25a078e9-f795-4088-9acf-77bc15771845", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689823611, "uuid": "58444f64-d187-4090-84eb-8b79f68a0311", "value": "7810f0d05e54d56f6d5fa26e660c5435", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "23e5a457-26ee-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689851474, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689851474, "uuid": "22b63a09-2034-476f-a4ba-675b92430988", "comment": "Malware payload", "value": "424202e007aa984c4fe7e0de19c09298", "object_relation": "md5", "Tag": [ { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689851474, "uuid": "9ccaf32a-b44a-4681-b591-3d90e0d84cb5", "comment": "Malware payload", "value": "4d555b42689e1b551691596127dff4141792b93e41157b70e7fdfef3204b48d6", "object_relation": "sha256", "Tag": [ { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689851474, "uuid": "3854bfbf-b7f8-4245-8159-a46f4a34fc73", "comment": "Malware payload", "value": "1e6196ecc198686fdf2e934c17522ad67ce83bec", "object_relation": "sha1", "Tag": [ { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689851474, "uuid": "9aff05d7-06bf-47e1-92cb-f3b87507399c", "comment": "Malware payload", "value": "70ae162872530c87c1a8ff8e67a6014406ca10325dd37d403b39b8e0be161b2d2396065ba3716ab250cb5068d369c2f9", "object_relation": "sha3-384", "Tag": [ { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689851474, "uuid": "b6f857a5-bf64-4bab-8ce4-477c38679e86", "value": "T102A4239E24D66E8BDF0569C1D20F6FF1E72C5BB154F508C9A0AD4A50BC3AABF35C01A4", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689851474, "uuid": "db165418-20a0-4d06-996b-f9c41dd1f9a3", "value": "12288:wDEH3CKIHXjdVBiewuUGh/r6mQt2iC/oAD91BAzyMe:uTSjm2jAiIoADu2z", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689851474, "uuid": "82b55b82-d7d3-4cba-8bbe-4503947bbcc5", "value": 492364, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689851474, "uuid": "451a9a31-797a-4ba6-a8aa-48909aa94bba", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689851474, "uuid": "a5d57ad5-1fe0-44a9-b50d-7f4db06d5ce6", "value": "2023-07-01--2023-07-15_Transactions.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e4c51071-26ca-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689836335, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689836335, "uuid": "61551572-ae26-4280-828f-68ab12ba4c38", "comment": "Malware payload", "value": "017f5780b4b0e6d97fb6f581ec3df8cb", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689836335, "uuid": "d4b08c03-2940-404c-89de-978b85b56ce3", "comment": "Malware payload", "value": "4e99779daa53bffef62592a796d7fdc620ba3edc4f397d92343d3b89cb3a5e1a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689836335, "uuid": "0328ec54-2d80-4a7c-b6f1-36989dcefbb2", "comment": "Malware payload", "value": "01fdadc371bb2ca7585770763d7d8fad466e51a1", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689836335, "uuid": "342d7906-8e35-4eca-b091-dd4b3f6e1ffd", "comment": "Malware payload", "value": "043f59a9e71c0e6a3333f31f130013604781c99cda3ad6dcbac8061a1fa1e9bd4b4342831ced25c9c3ae1846d41720f4", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689836335, "uuid": "8f8af34b-479f-4182-9127-d890ce3ab9d1", "value": "T18766231239C08036DB7330334665E3BA46BEF8B41B2515DF17D81ABA1F746C26B3A65B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689836335, "uuid": "43dd5719-0dec-4938-999b-139dda2246b5", "value": "ea2d297e3bd3b5b7def0556d0ff46651", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689836335, "uuid": "ff0b1bdc-0762-4d39-bf27-10652410df93", "value": "196608:XPnQG14cH4xvtSsUEFXYjFxQzNhHR//9QK:XPfbYKsTxYjPQzjHc", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689836335, "uuid": "96970e5f-7e58-4c63-9140-03cb81fdbe9d", "value": 6724096, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689836335, "uuid": "c8d66864-9eda-4853-a92d-b9988904d37a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689836335, "uuid": "f91abe88-ded1-4326-830c-5dbe08f7cb79", "value": "017f5780b4b0e6d97fb6f581ec3df8cb.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c16e2889-26ce-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1689837994, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689837994, "uuid": "9d593af3-d9df-4e48-8aee-56a842da7714", "comment": "Malware payload (RedLineStealer)", "value": "859f7291df89d775b2c13b9eba46f15e", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689837994, "uuid": "72dbe079-775f-4870-8014-0cf423401258", "comment": "Malware payload (RedLineStealer)", "value": "4ef1a0149daef80693bc6f0b8f8337399c8687c08ca4792d24e3bdaab9bf6f77", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689837994, "uuid": "382172bb-d4c9-4d28-982c-86c0eb847fc1", "comment": "Malware payload (RedLineStealer)", "value": "cd432f7142d19ca13261a674f4456669fff79c8d", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689837994, "uuid": "351f701b-357d-4d20-ac13-8f7d49a8ee4e", "comment": "Malware payload (RedLineStealer)", "value": "7186fe51dc800c886038401f3e71a59aa1f924994fc22c4b83cdb307030abe3afac3a0e9b581184c1f876f9dd587eb3c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689837994, "uuid": "7cd415d7-d7f7-4f13-b204-1f5be7fd4df1", "value": "T153840103A7E89073D9B5177058F613931B37BCD1AD74836B2796585E0CB3AE0A93272B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689837994, "uuid": "1161015f-1d33-4ed2-85f8-ca6386be43a4", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689837994, "uuid": "e08954d6-430d-4e24-be08-910cce6528f1", "value": "6144:KOy+bnr+op0yN90QEJVyucfzJ8b9U+BuekimU0dYTCcHnlRHBd11szcoN:6Mrsy90RcF8b20qUscHnl9T11snN", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689837994, "uuid": "5d0f6bfd-0070-4223-9fb9-eb627a81af39", "value": 399872, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689837994, "uuid": "86ea97c1-1851-46a1-9c4d-84e585b81da3", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689837994, "uuid": "39dbdedb-60d6-46e2-a2c4-6c270ab27c45", "value": "859f7291df89d775b2c13b9eba46f15e.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "82a0dffb-26ca-11ee-a6f9-42010a9c0055", "comment": "Malware payload (njrat)", "timestamp": 1689836171, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689836171, "uuid": "cdbcb9c5-dba6-4ec7-9316-9064186f3595", "comment": "Malware payload (njrat)", "value": "55877230838a3e29379f10fe6cf70c66", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689836171, "uuid": "243c4b1c-ece8-4de1-a5b5-187a6436e523", "comment": "Malware payload (njrat)", "value": "4f24982ce7b3ff35f2f1e4b1f3221e21c6bca80f9fbe96d9c9d240173a593304", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689836171, "uuid": "fa5d8485-3f4b-4cb3-bc7c-9aa9468ab668", "comment": "Malware payload (njrat)", "value": "70f5fe2ee4449aca1a7988ed47284f9bb8ac4823", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689836171, "uuid": "3577bf95-8eaa-4e34-938b-d6cd08111f58", "comment": "Malware payload (njrat)", "value": "00adabf40a0fb6adc7908d4eef37a5c65886606a16c7eedfa3f95723e793626546135e5e1c0dae009a7f14c156761332", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689836171, "uuid": "5e67e89d-f708-4b3a-9da3-c1a393514cd4", "value": "T170758D03BA5F8AB2E2891732E59B9C84C3A5D983731BD71B744E23B644033A79D46D37", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689836171, "uuid": "35eb9971-125b-48d8-a101-6743e80f6a52", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689836171, "uuid": "e421b893-bdd4-46a4-98fe-f9c61cac7221", "value": "49152:MHec3FCFPecemUpNpM4lRJ7g28l1rHxDBV:MHsFLem2pMkJ7gBl1LV", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689836171, "uuid": "18df412b-d0cf-4caa-b66e-901da3e5f583", "value": 1667072, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689836171, "uuid": "21b88a82-e411-43d3-88e4-d1a1d58805d6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689836171, "uuid": "5cc2d4f4-2c89-442e-b7f3-19feb91d3cbd", "value": "55877230838a3e29379f10fe6cf70c66.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "aba853f8-2734-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689881766, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689881766, "uuid": "561dfce9-827f-4e71-a13d-800f81d7a3d9", "comment": "Malware payload", "value": "7595d2720aa7240588903df1a84bc840", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LimeRAT", "colour": "#53EF89", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689881766, "uuid": "41f80f7e-96dd-4191-a44c-19a85a3fe8ac", "comment": "Malware payload", "value": "4f35e245a543eb6888dd7d2d3cd32be839d7925b857d78d3721999c383bb9dbd", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LimeRAT", "colour": "#53EF89", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689881766, "uuid": "3fc867f6-ba27-4145-b7e0-c99e2e688fe7", "comment": "Malware payload", "value": "0fab07f7b35249abb58baf70530c068bcfa18b78", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LimeRAT", "colour": "#53EF89", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689881766, "uuid": "482397b9-8988-412d-9e6e-5dd89c5f168c", "comment": "Malware payload", "value": "378ca7f7c1706a8e62a1bb7e58b7562f82b930db50ce6426cd810d598e2d81ec88ab5c0a4a9776825239503991e3c842", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LimeRAT", "colour": "#53EF89", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689881766, "uuid": "b07532e6-21d7-4f59-ad23-9c6500fe552b", "value": "T1DCD27D05BBE14345D3EC1AB20F7161150BB1DA47A93BFF7D0CC954971AABEC18B84AE2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689881766, "uuid": "cbd4a983-73b4-4987-87eb-0db9442fe1c5", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689881766, "uuid": "30b3702c-b5d7-4f29-b261-ffce7a47fe0f", "value": "384:cB+Sbj6NKGnD6N9AHNkAeqDTqfGloavDKNrCeJE3WNgjz9DQWaRQro3lcVObsjr:6pGD6N9wN9qfGa445NwZQWS6j", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689881766, "uuid": "c5c21fbc-bff5-464a-b969-9c975f87bf72", "value": 29184, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689881766, "uuid": "d9b07be8-e6f8-4400-8487-539ef899a0aa", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689881766, "uuid": "2edb8fc5-9940-4ee4-84a4-01a7fddb4add", "value": "New-Client.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "541fe863-26ce-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Glupteba)", "timestamp": 1689837811, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689837811, "uuid": "afa36121-e197-4e41-90d0-366494f1c6ca", "comment": "Malware payload (Glupteba)", "value": "b79a179e12dd2c67f40297bc597808b0", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Glupteba", "colour": "#9BA385", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689837811, "uuid": "0f675a85-c376-4aa6-a5bc-a3530764d750", "comment": "Malware payload (Glupteba)", "value": "504af30f1c8ca0339a2feff60097ed381bbcef9dcbbb26fb1582f57645370fc9", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Glupteba", "colour": "#9BA385", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689837811, "uuid": "4143fc19-c828-4563-9781-aecd7b554be6", "comment": "Malware payload (Glupteba)", "value": "cb1a0ec6f9dbd3ccf6f81a3b4748277fd0c53728", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Glupteba", "colour": "#9BA385", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689837811, "uuid": "18a03caa-8d1b-42d4-b7ea-668bed0eb3dc", "comment": "Malware payload (Glupteba)", "value": "11f0eef5e4142282cff77e3c6cde8333709bff12813fcfbb344ab9704e6f7ebebf9a67471c806f61b85a5da06d876afa", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Glupteba", "colour": "#9BA385", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689837811, "uuid": "a1d5bcad-543d-4ab9-a42e-fb221e10d6a8", "value": "T1351633287EA281B1D8773A3D80798B14BEA3FC8243721AF727941BAD56707C2D471B57", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689837811, "uuid": "883e5d2f-75ac-481f-9cbe-dd6e8737c81d", "value": "6d688d9cc0f6602b42d54dce0edb5c52", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689837811, "uuid": "0f928627-413f-4e33-a0a4-4cb048555c86", "value": "98304:q2WGuuYlSW30p2tHAEzuV0mRKe6rZ4IIo/RAI7Zwte33yiIf0L:q2lcIW30GAJWIn6Fso/iMwtdjML", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689837811, "uuid": "12e30da1-1d59-45d1-9b7c-c95501752a84", "value": 4343664, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689837811, "uuid": "e915bcb9-294b-4ed5-891b-86d5204f74c2", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689837811, "uuid": "5544f04c-9683-4ca4-b683-66a1c31b3a91", "value": "b79a179e12dd2c67f40297bc597808b0", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2e9ed9f9-26cf-11ee-a6f9-42010a9c0055", "comment": "Malware payload (GuLoader)", "timestamp": 1689838177, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838177, "uuid": "41f408c2-3b00-4b03-866f-af7deb7c9755", "comment": "Malware payload (GuLoader)", "value": "ad5b8222c5d2ddb0c4f7605b1508f8d2", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838177, "uuid": "a2dc9004-df46-4d1b-af83-0746a1a2eda2", "comment": "Malware payload (GuLoader)", "value": "506e6d0f86b005d2d6303c63b92b4518e6423e32a0c3521ddcf6b4311e6a56eb", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838177, "uuid": "d4577672-e640-4c24-8d5c-327328abb357", "comment": "Malware payload (GuLoader)", "value": "f1ae6e449a00bc3ab4105a4bc17870062df84050", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838177, "uuid": "aa0ca368-393f-4da4-9a85-c8e18854e49f", "comment": "Malware payload (GuLoader)", "value": "d5e6903c41fe5ffd836233ed17f6f238031e86fb7dc2163e92969bece7f5d283db5852d46e88681b9e0145ffab55bff4", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838177, "uuid": "37d0142f-d10f-4cb1-abec-a969246f1559", "value": "T16364121193A194BAFCF68470287B1B5BCBE6FA3549542F060780AB123D45261B77FAB3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838177, "uuid": "13d0038c-24d8-42a6-972c-8d3f3af6772c", "value": "e2a592076b17ef8bfb48b7e03965a3fc", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838177, "uuid": "11d2bdb6-2b0a-4795-bee3-b70f8f9ace30", "value": "6144:kpkXchIk4kfn0v6JE7HRVhjKwn9sHfYs6TXF07ZiFfi1M2lQ/tEpBgk2iQRgzE:hJk4kv0iJ4HPncYs6Tu1DlQCpqzRwE", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689838177, "uuid": "69caf809-f2c5-4d23-ac20-b58004f8f129", "value": 324140, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689838177, "uuid": "424153ab-cdc4-4d78-b858-c54045963434", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838177, "uuid": "d7e608e8-008d-4c8f-af0d-622a5e966d7a", "value": "SecuriteInfo.com.FileRepMalware.16681.30532", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "64bdef8a-26e3-11ee-a6f9-42010a9c0055", "comment": "Malware payload (CustomerLoader)", "timestamp": 1689846858, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689846858, "uuid": "538afe13-56b7-46a3-9bd1-f4c337cb4c07", "comment": "Malware payload (CustomerLoader)", "value": "1a7030a9e4bb4fa4add3fea583b6fd1e", "object_relation": "md5", "Tag": [ { "name": "CustomerLoader", "colour": "#57A5C4", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689846858, "uuid": "ea9f7155-9503-44c0-a3b1-2ac9af1b7b20", "comment": "Malware payload (CustomerLoader)", "value": "50b4f9e884d3da0407cbd85af6036346123ef41e845fe854a81acd41cd92f2c3", "object_relation": "sha256", "Tag": [ { "name": "CustomerLoader", "colour": "#57A5C4", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689846858, "uuid": "c7c7d97d-70a3-4b86-8930-d31f8f5a2b04", "comment": "Malware payload (CustomerLoader)", "value": "25c5223d01552562ad0d6473cf5e3480f05814c1", "object_relation": "sha1", "Tag": [ { "name": "CustomerLoader", "colour": "#57A5C4", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689846858, "uuid": "0e250ebd-e5d7-4aaa-8b21-22500c88e2a4", "comment": "Malware payload (CustomerLoader)", "value": "edafc7a068a94c1f34fae83c28ffda90ff8c17e3676fdf4fcb718c3daaa553977638702e942177f932957c6a98014391", "object_relation": "sha3-384", "Tag": [ { "name": "CustomerLoader", "colour": "#57A5C4", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689846858, "uuid": "b704698b-5aba-484c-892e-bf68ddddaa37", "value": "T1E003CF044BEE4179C56B0A39ECE102820F7D5F97B497DF9FDF88594A1C873296621AF0", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689846858, "uuid": "5f5c9c5a-970d-4cc0-b82f-0242c708a759", "value": "768:7JD9ZWG5xq5Tllmu24Ra2DovIieNhIPVQPa9MHSHr:zZWG5uTll92m7ov0oW6MHSHr", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689846858, "uuid": "0405d4e7-33a8-4c05-a24f-fc44e3c0ede0", "value": 38400, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689846858, "uuid": "3246aa3f-acd9-487f-83c6-bd62f8e9ce84", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689846858, "uuid": "6031a1a4-47e8-4c72-accd-651228ddfc40", "value": "QUOTATION_JUL7FIBA00541\u00b7PDF.scr", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0d35329f-2711-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Tofsee)", "timestamp": 1689866468, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689866468, "uuid": "e83941ca-acae-4c8e-b6c3-9f873fde90cc", "comment": "Malware payload (Tofsee)", "value": "01ab045da7649afb943762962bddb76c", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Tofsee", "colour": "#0155AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689866468, "uuid": "539bfaa0-8f05-4964-9dd8-bd1adee8fbee", "comment": "Malware payload (Tofsee)", "value": "512d9a604bd93cc2ccb8b058caeb491171c81b58aaf71534f03313a91f683803", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Tofsee", "colour": "#0155AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689866468, "uuid": "56b48fc3-f09f-4341-9a6c-e70cd659f4ac", "comment": "Malware payload (Tofsee)", "value": "d287da38fe5beac670924148fcfe4e2c577487c1", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Tofsee", "colour": "#0155AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689866468, "uuid": "4af52e30-52d4-4bc9-9ac9-2fab6850058c", "comment": "Malware payload (Tofsee)", "value": "77532cdaf9b5f8fecdb81a3d396b06d1ed006ecce176e642e457066b78b372b70fa9794a412f37c4d05e9c943dae977b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Tofsee", "colour": "#0155AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689866468, "uuid": "591cccaa-2522-4b69-a974-4905a3651557", "value": "T1D464A743C7A23D49E9278B768E2FC6E8760DF6508F493B7D311D9A2F06B10B6D1A7610", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689866468, "uuid": "f91ba01a-c69a-41a7-8f2c-974ccd7c3096", "value": "4204b9f7d0ffdbe2928a3ddb092604a6", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689866468, "uuid": "744e65c0-4b5b-41cb-8dd1-46c9bc36ee4b", "value": "3072:7A4ubmPLOrTzq2H2RHMPT8jwitpCo/34K/+wnCC5WaGAS0Jku4:NugLOrTzPH29MPIjTtjx+wnCRnASt", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689866468, "uuid": "bba0cb48-819e-4e54-bd9d-d845661b2191", "value": 323072, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689866468, "uuid": "1cb3192f-7d52-4c60-b8ae-9f50869e204f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689866468, "uuid": "e05df7cf-8063-453c-9f7d-2e74e89a368f", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8a76afea-2712-11ee-a6f9-42010a9c0055", "comment": "Malware payload (LummaStealer)", "timestamp": 1689867108, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689867108, "uuid": "cebb40f7-2725-4820-90bc-99a8bf49b163", "comment": "Malware payload (LummaStealer)", "value": "1bcd409bc9efcd48dfbc3dbd26e0071c", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689867108, "uuid": "7b61b566-a019-4d81-9894-09d7d1e1042a", "comment": "Malware payload (LummaStealer)", "value": "515006e6eecad0418c6c3980a258dfc6e9f8ff8dacc801298b445c25017beb29", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689867108, "uuid": "d60396f3-917f-475b-bc3d-64262d5e3694", "comment": "Malware payload (LummaStealer)", "value": "063c673744ab5787e0087b6602332d8f7a07e039", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689867108, "uuid": "ff67840d-e83d-4987-bdf2-940b3fb70dd7", "comment": "Malware payload (LummaStealer)", "value": "83f0012fcf2cd84d078b0030193d9fb7731f474a02a9e0cb25da1a27279f71526c4345001619e1394535534f4f6bc800", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689867108, "uuid": "4fef1d3a-9748-4d18-ae5a-90cb9623835c", "value": "T11285CF4573B18E77C794633499A3817A4F31F5127593FB5B2E78920C28B22B84EA13DB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689867108, "uuid": "a9c8d833-c1d4-4309-8b75-7d9f358131bd", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689867108, "uuid": "b0149c5d-6015-4d0c-9dc1-df01c3179bb9", "value": "24576:9Kk8YxJl1W4vfJnQBYxtbcR556Zcsn4slE83RwXXasZe3+yqkqBLU:0YxYkpQKQRuZccZJBwXXasZs+BkMLU", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689867108, "uuid": "d48284d2-131a-4ffd-b126-a8c1b060956d", "value": 1786008, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689867108, "uuid": "40df52e1-37f7-4572-a7e8-64af10699bd8", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689867108, "uuid": "c363527e-51ae-4641-be69-423762d35f0e", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "63faf438-26c8-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1689835260, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689835260, "uuid": "10b51527-8e71-466a-8596-17c042304309", "comment": "Malware payload (RedLineStealer)", "value": "29559e945f56a313b5e9264dd6ca7a3b", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689835260, "uuid": "fc02faca-37e5-4021-8ec6-2836567effb1", "comment": "Malware payload (RedLineStealer)", "value": "51d640efcf425557c7e898a690d229994ff2fc0610138596398e8cdd60583244", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689835260, "uuid": "28c962d5-200a-4720-b327-e7e1479f7e0c", "comment": "Malware payload (RedLineStealer)", "value": "008abf8dd4f1da5ce1cac168e042ef8bcee54607", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689835260, "uuid": "fecce258-95c7-4533-9e13-67f2f5b9cb22", "comment": "Malware payload (RedLineStealer)", "value": "fc7b8b8c162040d3f9370b2acd846660b14f6539e099be3e5bb8c818c4ffccff6a383004ca2b66ead0e292abedb1868e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689835260, "uuid": "3fd1fd72-3980-4e94-8179-6185682cc0fb", "value": "T18B840112ABEC8073DCB5177048F606C30B76BDE1AE78836B27D5995B0CB3685947272B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689835260, "uuid": "9b746a5d-8392-4d48-b9e7-40d349a25018", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689835260, "uuid": "ceb76c8a-c617-46f1-b3c0-275c66ee5b9a", "value": "12288:TMroy90EgA20duD7uAomGFLqcHnl9movoHz:LyVgAy7uGGFL5Ha", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689835260, "uuid": "a455f632-f2cc-4328-bdc6-1c41194026a4", "value": 399872, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689835260, "uuid": "b13e9cca-da2e-4899-84f9-0fb1138e6899", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689835260, "uuid": "06b638ac-7fc1-4b7f-bed6-acb36d26930a", "value": "29559e945f56a313b5e9264dd6ca7a3b.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "71bef9ba-26d4-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1689840437, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689840437, "uuid": "2695ac53-5f3a-4587-b95a-228f3fd78d15", "comment": "Malware payload (RedLineStealer)", "value": "1fd972fa7b5d9b8b1457dd025aa1ffe7", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689840437, "uuid": "f418e07a-08ea-4b8d-a92c-1b238f0de171", "comment": "Malware payload (RedLineStealer)", "value": "520044b6e34ca534c0a4d97abd318a8db37169f18f8c1e385f3d5b79df9d025d", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689840437, "uuid": "850c3640-95b2-4ec1-8c45-166b9951b2f5", "comment": "Malware payload (RedLineStealer)", "value": "2879d38e0b6fe1b930fafbe6415b641b5efc68e4", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689840437, "uuid": "4b1601f0-9ea1-474d-9ab6-e41740cb8512", "comment": "Malware payload (RedLineStealer)", "value": "9ac1433aa0e03a15fd5f087a41cb00b55268b4a7840e368a9b31afc1759a34af5734bbc55483553f4536759d2a829bbf", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689840437, "uuid": "130693a9-a0b4-48c2-b507-d3f4cdd4894b", "value": "T161475907FA8085DAC655C2B9C96A83D57730FC442F26A7C72A54F63D2DB67D86EB8300", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689840437, "uuid": "5dd5f5ba-6185-4ace-8890-b8d450c7cd9b", "value": "d59a4a699610169663a929d37c90be43", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689840437, "uuid": "96f42807-4f3a-42df-8eac-c4b86ca821fd", "value": "98304:ylQKxQh+98myGsy1slENtrE7pQ8kq34vEStCAsDrP7J8yStyBCWLRV7VtC4bksxI:uQPY9mgGvkHEAsdtLRVRXgFqKQbEZxRp", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689840437, "uuid": "efce154a-a384-4354-9dd8-ab1400c5908b", "value": 26881024, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689840437, "uuid": "1e999b58-ad35-4fc6-a932-00e8e5e74e1f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689840437, "uuid": "8657527b-02d3-4f85-a862-076cb3852f63", "value": "1fd972fa7b5d9b8b1457dd025aa1ffe7.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7b32750f-26cf-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1689838306, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838306, "uuid": "c66ae468-06f1-4896-a81c-b20be29f92ee", "comment": "Malware payload (Amadey)", "value": "bf3ebfdf3607d777f6fc6c5bedf94988", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838306, "uuid": "c98d4a4b-5578-4a77-9e8c-c2b5798821bf", "comment": "Malware payload (Amadey)", "value": "520807138ae8562b68213a03d6ac3007d8d0e66ef3c9bf220602eeabf2d118ea", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838306, "uuid": "7ada8d33-022f-4d4a-9449-456a55cb057d", "comment": "Malware payload (Amadey)", "value": "860c9addd4d70a74e18d3848c74b25c1c27955d6", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838306, "uuid": "0d16e856-d8c0-4943-9402-4f2c17ab8bc3", "comment": "Malware payload (Amadey)", "value": "22ee1e61587dcdde5080c82d65d0cf5a00f3fbba55da32368e9494ce5cd30408dffe5c9501dc73d997b56eaf59a46e44", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838306, "uuid": "cd8a159b-d268-4b2d-be40-e256bd200e4c", "value": "T190B40217A7D88032ECB6177069F606930E377CA12C68935F27C5A94A4DB3BD4E57232B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838306, "uuid": "776f5374-0aa3-487a-a199-cf63f0cc58b3", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838306, "uuid": "d3b726bf-a771-4f36-bcaf-cc5eb4da5f2f", "value": "12288:cMr/y90wBKPy7FK2/ghjgRe3OgQu1ddmgjezs6f+tvBpI:LyfgPy8udEM05Kv+JBpI", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689838306, "uuid": "af8cc2ea-4458-4a7a-8566-3660c575c312", "value": 527360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689838306, "uuid": "2e04f1e9-a555-4365-b0d4-0192e299048b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838306, "uuid": "2d7d57f1-1d1e-42dc-be31-88873c3656d1", "value": "bf3ebfdf3607d777f6fc6c5bedf94988.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ed52512f-26d0-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1689838927, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838927, "uuid": "60c82294-7364-416e-8d33-412611795c74", "comment": "Malware payload (RedLineStealer)", "value": "999816a5d68da2126112c62a9e0f737e", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838927, "uuid": "79adfd83-0ec6-4b16-a8b1-ebfed6ee38ec", "comment": "Malware payload (RedLineStealer)", "value": "52363c50d7c1a658e6f3702179d0967d3c7a164a63f46defd5305df9ad4410e9", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838927, "uuid": "906f2106-8af0-4cc7-be97-cfe094551660", "comment": "Malware payload (RedLineStealer)", "value": "8d91e3a54b49a41f015bb2ab30cb11a5c88c96a5", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838927, "uuid": "95d66102-f92f-4e87-87de-998cd2c29cfa", "comment": "Malware payload (RedLineStealer)", "value": "7fa59ebe802030b0d0c5f7b7b85eccb6b7ce6eeb6d3789f90ce50fa858dc1f5cbd681f02b5967d357912c92299532d0c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838927, "uuid": "7fff0294-3bb0-4c5e-9a58-5a4e9f36754e", "value": "T15F840253A7E88433D8F51B7019F713830A32BCE1AD74C3AB2285995E4CB26949572B7B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838927, "uuid": "cf00ba3e-68ef-47dd-8094-68d05b13cb16", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838927, "uuid": "a88b0078-b482-4a14-ad8c-8a50e7bdae9f", "value": "6144:K1y+bnr+ip0yN90QEAJte3cYwvbI5WdLqLdNY/3bwOmVJxCcHnlRHkeDsiPjI:rMryy90L/0WoLq7Y/3UPkcHnl9vsirI", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689838927, "uuid": "f28e3e32-865f-4200-bae0-dc96afa3f92c", "value": 399360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689838927, "uuid": "452932a0-0493-4c1f-8ff6-37405ee4d477", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838927, "uuid": "82bf0a99-ca36-4555-9e8c-b66c68726018", "value": "52363c50d7c1a658e6f3702179d0967d3c7a164a63f46.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "670b888f-26d4-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1689840419, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689840419, "uuid": "2e3acf8d-17bd-488a-a8b6-d24edd10bbe5", "comment": "Malware payload (RedLineStealer)", "value": "f98d74e8f761479773d25e0e7dab8fc6", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689840419, "uuid": "b8f68a96-5f41-45b5-b64b-3998ed889a0c", "comment": "Malware payload (RedLineStealer)", "value": "52b888b35ed7381b5fd211296546932916d5751bb311f24431683788bddeb04e", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689840419, "uuid": "175323e0-6587-4ef9-ac77-edf49b5bce0e", "comment": "Malware payload (RedLineStealer)", "value": "10a25bf1824e3538a4c95d7e485489a5dff68d57", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689840419, "uuid": "5e8a6856-ed3c-4b15-9a1a-d2613750e35f", "comment": "Malware payload (RedLineStealer)", "value": "1d60beb18b3de6a2156cf6bbcd5ef2a85abdf10c2efa9d50857b1a7f980306015b5a71e75564ef713b00a14624be11a5", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689840419, "uuid": "8b0aa8f2-4061-4eec-8caf-b7c29a689d11", "value": "T173840153A7D94132D5B91B7058FB03830F3ABCE19D74873B2A45A91E0CB2681A87677B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689840419, "uuid": "4c3be513-6018-4327-bb10-7feb15781a00", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689840419, "uuid": "b241263f-a4dd-41f1-9986-74f8c54a6adb", "value": "6144:KHy+bnr+8p0yN90QE+/F8gb3RS2C63nGPpb6YJyIwubHCeykfQF7keoAYQ:RMroy90+RbkW3nGPpeY4IB91orWQ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689840419, "uuid": "c219671d-afdc-4a24-90bb-89ab17d62c63", "value": 399360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689840419, "uuid": "f45d509f-8618-4bf9-9051-1e59024b7116", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689840419, "uuid": "5aebc413-b5f6-4da3-9925-cdc634c54416", "value": "52b888b35ed7381b5fd211296546932916d5751bb311f.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fe513ca9-272e-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1689879328, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689879328, "uuid": "2fd2d9fd-cdef-4c05-b218-507650e8e7db", "comment": "Malware payload (Amadey)", "value": "1d2ebddd8e95136ac3d8b11477141093", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689879328, "uuid": "b5af1505-58ad-4e06-b618-25f34a6a7642", "comment": "Malware payload (Amadey)", "value": "548bc4820e0ae035848c0bd95aaeca1283cd21a4c51e7f2b938e2ae6e4b565db", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689879328, "uuid": "dd21046d-8f4a-411c-bca8-65ac3aed7d55", "comment": "Malware payload (Amadey)", "value": "e1976b12133f32cc65d500cde18e545609cd8f20", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689879328, "uuid": "decf2dcd-d912-4a25-82b7-f6c1c9f421f7", "comment": "Malware payload (Amadey)", "value": "c9fdbb4d5c508169e10e31a7959c58a8d670d94c97fc14fc92c183b0f34bcb3336619afcf89d0b815d90a1fff2bdc6b7", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689879328, "uuid": "4e0022d1-b7b4-46e8-80c1-52313a753d3c", "value": "T178840142EBE84522DDB517B05CF703930B39BCA29D7843672786AD8B1C72294A97077F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689879328, "uuid": "daf5f4ff-63e0-4e2d-9c56-7eacbca004f6", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689879328, "uuid": "f0bd911d-5aa7-4228-b188-120a5b124e45", "value": "12288:uMrvy90UZfxUWKC5R8nxu2PCiG7Zj7EF:5y7ntSnx5PTGNjAF", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689879328, "uuid": "b905d1c0-2dbd-44c8-9947-38f50d9b35db", "value": 398848, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689879328, "uuid": "1a543b9b-8c35-43d8-94fd-2ff8493b513f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689879328, "uuid": "3401e65e-2fe1-4884-9353-9246746f4a22", "value": "1d2ebddd8e95136ac3d8b11477141093.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8c2197bd-26dd-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1689844347, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689844347, "uuid": "47789bf0-96e9-4251-99f3-6e595d297104", "comment": "Malware payload (Amadey)", "value": "e2ff92ceb1b36894ab6449df6190d5fe", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689844347, "uuid": "96df5e63-6146-4c31-b653-d7b2ca163620", "comment": "Malware payload (Amadey)", "value": "54ca5c456ca4541c7a54027ae67295d9bdec93f29d76b9e8ab36e1fd52b1b876", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689844347, "uuid": "6bac98e3-c1e9-4d2c-9ab1-e7942d834dfb", "comment": "Malware payload (Amadey)", "value": "e62b58fb4e8a161514f89711a1684e1db6100572", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689844347, "uuid": "0fa0ea52-251d-40ed-ab23-4eca4da3fc21", "comment": "Malware payload (Amadey)", "value": "1f8d1b34a93fbed32b43a549a51aa5f0d83731d2df008adc0d7cf7fcd93dbc8a1c76e30408427ea4a0719bac564269a7", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689844347, "uuid": "ea5d8773-0eb9-4362-86ca-70f0c070cd99", "value": "T14B84011366EC8032D9B82B7028F302C31F36BDA15D78877B2745A86F1C72694A57677B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689844347, "uuid": "f6e9e1f6-8cb1-424f-8f06-8d6f99adba9f", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689844347, "uuid": "0cd388d6-7a45-41ed-a8fe-7d4f5020b90e", "value": "6144:Kgy+bnr+mp0yN90QE5OQxmN7o/L8EAr2zsmgutzuXdMyFIVZ/dxGL:sMrOy90DbxGT2zsNcCXdMyFIVfw", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689844347, "uuid": "3311ccba-2dd8-4248-8d58-8c7a9850a4a1", "value": 399360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689844347, "uuid": "2f1c4272-bc9e-4f7a-8d4e-be35b4411a26", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689844347, "uuid": "6d6747c4-69bf-4a77-984a-cc665258c2cc", "value": "54ca5c456ca4541c7a54027ae67295d9bdec93f29d76b.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cce6f09e-26dd-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1689844456, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689844456, "uuid": "1d17a8e8-545e-4aaf-834c-568051cc5376", "comment": "Malware payload (RedLineStealer)", "value": "2c7825e8e929ec639bdecf8098f8dba4", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689844456, "uuid": "3b60a22a-46d7-4391-86d8-c214432e6a32", "comment": "Malware payload (RedLineStealer)", "value": "54cdd5d6ce640669d446a768fe9a989a5dc9dd07f79c540243f9d17d93bb7bbe", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689844456, "uuid": "d7d8cc91-4bd1-445e-bf26-a887013feba6", "comment": "Malware payload (RedLineStealer)", "value": "5a162b2bca934adfebab0441f6bfc41210814e7a", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689844456, "uuid": "f7c1e494-643c-456f-9c07-402fb15826a6", "comment": "Malware payload (RedLineStealer)", "value": "1e963cb5bc13762c25f1b92219cbc41363100adc34e73bd9ee3f80d8b8fa97fd935130957281de2d9271d4cbc1255344", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689844456, "uuid": "26ab02d7-0aa0-407f-9212-a429dc2d9583", "value": "T1CF840153F6EC8133E9B517B058F702830B367CE68979926B2785AC5E0DB3680A53537B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689844456, "uuid": "121bfa57-d046-4c34-8a8d-f1c3434419ab", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689844456, "uuid": "cca312b4-a436-41fd-ab13-d670634ace2b", "value": "12288:kMriy90uwqua4sLQw0qEKBmWjbwZ/5/Zn:WyNwq77EKBmKbwZnn", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689844456, "uuid": "8932a530-7524-4a77-9d5f-1888f1f3cf8b", "value": 399360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689844456, "uuid": "0137b088-fd4b-49d8-8310-23a56c0bd19b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689844456, "uuid": "02e16dfa-5212-42e1-85cd-9b217781b554", "value": "54cdd5d6ce640669d446a768fe9a989a5dc9dd07f79c5.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "84038395-26ca-11ee-a6f9-42010a9c0055", "comment": "Malware payload (STRRAT)", "timestamp": 1689836173, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689836173, "uuid": "69e40d80-dbe1-4419-8366-820a054757ca", "comment": "Malware payload (STRRAT)", "value": "5631c0a70c477c358956db1a7fab6ea1", "object_relation": "md5", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "STRRAT", "colour": "#DA76AC", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689836173, "uuid": "5e7c157e-c2bb-42f3-8c73-17d557f592fa", "comment": "Malware payload (STRRAT)", "value": "5536bd8910de7571b6e14b2dd8af6da658f0f702321966d5bef85e9d41f6de21", "object_relation": "sha256", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "STRRAT", "colour": "#DA76AC", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689836173, "uuid": "57e361ec-10ae-4234-a7e3-a3e83db4c282", "comment": "Malware payload (STRRAT)", "value": "bfd34b4bb1410730a6bd4eb3bf1270b6d5801af5", "object_relation": "sha1", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "STRRAT", "colour": "#DA76AC", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689836173, "uuid": "3e8ee90c-5cef-42d3-a227-1500d6a95fd7", "comment": "Malware payload (STRRAT)", "value": "e7367434d5cb78fdbab27a839e1cafa4e3c9998f0e32263f611da9b970b7f1a735b7614fcd7526cf4a50d41743797330", "object_relation": "sha3-384", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "STRRAT", "colour": "#DA76AC", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689836173, "uuid": "5448c18a-b638-42be-aa17-5e308646c491", "value": "T15C85FA6524A1391AA7B5D630C306C611E82C7D1338D716D9BDA0CA4AFEF1D307FAA52F", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689836173, "uuid": "a174c5af-c0cb-4321-8abc-751de3796b9c", "value": "768:QQcUJn7w4vkfQnBLrm6v91lMF9DGUgGfbT1V+Tii5qU47OFSGxEgPtFVgEAiffsK:QQh6iqHTMt3xwkF6cyaBuj7v49Mo", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689836173, "uuid": "e6c63c62-02ae-4889-8682-e40fcd4fa66d", "value": 1869004, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689836173, "uuid": "3ce56a45-a81d-4039-b40a-80a942a024c9", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689836173, "uuid": "dc249b1a-ba8c-4b2a-8361-e76de10bf066", "value": "PO 769363.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d15da161-2728-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689876675, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689876675, "uuid": "426ac9a2-6c15-4a6b-8f57-3ea603718d60", "comment": "Malware payload", "value": "efff024f5024a44cd78849a0d5bcfebf", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689876675, "uuid": "ee9c97b3-dddf-469b-9a37-63175486f1b6", "comment": "Malware payload", "value": "5656db6dde4162c87a1784aded93fbc68198a8ca97fb9fba50fa77fd5266ea45", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689876675, "uuid": "9f61895b-d88f-49f0-8a06-0fd2013d43c0", "comment": "Malware payload", "value": "465df43502a67b6cf96bf4f83f59ec5aa1055869", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689876675, "uuid": "b194f715-aa24-48d0-8190-f70f41eddea5", "comment": "Malware payload", "value": "bb6e48d36933339a5f18103d2a9c9311e0c5047b7cbf7b93f5c77d93c25b87684126e3ca908e4326d66c80535e71ab95", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689876675, "uuid": "92b05a42-07a6-46fb-b5b9-bf45b20a44e7", "value": "T10AF1E501A7ECC255F1FF4F3968B2BB101A75FB932513C75E1884415E6D22B948BA2BB2", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689876675, "uuid": "5d967462-a0b5-4b87-859d-5c083fd3962d", "value": "96:d6Ac5w59LKYnN792+s9xCYl8ao3dKrtdDFTIoDsIPWwOgzNt:oAF5HF92+sLD854tu4Wu", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689876675, "uuid": "99e42e5b-1ee3-4610-8109-336d976a2f4d", "value": 8192, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689876675, "uuid": "8273c63f-c3f1-4c82-9e56-733c79a7c039", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689876675, "uuid": "6d3693f5-b961-45fc-a35a-c0fcaf066a31", "value": "sihost64.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f6f6e968-2710-11ee-a6f9-42010a9c0055", "comment": "Malware payload (njrat)", "timestamp": 1689866431, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689866431, "uuid": "a93dc3b3-2bf6-4bff-b168-d398fc410d19", "comment": "Malware payload (njrat)", "value": "02ccc0f99335b569236329e45c7cc684", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689866431, "uuid": "3c3727c4-08d2-4c99-84bf-2ab773311377", "comment": "Malware payload (njrat)", "value": "566940a070f3995bdaa11405e091cd6e6d1ce2a210a3fe8b08015f4df6b33a05", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689866431, "uuid": "6588fe31-3918-4549-aaf6-46d4abaeadea", "comment": "Malware payload (njrat)", "value": "ad579ff59af27c45751cd68be3ed7a4b41f73a90", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689866431, "uuid": "cc60f091-6c76-40bb-a23d-00170e7130db", "comment": "Malware payload (njrat)", "value": "363e091990319b46a4e88621edfc2aadb0b5d21c2a9c24f73adf9df45fb059f2b1bb47c30e28fe246bb96ec67d3b2a3d", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689866431, "uuid": "bef43961-b6fb-4661-9906-a7d1b18e09a9", "value": "T1E183E74CB694E174D5FF8BF1B4A1B2890B71A017A806930F99F154D98FB3EC09611EE7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689866431, "uuid": "8294ba1a-6db2-439b-a4ca-89b5f922d6fa", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689866431, "uuid": "eea393f2-b6f2-4900-a331-5da20b53c26e", "value": "1536:zWMmfqrxsVuXQQz3MWWMmfqrxsVuXQQz3M:y1fTe3m1fTe3", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689866431, "uuid": "ee9efd5f-3361-4cec-b9fd-f42fce467c18", "value": 88064, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689866431, "uuid": "4517f1e1-40cf-433a-a88b-770123c0b56b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689866431, "uuid": "6b82dee2-57ae-4968-8ed2-2ab4028f2c59", "value": "02ccc0f99335b569236329e45c7cc684.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4d130919-26ed-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Loki)", "timestamp": 1689851113, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689851113, "uuid": "368b16bb-26c9-4d18-92fb-9e62fdf7ba16", "comment": "Malware payload (Loki)", "value": "5a2fd9c8c847f4b594a572eb2673f83d", "object_relation": "md5", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689851113, "uuid": "cfec0c4f-7344-4518-a8dd-8864a66ebf9d", "comment": "Malware payload (Loki)", "value": "567e8970d27c1e43b55c0156c957f71fb553282709237cc73bbeb6bd518edbc7", "object_relation": "sha256", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689851113, "uuid": "e6b5a826-e7e3-4046-a417-c18cefe8a2ee", "comment": "Malware payload (Loki)", "value": "ddf8d020936b59c08e4ad4008976853a871f5442", "object_relation": "sha1", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689851113, "uuid": "b10e4952-5eb4-4267-9aa7-054794021d9f", "comment": "Malware payload (Loki)", "value": "9ac8385c21e28ace796a166c75878ca20d85f31e893044cce0324c94cf4fcf7351eba7be67bac53bd342094385be9f00", "object_relation": "sha3-384", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689851113, "uuid": "744afee7-c935-4fa9-8b3d-db5c2f99aabf", "value": "T15FB423F843E7D19B94C6F23CB5A8444E1996EFC53821DFF8FA92145328489A5CCE7C88", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689851113, "uuid": "40358750-5fed-40be-b611-eaa4531b0481", "value": "12288:32vLJUdTcj9EzRLNlfAoTnBmwFcJ+6lcBTVZuqEMSmZJ2qVH3Y:GzJ8+9EdBlLnYFc6l8hZu6xJ3Y", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689851113, "uuid": "6833dc23-04b9-4d26-b32c-544055b98658", "value": 539117, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689851113, "uuid": "2ed8cf7c-2c6a-4e64-a63f-ae1fd00e221a", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689851113, "uuid": "cab77551-0e8c-4cb0-b240-2245dff980f2", "value": "20230719H2B7001C000533.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3a5fc689-2707-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689862249, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689862249, "uuid": "0785c210-734a-4ace-8e25-45fcb00a3d3c", "comment": "Malware payload", "value": "3c98406b60f0479b342edbf8afbf8fc0", "object_relation": "md5", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689862249, "uuid": "abb0b667-f4d0-4fc0-b9d7-d1f5d41fbd80", "comment": "Malware payload", "value": "569bd50da1ea60339e2643771edbf5bd782ce1bd2bc3c5986210119130365806", "object_relation": "sha256", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689862249, "uuid": "43641aa2-b483-446f-954f-6f8c3f04602b", "comment": "Malware payload", "value": "e1c5d38384bf655240654b44607be6de0717a425", "object_relation": "sha1", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689862249, "uuid": "93a83d31-3278-4f10-95d2-7b5700d80482", "comment": "Malware payload", "value": "ef00ecce9e5c89d58e16905b73a2814362e69e13972423f085bdca6229967ad967e6de33a8d11ea8941d040d38c9402b", "object_relation": "sha3-384", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689862249, "uuid": "27bba9b5-a997-4742-8c95-b23e54b9619e", "value": "T179327C2E59C4297EF2C650B743B53144F6EC38C3D22D9F4E7A30E9A8C6756ED5A08298", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689862249, "uuid": "8b238f61-88cb-4631-b25b-1ffb08b81dbf", "value": "192:6ya0NT1itWwARgZVPCK44AG9xXSJ+Ej7yJYUKw/Kda2WYKcWexiM:6yXT1itWwANK4499xXSJf7yJYUGAYK6F", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689862249, "uuid": "188ddcee-584a-4d5d-8d9e-d8103b3e3b15", "value": 11085, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689862249, "uuid": "2ae15550-8820-4b95-884d-f248c67d1899", "value": "application/vnd.openxmlformats-officedocument.wordprocessingml.document", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689862249, "uuid": "849baee4-ee44-448c-9638-d71810a15326", "value": "Quotation.docx", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0d690b8f-26e4-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RemcosRAT)", "timestamp": 1689847141, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689847141, "uuid": "9af86f4e-ddad-431a-b3cb-cda93adab44a", "comment": "Malware payload (RemcosRAT)", "value": "2ea1572fba9a84e8b57174a47caa69ab", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689847141, "uuid": "22941234-1d1f-4bf2-b6d2-0fc63c02b30a", "comment": "Malware payload (RemcosRAT)", "value": "56d0325f0952f20ec5db961bcc263238ba251e8cf8f6bb5105466ee46c2db313", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689847141, "uuid": "441c1ef5-5b6e-45a2-80d0-9dc3236fb731", "comment": "Malware payload (RemcosRAT)", "value": "3c51d558e4d596696128b3ed2bfa8249c7ca8d91", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689847141, "uuid": "eac15cbf-4dc8-42d2-a4a8-eb66684399aa", "comment": "Malware payload (RemcosRAT)", "value": "689e233ab33839f441c75f996de04cc399e3231ecf2ee08d34e244834fe70dbaf605d5b6ad4a2f8e1a4efbf91d7087b0", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689847141, "uuid": "95089a0d-e86c-4ee8-907f-df6c376f5e74", "value": "T1B9C41207B62C936EE7DA46B2B93903724B88CF5705517949BBC0FE2D197216CBE432D2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689847141, "uuid": "5080715c-12b7-422f-9d55-c335aaca800b", "value": "61259b55b8912888e90f516ca08dc514", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689847141, "uuid": "a14b59cf-95ef-44e1-835c-57dfdafdd11e", "value": "12288:0Ye7ipLIhYrZm0nGigJQUWILyuDJ3c6FB/t:0Ye7Oche/nGiTUJ3DJhFB/t", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689847141, "uuid": "7fd4fd77-72f3-407a-af29-008bfcbedf9e", "value": 575896, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689847141, "uuid": "4645497d-f582-41f2-a427-4af48e49af7e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689847141, "uuid": "d5b48238-1683-4cd9-8e0f-794db3d28b38", "value": "specification request.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "23e18f64-26d5-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1689840736, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689840736, "uuid": "857de566-6afd-43dd-aff0-fab0e235708a", "comment": "Malware payload (Amadey)", "value": "2bc8e8cd130285a0cbea66c6ae7859e9", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689840736, "uuid": "c36b2d33-123d-4fe3-b0a2-6fb077785f76", "comment": "Malware payload (Amadey)", "value": "56dbfb10e07e622006233e2ca432e9b289e276470e18ab3efe037a1c17c40d5d", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689840736, "uuid": "9ad50dc4-ec91-4b8f-b5f5-af20cf969662", "comment": "Malware payload (Amadey)", "value": "bb229611ae9e5c6a807ceb371b3a282f631324ad", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689840736, "uuid": "077d6707-cde8-4c89-ac6b-acca5f3868d1", "comment": "Malware payload (Amadey)", "value": "648b279062fe140fd3a312ee2dfc96ba69933edb48e537719c588547fac004fd6e2c44871e9810f141f1996b687178f4", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689840736, "uuid": "3091cfec-938c-4b73-9c94-2acb8123d2ca", "value": "T1A0840253E7E99433E8F417B018F607430E36BCA1AC74836B239A5C5A4DB3588E47676B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689840736, "uuid": "631a7a37-bb3e-4ada-800d-015b678d821b", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689840736, "uuid": "2736e89b-d098-46c0-b1f2-817f81cf5572", "value": "6144:K3y+bnr+8p0yN90QETG840XYwvb4mF4xCVPLXsX2NmV5BCcHnlRHuzoiFqv7m:hMrMy90dhI05uCVPZoUcHnl9Woi8vq", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689840736, "uuid": "1988c8ed-9b7c-4f7f-82de-39a695386c66", "value": 399360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689840736, "uuid": "04ec6cf7-2c33-4092-b0f9-644154e695d6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689840736, "uuid": "6a0e03ed-3eaf-4363-a9b4-ebe1bca3c012", "value": "56dbfb10e07e622006233e2ca432e9b289e276470e18a.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1229cc00-26f6-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RemcosRAT)", "timestamp": 1689854880, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689854880, "uuid": "09afdec6-b6a3-45fd-bbc7-9c14c4e31e0d", "comment": "Malware payload (RemcosRAT)", "value": "54742ff0d4e7f7d73e832a5a2fcd888f", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "remcos", "colour": "#0EEF17", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689854880, "uuid": "2b737bd3-e00f-46d7-b2c9-e9a15dbb1f7f", "comment": "Malware payload (RemcosRAT)", "value": "57a1f5b06c6a51e304ef3a87da08d202c0fab63726682c98c0f258e04590bb23", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "remcos", "colour": "#0EEF17", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689854880, "uuid": "37e7a6a6-293b-4090-bfa7-09ab91ef38c4", "comment": "Malware payload (RemcosRAT)", "value": "6ed81aa52dd8129e896e999983caf98ce8842730", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "remcos", "colour": "#0EEF17", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689854880, "uuid": "5ed097db-ddef-4701-a9dc-8c2365ee0c3a", "comment": "Malware payload (RemcosRAT)", "value": "3978da429202b96e21f0d877a9cd4ff0d93e5989ae8b3dce030eb05fcac0d8a546badf0475f06e5f7b25c5c4f062e362", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "remcos", "colour": "#0EEF17", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689854880, "uuid": "26000f71-64be-4e11-9549-2aad50434c1e", "value": "T14A3412986B2ED869D594C6FC8524D5F222E95C7E0D2665CE1BCCFE2FFD27200EC910A1", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689854880, "uuid": "1949b1e2-35b2-45ee-b0bd-a8f69ceee47f", "value": "bc4f8e98d1041d53dd63bfb91ed10d0a", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689854880, "uuid": "44bff755-253d-49bb-b69e-4457712d127e", "value": "6144:tvGSN9gWuLpcBKnVBYAsmrzpyDfOXXVxB:tvbGWulcBKV3uOX", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689854880, "uuid": "ef87bcb8-13d8-4d52-a27f-27ad8f01f033", "value": 238080, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689854880, "uuid": "1dbabb26-5129-4ee3-b986-4347a693b4cd", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689854880, "uuid": "ec6465cf-7b66-4d62-b8f3-4e9e692b4f91", "value": "bOwO.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "04d7ca41-26a5-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1689820068, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689820068, "uuid": "1e24415f-6d0f-449b-8b0b-bc302590b6b1", "comment": "Malware payload (RedLineStealer)", "value": "778fb1869d0c98979495923a920bea9c", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689820068, "uuid": "521dac7e-0640-4203-8d52-75c723279cd8", "comment": "Malware payload (RedLineStealer)", "value": "57cb2cabaabd38a540ddaa79cbb7b83ceafefff32aca4af2956fd9e78a92e352", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689820068, "uuid": "cc53855f-f1aa-45b3-b0ed-c59ddae918ad", "comment": "Malware payload (RedLineStealer)", "value": "ba2b0cac8821d40158e394d5347b95330b82ce8d", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689820068, "uuid": "17ca624e-058b-4cde-9142-a364d3e2de30", "comment": "Malware payload (RedLineStealer)", "value": "a6ca792a6395469c346e3828050b20511aea3fb6ebdc29f2eb78134fb02b319f208a77a3334f952b70bad384cf2b53f6", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689820068, "uuid": "4f37a13d-5d7b-4816-a272-e27483b9b186", "value": "T16874E01037A0C072D0676A305971CA516ABBBDB26FB141CB33A83A2D6F707D05B79B5B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689820068, "uuid": "108dd517-5500-4aa6-b7d9-1db39755e482", "value": "56773f73f989bad299a87e406c009a58", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689820068, "uuid": "25ba1e5e-ea17-4cba-9935-4d461659f2c8", "value": "6144:xOTIzQBsZsWi3qUhg0XdSncfN94czV2NdjqDjlW2HS7:xZMBsZ4Bhg0ffb4ZNdjQWT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689820068, "uuid": "8bebecd3-8a8c-4ae5-8309-551631f72f1d", "value": 353280, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689820068, "uuid": "3289eef8-74a7-4684-8e5a-0f725192153c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689820068, "uuid": "3c53bb6c-809c-40bc-a4d4-a7f6eed2abc8", "value": "SecuriteInfo.com.Win32.RansomX-gen.4349.24109", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "03fa960f-26e5-11ee-a6f9-42010a9c0055", "comment": "Malware payload (GuLoader)", "timestamp": 1689847555, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689847555, "uuid": "17b80ca8-e0a7-40e9-bf15-2b9ecca899d5", "comment": "Malware payload (GuLoader)", "value": "b92c138111adc794605849f888ce286e", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689847555, "uuid": "e5538df4-4c1b-4a38-84ee-fbf995fb66bc", "comment": "Malware payload (GuLoader)", "value": "57dc1a281905c4a7f12ed5f2e26e1fecaba04cda44f9bb4110dc2c5f6e321658", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689847555, "uuid": "53088523-1e90-4e39-815e-6b09e4b7c277", "comment": "Malware payload (GuLoader)", "value": "b817be8c3a9cc313a77968a09aa74ff5fdfb4eeb", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689847555, "uuid": "e286ffd6-3834-4baf-888c-f4e4b0496e12", "comment": "Malware payload (GuLoader)", "value": "607c91d967a2445039c5ee658b706be528650a00fc04a7a528a16a222777f9fbe6209e986eab1f378fc60be742280e27", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689847555, "uuid": "1ddf371d-535e-4880-86ad-ab6879d30a08", "value": "T1597413183AE1C897E1F14E333A5C557687B9A36639A04B0B47405A297E32FC5BB0D73B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689847555, "uuid": "ffbb4113-e8ac-4192-aeab-73f5eb224036", "value": "e2a592076b17ef8bfb48b7e03965a3fc", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689847555, "uuid": "6a39e373-b91f-4046-84f5-1a8c720a158e", "value": "6144:44t6Lsc1u+jom7OZgVwy6NlTFWmtiUToRNH35CfrfTuiJRK8rFMQuX5d3M0V55uv:4kcg+MAOZgVwyAiUY8frfTue3rFMb75K", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689847555, "uuid": "944b64fe-563f-4ca8-9152-a8392f791cd1", "value": 349928, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689847555, "uuid": "39c24e0b-107c-4f71-903f-507d0c24c2d8", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689847555, "uuid": "262f5ed0-96d5-4788-8ed1-b9880b3d1383", "value": "DN 192615110 DN 192615113.scr", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "39596d73-26f3-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689853657, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689853657, "uuid": "2b3026f6-94bf-4834-8625-ede955654026", "comment": "Malware payload (AgentTesla)", "value": "e2fad797e21b6628aa4e595f57c1d80f", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689853657, "uuid": "4e43177f-ee36-4ee4-b3ee-d9c4ce5f62fb", "comment": "Malware payload (AgentTesla)", "value": "58f4506f8082cd93f9f94cdc8c9b7ac1ee8a4eb19f3195fff2aea87c6949ca6e", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689853657, "uuid": "454c3372-e987-4572-8212-9ec71462bef5", "comment": "Malware payload (AgentTesla)", "value": "182ec744aa4d720c308e8db31230b6a4ab295431", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689853657, "uuid": "9e50f943-c78f-4e34-8085-e4f3228ffebc", "comment": "Malware payload (AgentTesla)", "value": "c16e2b0421e826954140c23a2b1853d121c9917e94117d7897d922ff1a59c3e2e35c1e04f61bfc5ae2c6403042978b11", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689853657, "uuid": "c92fa761-d91b-4ee6-ad25-8da34638192a", "value": "T1F6E4F12496A98F6EDA731BB4B525193C43BAAEA97432C32F4F51B0C73951F031602B77", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689853657, "uuid": "ea8d2ffa-7caa-49d2-81b2-28091f99fac4", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689853657, "uuid": "55a134e7-9128-4100-93bc-18e5da695ea3", "value": "12288:hcBWWS6ln+flo/XciMvsZszQSs+0JlQCRzdP9evbuvotpwElmQ:hMWLTdCjELS+0JtPWbheCL", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689853657, "uuid": "93f8a7c0-6ed6-42be-96bf-eba95b07eb35", "value": 701952, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689853657, "uuid": "c9d0f469-9a1c-4bbc-996c-245bfcb1e348", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689853657, "uuid": "b276111b-9de4-4076-aeef-60fd8dd92cfe", "value": "SOA ACB Logistics.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2706d6bb-26ee-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689851479, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689851479, "uuid": "0c8dd044-6ccc-463a-82fe-a4cfeb34c175", "comment": "Malware payload", "value": "2509e8e36e86727e4c52daf8b9f58cc1", "object_relation": "md5", "Tag": [ { "name": "xll", "colour": "#EF2985", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689851479, "uuid": "96ff1b62-e711-4949-9f53-01b9e36f7bd7", "comment": "Malware payload", "value": "59276586364772885369c250a784459713f94f916019cbcd9b1998cd3b07d053", "object_relation": "sha256", "Tag": [ { "name": "xll", "colour": "#EF2985", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689851479, "uuid": "67d4a570-07c8-4f33-87f8-0485014d9203", "comment": "Malware payload", "value": "f5c7a7661370b20708c66caadcf332abdfeafdaa", "object_relation": "sha1", "Tag": [ { "name": "xll", "colour": "#EF2985", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689851479, "uuid": "6f1af351-4fbf-4199-b249-5a3aac039d66", "comment": "Malware payload", "value": "2b4fed888ffe1184456a374889561226af21df96527bbcb18be9148702c6d973466f210b567b9565ec4cdbd016fff81a", "object_relation": "sha3-384", "Tag": [ { "name": "xll", "colour": "#EF2985", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689851479, "uuid": "6e3746dc-2558-48dc-8fb4-71e91f25bb5b", "value": "T18CE47B56BEC6AFA2EEBF45B793A5992D1215739D03A18BCF6703009D7951FD2003EA03", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689851479, "uuid": "b841954b-8029-4e11-89bc-f904b00b5daf", "value": "a7d07408bcd5fedae7485d5a9e128ef0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689851479, "uuid": "654d61f8-2387-4cfc-a5bd-a3578818a167", "value": "12288:4jJ0IPyWjtJVRd5FBNp1x9ZlhtJVRd5FBNp1x9ZlhtJVRd5FBNp1x9ZlhtJVRd5W:20YyatJVRd5FBNp1x9ZlhtJVRd5FBNpl", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689851479, "uuid": "94016f9a-c047-42b9-9e67-696b995f2af2", "value": 685568, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689851479, "uuid": "47173e62-a40a-493f-b28f-327e44b01304", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689851479, "uuid": "c5a9bd51-837c-4a58-ac64-51b74c6e4c5d", "value": "2023-07-01-2023-07-15_Transactions.xll", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "399626ce-270c-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1689864395, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689864395, "uuid": "c6a1145a-b1e6-4e14-ba5e-851361a2d5c1", "comment": "Malware payload (RedLineStealer)", "value": "f81e37c2c53bce425feb5ac6827102c2", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689864395, "uuid": "4b38cefd-224e-4fdd-9e83-11446ff30f79", "comment": "Malware payload (RedLineStealer)", "value": "59730f51413f0824b007ce6def5e65edd9fba468554a5c338d96ac8215ff2254", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689864395, "uuid": "ed3b5133-2e45-4da7-b74f-5cc4dabedc67", "comment": "Malware payload (RedLineStealer)", "value": "f69b5ddea608b1881fa60dbf8313b112a7836c9a", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689864395, "uuid": "8fcefbf8-4eee-43b6-9f2d-52f48895274d", "comment": "Malware payload (RedLineStealer)", "value": "863c5ce3dd34cb238d6410c217421cff0657ff6143b31a400d9aa773eb915b71dfd68ed1fcbd8603c5a054a36058cb7e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689864395, "uuid": "f64ec5a5-cfc9-446e-a771-c1d0f099eda0", "value": "T1FF55D0B76C3B059EC1B0233E2CFB790AB6EED2803D55D51F5DAB07D9C1762805AE2489", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689864395, "uuid": "7946582c-7c70-4527-9d5f-58c811dd92d3", "value": "da31105089a03ba80334eee13355d2ba", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689864395, "uuid": "73bf926d-2ca7-493c-9218-77c5f79a1baa", "value": "24576:JP8qijyYQaKy/MAV2DoHIT3X7eF2CT9IOgTdV9C6paRtnRTgHi:JP8qGyY1KyEAVCoHa7eF2CT97gTdV9CZ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689864395, "uuid": "b7137769-0f37-4649-80d6-b4f1d58b2b6c", "value": 1377968, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689864395, "uuid": "20264490-bdc2-49a8-9e88-02cefb77b1b9", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689864395, "uuid": "968ff8f2-288d-4f8f-a358-653db6c88e3c", "value": "f81e37c2c53bce425feb5ac6827102c2.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ae6a7286-26dd-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1689844405, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689844405, "uuid": "4d8f9dc2-26df-4bae-8cdf-d66a0fb4e83e", "comment": "Malware payload (Amadey)", "value": "2eceda61e6e0bef77aa4e2d0e99f765d", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689844405, "uuid": "80443559-653d-42d9-8834-7606fbc6a91e", "comment": "Malware payload (Amadey)", "value": "59c1607382fbf89bf1ce30ceb0a4e1724a81c2e855e91e5f12e07c396e822a01", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689844405, "uuid": "7da9be51-9998-4841-8ba8-c37d3e9575ea", "comment": "Malware payload (Amadey)", "value": "05a5e56dec75029e3b8e483d649e7b5ff6f8daa2", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689844405, "uuid": "4b6ad0f7-9d41-4eee-8389-9d3010bcd4cd", "comment": "Malware payload (Amadey)", "value": "2d286980084207c53e3c99e69ab52289fb917a10698a1aa86a44f82ff42954064ce338ed3f97814dea12905d2c849a86", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689844405, "uuid": "9e65dc37-9784-43a5-bc8f-52627a7f7a73", "value": "T1A684F113B7E85433D9B55BB0D8F603D30B39BDA199B4432B3395A95A0CB29C0A63177B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689844405, "uuid": "694e6708-a148-47df-83b1-36023f7e2472", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689844405, "uuid": "8cac192c-49e9-4481-af2b-c69b386ed744", "value": "6144:KNy+bnr+qp0yN90QEPnSCpusoviHGXWnzdpGWXAL6A5202cF1zV5cPMdDExP:bMruy90B/0lUDdwL6m203zVJdDExP", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689844405, "uuid": "adc9351d-50fb-498f-b487-79ecdb00ec27", "value": 399872, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689844405, "uuid": "e61d9031-e8b4-4ab5-b7e6-e7dc848ebe8d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689844405, "uuid": "528fa9ef-980b-4811-80b0-dfcd4d976187", "value": "59c1607382fbf89bf1ce30ceb0a4e1724a81c2e855e91.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "54daccbc-26fe-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1689858428, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689858428, "uuid": "4d1abbb3-51a0-45b0-b0f6-292ae9ed5245", "comment": "Malware payload (RedLineStealer)", "value": "5575cb5ed7c1c6db52b169517871d268", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689858428, "uuid": "d4083d64-2c7e-4cca-9afe-ada8ebd6a6b0", "comment": "Malware payload (RedLineStealer)", "value": "5ad150e4729f2f2d2367173ad4a6b05bc0631be4477194d33041b6384e986a60", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689858428, "uuid": "84e544f9-82d6-4898-9a63-148ed980af50", "comment": "Malware payload (RedLineStealer)", "value": "82ef6eddf86430804dab798088f76e513b1ca764", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689858428, "uuid": "4ee1ce42-6f7e-4443-8972-b1be0196038b", "comment": "Malware payload (RedLineStealer)", "value": "62826ba079f76e156ed354bed5428b6cf0f2cf5ebb6592d6955b1b9b1b7c1dd3ec1b89eda389b2dbaf3a8ad6d83d63f4", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689858428, "uuid": "28c444f4-a9be-4a80-b683-3627298dac0f", "value": "T19734CF207190C1B3C4BB113085E6CB395E793476477692DBB7DD2BBA9E213D1A3362CA", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689858428, "uuid": "a5606989-6d07-4d53-a790-c284860f9e9d", "value": "bf5a4aa99e5b160f8521cadd6bfe73b8", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689858428, "uuid": "4a96116a-9bb0-43f5-b82e-f1a9fd16d6e1", "value": "6144:qDKW1Lgbdl0TBBvjc/S3/PhMPYZP1kPk4+h9:Mh1Lk70TnvjcKMPG", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689858428, "uuid": "e9639365-f423-4dd0-9289-f00299b3d5dd", "value": 250880, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689858428, "uuid": "ffd2b64b-5372-4a56-9f74-75710483b1af", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689858428, "uuid": "63e19141-d09c-4d0b-ba35-550465763f87", "value": "Sinkro Request Quote _2307180_PER 1000 Pieces \u2026scanneed 00101.Xlsx.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "24d26024-270a-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1689863501, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689863501, "uuid": "841c4f5b-a2fc-4783-82d6-d40e2a778a51", "comment": "Malware payload (Formbook)", "value": "d0ef420f35bef2f1feca324ee433b057", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689863501, "uuid": "0c116db2-b551-4854-996f-13c068e94b16", "comment": "Malware payload (Formbook)", "value": "5adf7d2d4f1364dade98a5c7b94421458d87391204bf0123563766180e7524a0", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689863501, "uuid": "fada1802-8713-45a8-85e0-7ea7c908d62f", "comment": "Malware payload (Formbook)", "value": "baa3ba95cd27c1f181dd18684c52eaf6db5f1211", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689863501, "uuid": "f7c5d1a5-edcf-4f44-9f12-6e706cd4b362", "comment": "Malware payload (Formbook)", "value": "bb82d12a6e2e77a2a6974fed140d20fe30fee2ef51d140bb9a08fb11e6a7804cc1df154cc0fb6750145c3cc871e45c7e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689863501, "uuid": "4f07b401-5652-4f7d-a550-02d8eaba2205", "value": "T1D715EFB0FBEBCB16C38B0ABC547D3EBB039952D1B8D2968B68179C59A590F38044353D", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689863501, "uuid": "a7fb3753-dc3c-4d7c-9437-0bd80dbaa09c", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689863501, "uuid": "3d1f8206-7b01-4b4b-be26-a87f186e7d29", "value": "24576:yOC426I5+p4+5VfBVfBVf/3rlDjfzUa37uGfeWb0:6x6I5W4+TfLfLfvhXzz7xI", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689863501, "uuid": "2baf5bde-eb9f-4d98-bdc2-2a580a88de67", "value": 912384, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689863501, "uuid": "9eef0bb7-f0a0-424e-91cc-7b6be1749767", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689863501, "uuid": "2a80fa73-8665-4712-b2e3-4341bcc10d5d", "value": "SecuriteInfo.com.Win32.TrojanX-gen.16407.5120", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e99d78be-26d0-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1689838920, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838920, "uuid": "23c62255-3028-4da4-b120-7720874a0b0b", "comment": "Malware payload (RedLineStealer)", "value": "e57926a2241d49fcc727f3452fc11f63", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838920, "uuid": "ad844e00-670d-487c-92a2-201967ed56f7", "comment": "Malware payload (RedLineStealer)", "value": "5b782a59ddf7b2646a8c810bc86fad7bc84cce50c5c8d93a9bdc3956d8ca898b", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838920, "uuid": "7d718b2b-00d3-4866-9c58-24a93e0b5067", "comment": "Malware payload (RedLineStealer)", "value": "ed2026fc4e667ed43c14bfebfb61d6272583d8e5", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838920, "uuid": "a7e41ba5-cb0c-4007-b168-3f2e503c0d7d", "comment": "Malware payload (RedLineStealer)", "value": "1e1f67579ee6bfae0d997ca6ffad3d6b7b4d1243e4fa008b7949629baef29ac9eed5b6f923a500555e29dacb906cb932", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838920, "uuid": "7a5d3d97-afbf-41e2-aabc-249ea38b68df", "value": "T10BB40242FAEC9032DCB51BB099F743971B35BD618D74931B1746AD8E0CB2A94A63073B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838920, "uuid": "a15270c0-ef27-4dd6-8d2b-460fc69af159", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838920, "uuid": "80bb3576-97a2-4a16-8960-33d2c903dec0", "value": "12288:ZMrPy90s1VhTcg/AW+xcd6qtQ6y6+rWErizSge34ZT:+y71dEqtQK+6milT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689838920, "uuid": "36be918b-8747-44f9-8621-d8088a9097c6", "value": 527360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689838920, "uuid": "b023db1b-3f7e-4f37-b8f9-9a2b1411b1df", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838920, "uuid": "ad2915bc-c0b4-4538-ab4b-7eff38cd7b8c", "value": "e57926a2241d49fcc727f3452fc11f63.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4744a7fa-273c-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689885034, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689885034, "uuid": "e01c38ff-9173-4453-9ac4-6ab80a989faa", "comment": "Malware payload", "value": "5a3df7b7a1375bf9b77c1369d0ea3e84", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689885034, "uuid": "972f5219-dffd-43db-9b0a-3c1f8890b729", "comment": "Malware payload", "value": "5c04dfaf9fc6fd82dc775d9fc5f17c1af10ffd4c3f8892397b7600ffdb5e8317", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689885034, "uuid": "ed9690a9-edda-404a-b55b-cd9cd374e3c6", "comment": "Malware payload", "value": "ce489c3a77825e5a5f7f6f7aecf178f47c74eec7", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689885034, "uuid": "722ff09a-9832-4a11-a57d-f21fe1c3f353", "comment": "Malware payload", "value": "301c99f4441ac762431917b4baa50c625ff9473b5d40867ced370ce7f8e3629327e06fccdf0cbcd9282a8e540c0472d0", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689885034, "uuid": "6b939d15-2c63-4bbe-920b-77f73f7aa029", "value": "T1E5A6296BB1A4812AD15DC13ED0B3DF41953370751F36C5EF9294026A0E9BAD8DE3EAB0", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689885034, "uuid": "683a3f15-7e99-4a2b-8f49-716892f7154f", "value": "5d1b57992eb01e9a84723f1cf593c843", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689885034, "uuid": "fae9822f-f604-49f1-b8b5-ac775cea3268", "value": "49152:h93NQ9EWDZqTATFnYBP3Slqm0IH7zSj3d/jzTF3Kiglz7h01OviwPvY3JmNp17jZ:h93JWblz4TKl2MPvWJo0", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689885034, "uuid": "e3964c01-df81-4eb1-8ff0-5e9043ab446d", "value": 9722368, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689885034, "uuid": "90f43554-7b2b-4625-b525-30177bc8896b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689885034, "uuid": "b889fa4b-87bf-4840-b174-e83b11dc791e", "value": "SecuriteInfo.com.Variant.Barys.434263.4650.6394", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3a86bb98-26aa-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Pony)", "timestamp": 1689822306, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689822306, "uuid": "4023b23a-80da-4046-9850-78d0c9407bfc", "comment": "Malware payload (Pony)", "value": "d788cb697621f795e562b7e461ae3f49", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Fareit", "colour": "#F9D67F", "exportable": true, "hide_tag": false }, { "name": "Pony", "colour": "#E64094", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689822306, "uuid": "adb2e162-0506-4d2b-8950-62e3fa289c7a", "comment": "Malware payload (Pony)", "value": "5c22200ed08d7650abc967ad5253662e59b67a8d29f3ddd148748fc4b1eb63b7", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Fareit", "colour": "#F9D67F", "exportable": true, "hide_tag": false }, { "name": "Pony", "colour": "#E64094", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689822306, "uuid": "9544af5e-22e8-4839-a95f-ce37ca9cc209", "comment": "Malware payload (Pony)", "value": "e607c9c9296d95978ab945c39b817c99093427b6", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Fareit", "colour": "#F9D67F", "exportable": true, "hide_tag": false }, { "name": "Pony", "colour": "#E64094", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689822306, "uuid": "f37eb0c4-010b-4c88-aee9-90712ca5e3dd", "comment": "Malware payload (Pony)", "value": "5d9ae63b98b03b16195d36ee809be4c021eeea4230c8464f8b1a78d14ae8fe173489942b56a20afff6b690f910104be1", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Fareit", "colour": "#F9D67F", "exportable": true, "hide_tag": false }, { "name": "Pony", "colour": "#E64094", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689822306, "uuid": "e111d178-744b-42bf-be19-00362de160de", "value": "T1EE83F803F8C1E0F1C1A22AB177C157A1E7F99EB97C768E4AEF5C454C7DA22C66B06442", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689822306, "uuid": "9caf813f-a591-4a76-9a6d-3c5879357a47", "value": "24372f561e1e1d10d855a874a39472c3", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689822306, "uuid": "788f9d21-d408-406e-928a-2c42bd3480a1", "value": "1536:KSnLHdPqT83kNsteY4g7M3xn5phR1bpTvcEYnkZghPG:KyZntV4sM3xn5mEYQg5G", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689822306, "uuid": "41ac3085-127a-4f09-ab0a-a1a42bd32141", "value": 86528, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689822306, "uuid": "8fb36eb9-c423-40d1-bce1-cf7152b06782", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689822306, "uuid": "3cc972b4-9185-4ba2-800d-025ab603b0dc", "value": "5538_dump1.bin_", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "04fffaa9-26a8-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1689821357, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689821357, "uuid": "db5d898b-385b-4a67-9058-aeec872f96e1", "comment": "Malware payload (Mirai)", "value": "91347bee76694eb4e7fee8e9f41a3783", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689821357, "uuid": "f961ec59-8e17-4ffd-b8d1-92d4ac35ab8d", "comment": "Malware payload (Mirai)", "value": "5c832bc99765186f4625e8127151543a2afd82dd5e757f421bfad4328aeb0829", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689821357, "uuid": "924f172b-5e23-4cdd-877b-cd080c8c87b0", "comment": "Malware payload (Mirai)", "value": "5cb035ab05e2916997a12288ba58370ce9d6cfd5", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689821357, "uuid": "f3a52b96-7b2e-49ba-938f-0f1ddd6aec83", "comment": "Malware payload (Mirai)", "value": "b7216ea0f1367744ede3df9ece8a3fd9cefa1acb814a9218761f90446afae0d4cdfcfc9e64e4951b41206a750bf1b4d1", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689821357, "uuid": "9d46f59a-6320-4a5f-af8f-54ccfa5a1214", "value": "T14C13F755B8815A3BC2E0237BB9AE568D336067E8C2CF721BDD215B207A8651F0D37F85", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689821357, "uuid": "00b24bf0-42dd-4dd5-8132-ee56e7681e53", "value": "768:lgKiLUpbwLgK9S75XfXS4nxoTfTZsBV99pempiHjDmfxsN9jL9oeA/NZwW:lplb6gKq5PXSKyx0Hem8DDmqLkIW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689821357, "uuid": "26faf8f3-6a9d-47a7-9e53-cd636c227b35", "value": 43860, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689821357, "uuid": "68531362-259d-4332-9494-aae41ee69918", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689821357, "uuid": "eb710742-c28b-4ae7-b5b8-5e48dc89c606", "value": "arm5", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9c07acb8-273e-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689886035, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689886035, "uuid": "d68b7d4d-ede5-4ea3-9cf1-475ff6a57552", "comment": "Malware payload", "value": "957e83d87096c71175a86f4af4ea43c3", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689886035, "uuid": "950816c4-9e10-463f-920b-8cc8d6c31329", "comment": "Malware payload", "value": "5ca99f44f6fe145ee8c9faf8aee72a8560af62a7b0f63db3b5306020eaef8619", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689886035, "uuid": "119a9e69-005c-4df0-9d97-10d708ac60e5", "comment": "Malware payload", "value": "208dff17ccf9a1c005e27e8eb7bebd31fbc08c71", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689886035, "uuid": "a6df63ca-ceb0-4f47-a2bd-6f46ba84e21c", "comment": "Malware payload", "value": "72989ce13cee696efaf49da04c75e5525e31f4efef082326d4984d3ebfddf9b1f239720f3d2c93aa72422902d21cf329", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689886035, "uuid": "cf9c9cf7-c12a-4bd8-b149-2fbd58f0b3e2", "value": "T1B185331B8FB3413BF0679F7C6CD5E85AF523FC2A6855622123DD688E4A3B592C09B701", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689886035, "uuid": "9e24ffee-de2e-4d45-a408-337fc130b345", "value": "884310b1928934402ea6fec1dbd3cf5e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689886035, "uuid": "12ca6288-2f42-4876-8d7b-9102f650a61f", "value": "49152:b2YLzy49x5clZeayCvqWfgeFvUqb5YCdHBJB6:yy9x5clZeayCvqWg4dGSBJB6", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689886035, "uuid": "8b53754c-08fd-45df-9de1-ac376704b325", "value": 1803363, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689886035, "uuid": "7e7f6289-072c-4d9a-95c2-f43e2701b621", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689886035, "uuid": "eda27557-df26-4924-83c6-b061fca76881", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "305392d7-2694-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Tofsee)", "timestamp": 1689812840, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689812840, "uuid": "e2ad2f31-157e-499e-afc9-331daa76518a", "comment": "Malware payload (Tofsee)", "value": "36d6ae799714f2fd9e4a7e6bb5088e92", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Tofsee", "colour": "#0155AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689812840, "uuid": "f371bfcd-75bf-43ea-a5c4-6c94f479f7b5", "comment": "Malware payload (Tofsee)", "value": "5e26f28bc485513738434176ccbca666cf58e19ab70eb6ee1fda2bc7f73bfaf6", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Tofsee", "colour": "#0155AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689812840, "uuid": "970ac450-8c34-41a2-82aa-7cdccce94141", "comment": "Malware payload (Tofsee)", "value": "638e00b01fbcd3db86ca11968820aa8e3a78cb61", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Tofsee", "colour": "#0155AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689812840, "uuid": "169f31e4-8e37-42e7-909f-a8333aa196d4", "comment": "Malware payload (Tofsee)", "value": "c37524f4a89738c373675e46edab0dacb80de4bbd84410aa5891358f7248f1b0d6fee2a93a6859564cbb1484be58f7c0", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Tofsee", "colour": "#0155AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689812840, "uuid": "9b491615-3e10-42fd-a47a-b2747fc1cd2b", "value": "T12E44CF623690D0B2D46769308830D7A16ABABCB2DB7085CB33783B3E6E706D15B74757", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689812840, "uuid": "7cc3efb1-799a-4385-a38f-6e4d60ea860a", "value": "5dc16ea88b2eab7740fd105d5e24a675", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689812840, "uuid": "73c28354-7ece-4d1f-a8ae-f9c00dcb0942", "value": "3072:nXNn+BPbjSP4CH2YV+yC3Tk5awQ9j28HVfeuayTJXoLxhLsG2YjP3:XgBPSQCWYV+yC3qaLN2WVfIQJuP", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689812840, "uuid": "9513c1d7-6732-4937-8170-b8a98bf19899", "value": 263680, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689812840, "uuid": "03d40750-bc7c-4e7a-bdb6-d2c7a7f0d036", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689812840, "uuid": "7f0b6afa-cdc3-4df0-8a79-cf6b5defa33a", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "35fb9515-26d0-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1689838619, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838619, "uuid": "29ffe5f5-48aa-46d5-9809-fb7b4a6430e6", "comment": "Malware payload (RedLineStealer)", "value": "e12b23a9d81db176d82458bf20c667f5", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838619, "uuid": "01c7497e-dcf6-4d36-9853-2703601faaa9", "comment": "Malware payload (RedLineStealer)", "value": "5e70a58621be3488155eb1077364d2cb419ed6a6e1d98941d7911fc3f4470e7b", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838619, "uuid": "9c542db8-cf7a-4b07-9289-8712c7cb7b15", "comment": "Malware payload (RedLineStealer)", "value": "3113872930cb6c06fdb6f841fc0a9d09254b455d", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838619, "uuid": "9cb7b1c4-a3d5-48ce-857f-b40bbfcdd348", "comment": "Malware payload (RedLineStealer)", "value": "540d94a43a86348a5083e91aebc6b3c929b802d41e23015ea5179d7d08649bac3d0a6a91bbadf7e7589c711dff97d3ff", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838619, "uuid": "6189de95-46c5-4886-ad42-510d1e0084a3", "value": "T191840152ABEC8573D9B52B705CF713C30B35BCA19C34876B2705591E18B2AD0A93277B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838619, "uuid": "7ea47738-5cb5-4dfe-b41a-7512e8099d8e", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838619, "uuid": "3a034d2e-4e3b-4c00-b8d3-134f1c326e97", "value": "6144:KIy+bnr+cp0yN90QEMYEj5+dAny4rbP/RjvLE8hMZwkc:AMrgy90BEgenyytjTLSwkc", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689838619, "uuid": "0836a0dc-61d7-4167-a4cf-3795f41a55e7", "value": 399360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689838619, "uuid": "402fdf7d-2325-43ee-8a1f-069c78ef6258", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838619, "uuid": "212ca1aa-3e6f-4d4c-8aa7-7364881355ee", "value": "e12b23a9d81db176d82458bf20c667f5.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2fe028e5-26d0-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1689838609, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838609, "uuid": "fbc70285-3d17-407e-83b7-5ff758d7e43b", "comment": "Malware payload (RedLineStealer)", "value": "dff8ae4f595c274a67e9b3fa787914b0", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838609, "uuid": "07a7e5e2-a2aa-416c-b2d8-f7b6b666d309", "comment": "Malware payload (RedLineStealer)", "value": "5ed33c1ffa3197e13fc135a48be1babad142d68dc6e6e7204838a09e6aa94565", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838609, "uuid": "6f3a6360-0cc4-44ac-a6d2-53093dfc027a", "comment": "Malware payload (RedLineStealer)", "value": "f9fb05ad6e06bdf388411665dd0a3375521133d5", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838609, "uuid": "681b75bc-c5db-4cae-896b-ff02bc9dd25d", "comment": "Malware payload (RedLineStealer)", "value": "88106f60653344103edfbe20a50a5f73e9d1df9fe74f88379d77e08b87bffbe146e1925058817b74b087df973c61b028", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838609, "uuid": "056ea0bf-55c0-48a6-87f4-d86546e42ffd", "value": "T14C840252F7D49176C9B527B048FA03C70B3ABCA24978471B2795D89E0DB32D0A87637B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838609, "uuid": "6f08ee1a-9f74-4674-b4ac-0911d5d328ac", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838609, "uuid": "b70313a6-1054-4f79-b6d4-4d2183f53061", "value": "12288:GMrXy90DRme4l7LOXmZayghOGnC6mQh66:ZycRmqMaOQC6X", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689838609, "uuid": "90b139d9-f463-4af5-860c-62e1f33d5e77", "value": 398848, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689838609, "uuid": "32764efd-3b5b-4bc8-99a2-3dc96bb0bea8", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838609, "uuid": "aa96333e-7762-420b-b39a-7bc9be2c7d7a", "value": "dff8ae4f595c274a67e9b3fa787914b0.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a1e32613-2692-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Pony)", "timestamp": 1689812171, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689812171, "uuid": "4e910934-b6bd-4073-b20d-41428047b261", "comment": "Malware payload (Pony)", "value": "e97f969ac3aae5db948dc206c57a79b6", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Pony", "colour": "#E64094", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689812171, "uuid": "748e27d8-c48d-4fe1-95a6-1049a3d76fb8", "comment": "Malware payload (Pony)", "value": "5f3aa3b2ac7c8986cdb3b5107900616018b11eee1ca6946a65f0639fdf720079", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Pony", "colour": "#E64094", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689812171, "uuid": "b17c831e-83b6-4733-b28c-70e8313412fb", "comment": "Malware payload (Pony)", "value": "e9ecdcce70bd71a6a56c1f78f2cdebe4d79cb7fc", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Pony", "colour": "#E64094", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689812171, "uuid": "a0567119-8ab2-4d88-897b-065e07c5542a", "comment": "Malware payload (Pony)", "value": "6a6fd7b45cb95db57ceabe81fe51ec1168e884d8528482cab025c563b1910bf3167a8f0277ef33b6ce6db7aa5b4387df", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Pony", "colour": "#E64094", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689812171, "uuid": "5e88f973-a89f-4cc7-a30a-c877452b92c9", "value": "T167F312142C3D2D36CFAA40390C2F91D997ACE653B324DBAC68946139C8FA3DD4671BD9", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689812171, "uuid": "93a4d975-1f1a-469f-ac11-c5a1ee5ff607", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689812171, "uuid": "acc2d8b4-e7d0-4d45-b154-38f5e12caa4d", "value": "3072:vYYmWuuuynzAMlg6FbS0N6KNAh6Bm3yScYGue4+5w:vYfWdz1i6F8KKhQavcDuPY", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689812171, "uuid": "07e90fa1-0390-4623-a54d-6075917d44bd", "value": 158720, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689812171, "uuid": "0a6b1c78-f71f-4428-b6bf-ec93e70f05b0", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689812171, "uuid": "86dad29b-e774-48ef-be70-71c0e01c7e47", "value": "Trojan.MSIL.Agent.folv-5f3aa3b2ac7c8986cdb3b5.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "44fe210c-273c-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689885030, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689885030, "uuid": "bed61bff-0e17-4aac-a723-5a7c8f985d46", "comment": "Malware payload", "value": "4411104d28a7f97a6c4fec4d8e5aa339", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689885030, "uuid": "6b45871c-5c16-46f7-b11e-9389f2612702", "comment": "Malware payload", "value": "5f6f3b234e52265af818775a06788ca12b843fc728d783d10f381cf1aa46abd5", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689885030, "uuid": "5911213d-1efa-4afa-b645-0301cea0f150", "comment": "Malware payload", "value": "9084bb7a2f155866e446747686f158ed94ea9b13", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689885030, "uuid": "0374d382-4e5f-481a-ba4d-a301737e034b", "comment": "Malware payload", "value": "cfb8319fa4f5d6eb15cee51571a4d403194bd02a99ca5205e6addf508a0061cbda9236eece0a4026f9989a7b09d3f1b7", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689885030, "uuid": "c9a79aea-6233-441a-9e26-872ef3583785", "value": "T1B096086BB1A4812AD15DC53ED0B3DF40953370751B36C5EF9294026A0E9BADCDE3EAB0", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689885030, "uuid": "c8ccdcc2-4acc-4b4e-9fbb-a86640cbdf54", "value": "5d1b57992eb01e9a84723f1cf593c843", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689885030, "uuid": "83ba3d1e-32ec-4cc3-b2a3-ae692e653465", "value": "49152:x93NQ9EWDZqTATFnYBP3Slqm0IH7zSj3d/jzTF3Kiglz7h01hvKwPvY3JaNp:x93JWblz4TKl2vPvWJ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689885030, "uuid": "bc3d9b40-724f-476b-abc4-548d991a41b9", "value": 9049088, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689885030, "uuid": "4e90e292-d62a-4ec3-9df5-18d86d7a44c3", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689885030, "uuid": "fddd27b2-33cf-474c-b315-3b670b63ae68", "value": "SecuriteInfo.com.Variant.Barys.434263.10428.26141", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "39b77c47-26d0-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1689838625, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838625, "uuid": "7dfacbb2-24d6-45f2-a84e-898969e9dd2e", "comment": "Malware payload (Amadey)", "value": "cf54f6e1e964b1edd0467fcd8d91f568", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838625, "uuid": "95a682a7-b58e-4d01-9c19-23d70b38e543", "comment": "Malware payload (Amadey)", "value": "602bcae34fcb6ee4e3bdf21256996a2ca3f17c1a22a7159e7f735dd28066adb7", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838625, "uuid": "bcb41569-ba84-43cf-9bf3-78cebe7ef870", "comment": "Malware payload (Amadey)", "value": "864d83b62fe6917bbf178934443491a1824e5dc0", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838625, "uuid": "f523fcf0-5409-484b-b4ec-89f60abe596e", "comment": "Malware payload (Amadey)", "value": "7d86f2308d23a9ebb6dea22c68aa33a4ca3a902ac78c1827952b07198d8622166a4be50b9b91fdf83fa898d271d64761", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838625, "uuid": "c3796944-dff7-4ca0-a233-7cd3f47f62c3", "value": "T1E484F113ABE85072ECB117B014F713930B3BBDB16E74529B2785699E0CB3698A53173B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838625, "uuid": "c8400eea-48b8-439b-9523-927284bb7f11", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838625, "uuid": "170cff88-d807-4a8b-900b-54b5e237d07a", "value": "6144:Kzy+bnr+8p0yN90QEY2b5Bgl0KNadnGFZ8pX5E3kd2I1LbtVnipA2hcZlnrC:5Mrcy90tb5mgJh5uI11VipfqW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689838625, "uuid": "f176d62d-482f-4f3b-9806-93c335e171e1", "value": 398336, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689838625, "uuid": "917a0f2d-b517-4634-b149-93be70697c73", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838625, "uuid": "37a118d2-be50-4acf-850f-45f5e425aa91", "value": "cf54f6e1e964b1edd0467fcd8d91f568.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "dfd81d47-26d0-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1689838904, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838904, "uuid": "81121319-a864-4d8a-be0c-f7b1e38a2a41", "comment": "Malware payload (RedLineStealer)", "value": "f484498d9f6e5b1eaefebab29a1183bd", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838904, "uuid": "1adc5fc5-dcd1-4ba2-8902-aed67c88ad7f", "comment": "Malware payload (RedLineStealer)", "value": "6199c88503f3aba97f2bc23545b6d57496470b262d0c3530ace4d9b4a680834a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838904, "uuid": "66f5573c-5974-427d-ba10-470c3fad73db", "comment": "Malware payload (RedLineStealer)", "value": "d4eadad7b428bbcaa2e0c35c421bd325b80cf663", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838904, "uuid": "a99d9ed9-377c-42d4-af0f-bc36a437658c", "comment": "Malware payload (RedLineStealer)", "value": "dba113b421aa2cf16fb782438c62a1c1ca5eda5b7c3577e9724de57c629b8a0b301a815b502e74df9ef7913ae772c838", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838904, "uuid": "4e7fb8a5-306f-46fc-a5fd-2aa1feb179e5", "value": "T1F5840213ABE84473D9B52BB008F703D30736BCA6987896AB2710695F0CB36D8653533B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838904, "uuid": "204fe098-d83b-4841-bf3c-8f4aabcb13d4", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838904, "uuid": "9a71ac38-97d6-4468-9237-0237dde6d1c6", "value": "6144:KTy+bnr++p0yN90QELt1qpn4FjiD2FPv8Ril4DYkaR/Pxey6Bu9ZxVQI:tMrqy90Mpn4FGkPvwildkapJeyLEI", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689838904, "uuid": "5b3e39c2-2240-4213-b99d-190638bd400c", "value": 398336, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689838904, "uuid": "27910a63-4628-4ae3-b879-c6edd36a9c4f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838904, "uuid": "66ee84ff-fed7-4885-bcbe-7b6c394fb801", "value": "f484498d9f6e5b1eaefebab29a1183bd.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e8e3fb56-26d4-11ee-a6f9-42010a9c0055", "comment": "Malware payload (LaplasClipper)", "timestamp": 1689840637, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689840637, "uuid": "db57ce57-9905-494d-86fa-66e59d78b799", "comment": "Malware payload (LaplasClipper)", "value": "f4695fd70f1ed48d7e31f7ba81380059", "object_relation": "md5", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LaplasClipper", "colour": "#5DA8D7", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689840637, "uuid": "1d867c65-015b-4c80-b4ea-c6e443e23aac", "comment": "Malware payload (LaplasClipper)", "value": "626a5e1642d856a65b62dc2dff5b1369fa3bd66b000278db83d2d5d67e8289ed", "object_relation": "sha256", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LaplasClipper", "colour": "#5DA8D7", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689840637, "uuid": "b3ae1529-384d-4834-8ec1-baa69300365e", "comment": "Malware payload (LaplasClipper)", "value": "960a03052f1b240e9f44ea416ff7e65358d8a41a", "object_relation": "sha1", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LaplasClipper", "colour": "#5DA8D7", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689840637, "uuid": "14ad4ba9-f836-4987-beba-9134c48eeb4b", "comment": "Malware payload (LaplasClipper)", "value": "22125897e82025351b3f8d40340f089762b5103283a77ac77524901c473aa2fad5a3039770ea2f21ee24808e7bc1e59f", "object_relation": "sha3-384", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LaplasClipper", "colour": "#5DA8D7", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689840637, "uuid": "370838d6-03fa-4231-b610-aeb92fe68fea", "value": "T1A5363345B910F9E4C0D508FD69BBDA2AE610FC85334BEF19386D7A4F7E3252E50481AB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689840637, "uuid": "f4098ad4-6090-43bb-95eb-5255fc1a88df", "value": "79b3362178937bf9559741c46bb9e035", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689840637, "uuid": "7473110d-fd1d-49f3-9952-e25ffd92b5db", "value": "98304:zomYgKWWA1fGjzpSmL7CfDbHsATgXCagCpSP/0aJ67k0w6wdTM:ELgKWfQzDLWTcClCpwyk0w9M", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689840637, "uuid": "107b8122-826f-481e-be74-e9c22b022ded", "value": 5096200, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689840637, "uuid": "442cba07-902a-4506-9899-2bc21938ea53", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689840637, "uuid": "46e08d13-a58f-424e-89c6-8e545b1e355b", "value": "f4695fd70f1ed48d7e31f7ba81380059", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ead383ea-26d0-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1689838922, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838922, "uuid": "df5a4ef1-b3a1-4bbb-93fc-e22f0b1a6ba5", "comment": "Malware payload (Amadey)", "value": "459ca49bdd4b85a4d65125b641eb0bd5", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838922, "uuid": "f7510214-2293-4fef-8836-c599eabace62", "comment": "Malware payload (Amadey)", "value": "62a719c33e8ec0726cdf35f76b454c42fff90800bdbb892c2d16e52f4048f9f6", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838922, "uuid": "c4168df4-8351-460d-9746-49b029b9f85a", "comment": "Malware payload (Amadey)", "value": "d81df93e34cc5c60020c68a9b74c8c8d2ac2ddab", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838922, "uuid": "f47fd3f1-1ee9-48b4-a2ad-09982c20a330", "comment": "Malware payload (Amadey)", "value": "7e5617476fa4d26cc30ba418d44e19057a224a545a9c8d72f9755ab526b87e003c568d655f359a7650b548f7c678989a", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838922, "uuid": "8e5db526-5f2b-48c7-af50-760820b46610", "value": "T1EF840143F7E8C033D8B52BB028F613831B3ABDA19C3453372B95995A4CB2595E47276B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838922, "uuid": "d5f44356-ad34-404d-99da-d238d466a03b", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838922, "uuid": "b31f6613-4c5f-4f21-8887-9d519c8f7e46", "value": "12288:1Mrny90oHr+NToTn43i0V+BHlcHnl9eayW8:myZHSoTn4NQJyH6ay/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689838922, "uuid": "77f5cf42-5fb7-4b58-becf-db1754274f26", "value": 399360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689838922, "uuid": "abd3b924-4468-488e-9372-9edebf1eac8a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838922, "uuid": "b7a97986-0d79-4b21-be2e-c197327b2c51", "value": "62a719c33e8ec0726cdf35f76b454c42fff90800bdbb8.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a46868a5-26e6-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1689848253, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689848253, "uuid": "8a26e8d8-c487-47cb-bb6b-9cf34da829e8", "comment": "Malware payload (Amadey)", "value": "53a57d531f75d9e2f0477f8d0da6498d", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689848253, "uuid": "e08e0d7b-7db9-4a59-9ff2-770c696c0ea6", "comment": "Malware payload (Amadey)", "value": "62bad3890dd4997157e6248d93e577120bb4ebd07addc47a817800c7e9e98dbd", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689848253, "uuid": "d80e45c4-83c9-4a19-ad43-75fa16450e93", "comment": "Malware payload (Amadey)", "value": "69d5cae221d358169d85a3580bde3339898a5d1b", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689848253, "uuid": "68140256-4462-41f9-b232-d94b8d79ba03", "comment": "Malware payload (Amadey)", "value": "ec504c89f507325dc66291a3ad6cf66d7f4a60aab04ed12f1bd9d795e8f5e53f42808d53baf960bd6ec27e7def7ed160", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689848253, "uuid": "2a9546ca-d408-4f8f-a8de-90fbe1ebf276", "value": "T1B2840192F6F89032D8B8137098FA53C71F31BCA1AD74832B37456A5E5C725C4B531B6A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689848253, "uuid": "120f50df-0605-4f7e-9b13-2061919cb7c4", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689848253, "uuid": "d325a3a0-d95e-4f61-b0c0-09b76cedcdff", "value": "12288:ZMrqy90c7jrXKkrI0xWpHgYGIKA4x68A:ryFKfGWpAYGre8A", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689848253, "uuid": "66a25293-9234-4c12-a176-0a2b2844ec70", "value": 399360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689848253, "uuid": "7c7ef826-706b-4015-8058-4890673602f2", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689848253, "uuid": "ee7b7de3-781d-44ae-afc3-89b2e216fc5c", "value": "62bad3890dd4997157e6248d93e577120bb4ebd07addc.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6a8a1514-26cf-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1689838278, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838278, "uuid": "65945347-bb43-4237-808c-ad27dd8d01c6", "comment": "Malware payload (RedLineStealer)", "value": "b4c1293dce1605a1556693303e88cd64", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838278, "uuid": "772e3b97-173f-4434-9a5b-768605f2aac8", "comment": "Malware payload (RedLineStealer)", "value": "6388154b88d7e6430e048e6b44ae647527fea9bb48918f678b04600396fd9095", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838278, "uuid": "dc830992-1fbb-47ef-8ff8-3924c0a07e6b", "comment": "Malware payload (RedLineStealer)", "value": "5b36befa445ad4a4407d146f65fa73481c4e7fb5", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838278, "uuid": "43aea9b8-273f-401b-8de5-f8faf1e99b26", "comment": "Malware payload (RedLineStealer)", "value": "5df6cb3508f55a929685d66a1730e63b268a242b3c360cb4c24264f7a6215b482189d0330560ef3972da68f3ef57ff84", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838278, "uuid": "e8b650cc-92c9-4486-a8ed-c2bc3765864d", "value": "T193840112B7E88472DCB5277468FA12C31B32BD915934864B2786A89F0C736D1F97237B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838278, "uuid": "8b2133b6-69ab-4a33-b2bd-f4eb62828d50", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838278, "uuid": "5677afb0-1261-4762-985f-9dafc0032780", "value": "12288:EMrUy90DroP4MYhD3nlF4ifHyA3s+MQh3d:wyi0xYhDX8HkTht", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689838278, "uuid": "5647875d-9a49-4a6f-b386-1809633332e7", "value": 398336, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689838278, "uuid": "e1202dff-2371-498f-8e10-88d9b6a2e60e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838278, "uuid": "0692709f-ef45-43c5-b842-964c3a378f48", "value": "b4c1293dce1605a1556693303e88cd64.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "986107ab-26dd-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1689844368, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689844368, "uuid": "7d16fb21-addd-4b55-8f05-fc6c3c451e73", "comment": "Malware payload (RedLineStealer)", "value": "f383a6a3f0025f36154fced882b9a25b", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689844368, "uuid": "8bd5a4e9-18f7-4a60-9063-50bac3968777", "comment": "Malware payload (RedLineStealer)", "value": "639607b427cc6610b50cdc45ae0c0f0f278fb307ff1974025694e5a417a9c685", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689844368, "uuid": "0fc340de-d1e5-4d9b-833d-c6b98e5b712c", "comment": "Malware payload (RedLineStealer)", "value": "9701436a14e75cdf1699b6060e22ab0c3b90dca8", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689844368, "uuid": "66842316-5e7b-441f-b7ea-a287afb02c02", "comment": "Malware payload (RedLineStealer)", "value": "3203362f7fcd911cca47b183076093914bc0122a5fdc5279c19b203315bcf22791d62d0f01f8496637101a57b001458a", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689844368, "uuid": "aa6730ee-e4c1-4749-8857-1fbfbc8ac066", "value": "T113840252A7EC9033C8F51B7018FB02931E35BDA199B483AB32996D5A0CB36C8E571737", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689844368, "uuid": "0e3ee245-a7d5-4266-9835-0c465ec704d1", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689844368, "uuid": "373884f6-752d-40a3-a64e-fe1d72322e48", "value": "6144:Kly+bnr+gp0yN90QEPLQORe76fn6/q4puGZ6ZgJ8sDwasxfPLXs/2HmVNCcHnlRe:/MrUy90phIZ/qKup0oPB9cHnl9YV", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689844368, "uuid": "e18cd133-5abf-4021-8d39-f27bfa0ff4b0", "value": 399360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689844368, "uuid": "48c89def-6a41-473f-8e75-2ea9661cbda0", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689844368, "uuid": "18d42d98-dfc0-4b8b-bae7-75cedf2fc593", "value": "639607b427cc6610b50cdc45ae0c0f0f278fb307ff197.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "70866ecb-26f3-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689853750, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689853750, "uuid": "3c67d929-7690-40b9-8a29-f09067fccfd7", "comment": "Malware payload (AgentTesla)", "value": "e83cbb6dd782f6cf2bec5c4d25d6e635", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689853750, "uuid": "696e63c1-9e9d-439e-8a85-d9ed449e4694", "comment": "Malware payload (AgentTesla)", "value": "653b9c71eeb09d0276dfa8fab08ed75f868166e484cde9716da250a76d5da32c", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689853750, "uuid": "a4887e93-4b84-4d66-8bbc-48079e58a3bb", "comment": "Malware payload (AgentTesla)", "value": "f192b8f0bbe3c52267c9b7b403d4c43515d48ea3", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689853750, "uuid": "e8b05998-30e1-4063-92b5-d4f0af5fa245", "comment": "Malware payload (AgentTesla)", "value": "d1b641da1cf5618fccf07abd6e37fc4f805495657a709c2546a3bafc6700e95744eca3aee58b4de6618a6a0d46d81079", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689853750, "uuid": "a033d29a-ae57-49a0-be54-6936fa912347", "value": "T1D1E45D9F32B8C78BE46D76A074214679C5EA942F61DEE7482F24E0D806E97EC1054FB3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689853750, "uuid": "b87b6945-0cd0-4b50-af5f-bfdf2281fa9d", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689853750, "uuid": "b7d12f99-bf0f-416c-9f2f-35dffb0d5321", "value": "12288:veVHOYgfdQz0Wm7Zm1zzuuQrkJX30prhSEVUg:+Gfuz0rA1ziuQcHirhSWUg", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689853750, "uuid": "056cda18-9d1e-41e6-a577-1b264c54aae5", "value": 683008, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689853750, "uuid": "5192c5e1-bc23-43c6-85d8-11de80dafd42", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689853750, "uuid": "127f91ef-152d-4ff8-a4b6-9822a4a7798d", "value": "464144898.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b978894a-26ed-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1689851295, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689851295, "uuid": "60fa8b57-54e9-40e9-81e0-1e5f7465db4e", "comment": "Malware payload (Formbook)", "value": "8dd91678caa0e33c4f5af2d6ee8fee15", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689851295, "uuid": "449e4122-6d21-482e-94c0-5c2d63532839", "comment": "Malware payload (Formbook)", "value": "655e1f7802f469886876b59344e294c278b3573a84c278c4f888627ebb5f2619", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689851295, "uuid": "c869b53a-9ae8-4def-8944-abc74a573e30", "comment": "Malware payload (Formbook)", "value": "a685e019234a03d9fec4427f77000482be04f33d", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689851295, "uuid": "41c05fac-1b83-4c56-825d-3f02d6eb3016", "comment": "Malware payload (Formbook)", "value": "f4fbc1e47bb0c622b1a1170eb24711375a35b58e0d537887f8a178db775c7a8b4e86d60d9a1600e9dbd096a0b51155d3", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689851295, "uuid": "73114b51-7e40-4c7e-8882-2631c1ef4de6", "value": "T10E4412046A70C593DB534A73693586635FEBE90500B1DF172B603F3ABE67280AB0D776", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689851295, "uuid": "fd54120d-3d83-4aad-bef7-a1126d7a8edb", "value": "61259b55b8912888e90f516ca08dc514", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689851295, "uuid": "e393db05-757c-49e6-a4b6-71d5d113ebe5", "value": "6144:vYa6PBU86hKXSw5k8ZRPPf2AIkTUDShYTzatBSFMCsNcBD:vYdBU86KX95k8Zd2kTYSST2bh/c1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689851295, "uuid": "2de74088-bbdc-4b94-b97b-08c4a493b510", "value": 277189, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689851295, "uuid": "6596b079-8d91-4ffb-9ce8-1cbf206ad18a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689851295, "uuid": "67b09122-d982-4c9b-87d2-148cd5f72290", "value": "RFQ # 1045981 - MAA_D Plant Project r01.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6e4dd850-26cf-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1689838284, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838284, "uuid": "f14914f3-c276-4ea9-853b-e984cf5011ea", "comment": "Malware payload (RedLineStealer)", "value": "a6f8f7131f6c47621b2e965cd6b6c981", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838284, "uuid": "0d63d0e3-06c0-49c0-8966-7d6f54b5795d", "comment": "Malware payload (RedLineStealer)", "value": "6568836094de3a32f9c325ced189bb981eb0cf8f4492e1b8b901ef52879c063d", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838284, "uuid": "3e9ec285-caa1-4c08-90bd-8cf8ab3dc6c7", "comment": "Malware payload (RedLineStealer)", "value": "327a8177a15d3a0838e98aa40ea5a8a46c655d95", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838284, "uuid": "985c9ff9-2e9a-4772-8f6e-55a2a3e7844a", "comment": "Malware payload (RedLineStealer)", "value": "921aa389a29b81eb06f9de58b390d45026200a7d48560470784090a9a916b171add04af452ead6726c067576c63d13d3", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838284, "uuid": "85103f3f-b0eb-45a6-b929-5c23c2c40c18", "value": "T1BA840212E7E89172D8B427B05CF613C31B3ABCA19D78436B2391AD5A0CF3694A53177B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838284, "uuid": "40b04dac-1227-4dba-b23e-28bb4bcb4b70", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838284, "uuid": "48723aee-6b72-41fb-a1b1-5f392d27f7ea", "value": "6144:KSy+bnr+Sp0yN90QE3zx3tQ3dNyVO12a/QNe9EOgqOLjBavFo4:mMr2y90pV3tQVo0QCaFma4", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689838284, "uuid": "b02a43db-237f-4ec2-9619-cf3696703911", "value": 399360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689838284, "uuid": "4fa1fa2f-512c-4581-a1e0-52c537d09a1a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838284, "uuid": "5236fa86-5d60-4f49-9aeb-6f66b9c25df3", "value": "a6f8f7131f6c47621b2e965cd6b6c981.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "784536b1-26fe-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689858487, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689858487, "uuid": "fc96e77e-5115-4c36-9ec7-9fb187ee1741", "comment": "Malware payload", "value": "e2ab2f41df36088edc30b3f486124277", "object_relation": "md5", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689858487, "uuid": "9a3cbeb9-d2d1-4b8d-b7cc-e4ee408f8558", "comment": "Malware payload", "value": "65a0a9d72fc1bc353900508971fe01ec95925fb4ff314f6fbe51e158bd7a3005", "object_relation": "sha256", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689858487, "uuid": "fc4f2d78-9185-4528-8073-48bcb826a68a", "comment": "Malware payload", "value": "f2eea47fe3020e45898b698b8b28c1f725359806", "object_relation": "sha1", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689858487, "uuid": "f3c0809e-824a-45b2-a865-1980cac0943a", "comment": "Malware payload", "value": "d93a63c27c59af86238d40ee1b8ff30b68ded8e9df3b0f5b00eddf4d8558d4b8155c469b8c1d57b534b821a110bd6f1b", "object_relation": "sha3-384", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689858487, "uuid": "e71d26da-914e-4080-bf27-0723b0879440", "value": "T158E533BFA455CD26BF558D2DBCC38A0392837FE7C552D46A339D64C82250F22DA2F44A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689858487, "uuid": "5ef89f71-84a4-4020-8412-7cebd3881c9b", "value": "98304:YuRb8HFccrmoJEDKnu1YVWQqma0BmQUJyZfQDT+i:Yu19crm+pM0WQqma0BnP4fz", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689858487, "uuid": "afff4542-288f-47bf-8838-18315e71c870", "value": 3305935, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689858487, "uuid": "42872fa8-0b68-417f-8c4f-764b0b47e651", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689858487, "uuid": "5b237f42-0dad-49e2-9ca3-2808b88eb25c", "value": "Arc_Digital49354BOZNB03194-CNSVF06816ZAUJPlqkhg.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a25300ac-26e6-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1689848250, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689848250, "uuid": "82dc7059-a94a-45f1-8edd-092990f58b93", "comment": "Malware payload (Amadey)", "value": "0cafbb3fb55e6531eaddae10d3eb5575", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689848250, "uuid": "1244b216-6be4-408d-bb05-685a796d41ac", "comment": "Malware payload (Amadey)", "value": "65a8b01babb2fcf3ed26a2236a606d7bc7d1f087749a455554b8ef7eddba56fc", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689848250, "uuid": "11f2d7b8-1fbf-475c-ab35-1555f9d44217", "comment": "Malware payload (Amadey)", "value": "ea8c1577e62860d115275ae2a4b5d0f39773065c", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689848250, "uuid": "a03c5258-fbf9-4bdb-a4fb-d62a4f5d2d95", "comment": "Malware payload (Amadey)", "value": "a19bd313b617e39632b521e78bf48032701f97e30e0be05f76890ae2cdedcca29b3b1e56d7c0673782a2064dd790cda7", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689848250, "uuid": "5ec51dc6-29be-49f4-8739-1e87e60d7ab7", "value": "T1B5840152E3E89032D9B517B058F617D30634BCA18A78C32B37DA6E5E1D732C0993476B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689848250, "uuid": "11635834-580c-4739-a7d3-60e337644183", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689848250, "uuid": "2a946b42-a379-4a10-b8bb-51203d069a23", "value": "6144:KWy+bnr+wp0yN90QEaWadrLawfvjsLiYYe/EK9AIF1hSUylqFT:SMrUy90wnZOStMZSENylqB", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689848250, "uuid": "c65320d4-2d3a-48c1-bb8b-8ece959028a6", "value": 399360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689848250, "uuid": "446dbd5a-9628-444b-8f35-176a5916d39a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689848250, "uuid": "408522d6-1a78-41ff-b109-fd482cba4100", "value": "65a8b01babb2fcf3ed26a2236a606d7bc7d1f087749a4.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "48142156-26f2-11ee-a6f9-42010a9c0055", "comment": "Malware payload (CustomerLoader)", "timestamp": 1689853252, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689853252, "uuid": "3616135e-46bd-419c-a820-f12a08adf41a", "comment": "Malware payload (CustomerLoader)", "value": "110a686894bc697b767662aee9adbaac", "object_relation": "md5", "Tag": [ { "name": "CustomerLoader", "colour": "#57A5C4", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689853252, "uuid": "2f7dcf79-96eb-49d3-ac77-dc48fcc451e3", "comment": "Malware payload (CustomerLoader)", "value": "66585a437c7394893afc35afe6c80a9cc7f21427adff7610a4c50a69d26fdd58", "object_relation": "sha256", "Tag": [ { "name": "CustomerLoader", "colour": "#57A5C4", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689853252, "uuid": "6aed05b9-b192-4a63-9b49-4c8aea15185c", "comment": "Malware payload (CustomerLoader)", "value": "9def38a568459faa9fa658a3a2eff406e60674ec", "object_relation": "sha1", "Tag": [ { "name": "CustomerLoader", "colour": "#57A5C4", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689853252, "uuid": "1af575be-45cf-49cd-81bc-3d4233641883", "comment": "Malware payload (CustomerLoader)", "value": "276576b2f5e66ede9cdb89890ae491d71573a9538d70bb16649e261f0ab74b8782b68c23f5cc80331de0fe669dcbd0d6", "object_relation": "sha3-384", "Tag": [ { "name": "CustomerLoader", "colour": "#57A5C4", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689853252, "uuid": "9531f294-2688-42b4-ad84-bf9214c5c2c4", "value": "T16B03D00057EC51B8C99B067DECE20302177AAF97A457CF8FBE8CA54A5C472296612BE1", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689853252, "uuid": "2a3e51e7-c11c-43c0-8361-1580fbb491fb", "value": "768:mJiC5Mgq5Tllmu24Ra2DovIieNhIPVQPa9iLj:zC5GTll92m7ov0oW6iLj", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689853252, "uuid": "7ba71109-55da-4fd2-adfa-eb7aff8e6e53", "value": 37888, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689853252, "uuid": "5bcef9c1-0908-4b74-95be-c2f376d26cb3", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689853252, "uuid": "c5c74ef9-8dac-47e3-86fa-dd3224270772", "value": "SecuriteInfo.com.Win64.RATX-gen.9329.23091", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a02d85ef-26e6-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1689848246, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689848246, "uuid": "f7cc8ba0-6b9c-4c52-badc-6b8520232747", "comment": "Malware payload (Amadey)", "value": "4e3d7f0bbb9d81ddbaf4fee6c8ba1782", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689848246, "uuid": "1425ecfb-6f15-4122-b931-a73567da27a4", "comment": "Malware payload (Amadey)", "value": "673c8b939500d2e41fce44819ce5a316b110ded0f706e3c9b76cfd6db4d00cbf", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689848246, "uuid": "e63e3ea2-fc16-465d-9033-b1d4c73c1312", "comment": "Malware payload (Amadey)", "value": "4b033bb442066401925466cfabaa040b38ef2738", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689848246, "uuid": "d3a974b9-ebed-4cf8-8e6f-a094c1011032", "comment": "Malware payload (Amadey)", "value": "073d9f416eb2a252123d6b524704fbd391e2c53101f6f4f4e54fd5bc3ac3876469713578c2f7c9179031260bc7fe9463", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689848246, "uuid": "6a774e02-d601-4379-a332-4794437563ce", "value": "T149840102F6E85072E8B517B048F607D31F36BC92AD74825B2B97994A0DB3580E97673F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689848246, "uuid": "ec47dd43-c1dc-4ed7-91df-762b33316613", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689848246, "uuid": "ef3cbb02-4776-4117-a12a-fc1322034606", "value": "6144:KFy+bnr+Mp0yN90QEYw5HrbB9QnE4kRCh2FrIBxCcHnlRHeWBYZFm:nMrIy90Gw5bQELr6kcHnl9TYZc", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689848246, "uuid": "e2c08560-430f-40d5-a7f4-b683c9120c26", "value": 399872, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689848246, "uuid": "606db338-1ea4-489d-9016-e7bd31c9b6d1", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689848246, "uuid": "bbec7193-d9eb-424e-a70f-123be1899b51", "value": "673c8b939500d2e41fce44819ce5a316b110ded0f706e.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c75067af-26ce-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1689838004, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838004, "uuid": "4e1451f0-6dc2-4540-bda5-c1bce0a8f798", "comment": "Malware payload (Amadey)", "value": "94f55aec707d36c68075f145e7412a81", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838004, "uuid": "ad54ca7c-7b56-4027-b435-41961b26acc7", "comment": "Malware payload (Amadey)", "value": "67af960ea509dff7197c210082ad1ca3323284a2c9279c8cc6093883ac3388c2", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838004, "uuid": "f8141421-dae3-48c6-b13c-d2f0cc545f96", "comment": "Malware payload (Amadey)", "value": "8605b8d0cb99dfd85d9ae56e0eec0c668287cccb", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838004, "uuid": "2ff57c1f-8b98-4b77-ad8f-490d3740103d", "comment": "Malware payload (Amadey)", "value": "ff782af0bbceb9984b9e47f88237c12c0542f5da5b58f6022852c6225f3d52e291967dad6d2f1a57ca852d8aca400771", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838004, "uuid": "bde467bb-d0ab-431b-b231-680aac57634b", "value": "T10A840142A6E98033D8B517705CF613C31E36BCA19DB493AF2792688E1CB3594E57273B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838004, "uuid": "b1b7cfbc-9c1a-4717-b735-7249c7f1dbd3", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838004, "uuid": "df5c2e2f-978b-4d9b-ac9f-4504ad978b31", "value": "12288:nMr0y90CDEXw/q6it3/fsclHMcHnl9j0c3:by9DsbvfscVTHT3", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689838004, "uuid": "fa9e5716-57e1-4c27-af9f-7477fbf7d3cb", "value": 399360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689838004, "uuid": "b3c75bae-9ab3-495e-8369-8429f5c5c492", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838004, "uuid": "dc5cbf1a-6d40-4291-9cd5-e701538c8e00", "value": "94f55aec707d36c68075f145e7412a81.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "631bd9ba-26ed-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689851150, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689851150, "uuid": "4b607363-31de-4ba5-b968-2412349e4e9b", "comment": "Malware payload (AgentTesla)", "value": "cddbd3c342d9820d95e532b78d74b5cb", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689851150, "uuid": "888babe2-9f01-4ba5-b59d-18cdbc1ab0d1", "comment": "Malware payload (AgentTesla)", "value": "67f50cbee8d146700d13aba555eee7cef1b007947cf5f6dc6c8262b8a0f01c70", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689851150, "uuid": "93c58eee-2e32-433a-ae3c-032c659fa513", "comment": "Malware payload (AgentTesla)", "value": "63911e81e4ef6b5db8ccbd7d3b934bcfb58ca712", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689851150, "uuid": "c8d1cf71-c11f-4492-9d70-ca2c41237939", "comment": "Malware payload (AgentTesla)", "value": "1d6b4e0064062830da0bed65df8f613710d189f4233d1d0b6618e80499f46e94223a090fd3710b531fd6de398830cc44", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689851150, "uuid": "b988ebb2-8681-4216-8734-5305129232e0", "value": "T15CE45B9F32B8C78AE56DB6A074214239C5EA942F71DEE7482F24E0D816D97EC1054FB3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689851150, "uuid": "61ed152f-6c9f-47e4-b213-e98222f07e31", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689851150, "uuid": "331b84bc-ba16-4d34-9af0-970ea4c1fb5f", "value": "6144:NOZifUsn7lvnFczB9A4DMMLnbKxSRfZgReRXcEm+SQNq2Wm/eUxb1dY+NPVGN2hC:kZfUxQzcWm6fZgARsvFwVw2hnC/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689851150, "uuid": "2c514218-63d5-4079-bc25-6c5462018a25", "value": 673280, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689851150, "uuid": "1b515933-bd2e-449b-8211-d7d4fa00a2a7", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689851150, "uuid": "ac8c23ea-98f9-4fcd-b791-bf590307804b", "value": "Remittance slip 060223.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fe9ab15e-26cd-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1689837667, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689837667, "uuid": "af7c3c36-80d0-4ccf-a6bb-df6ae108a10b", "comment": "Malware payload (RedLineStealer)", "value": "026e9d2d6645c34f2e9f33fadeec589d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689837667, "uuid": "041ad790-c01d-4ac5-815d-59125ccb5d82", "comment": "Malware payload (RedLineStealer)", "value": "68ab5c7a84977eb7379341d29d2b10434cfd4ae30fb2276c4973f5fa55a7e85d", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689837667, "uuid": "249682c5-c2b1-4965-a25e-c7b35566c6ce", "comment": "Malware payload (RedLineStealer)", "value": "b3eefcab5fc8a993b9e037e62510c80b6e617683", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689837667, "uuid": "f7cf6b2c-5202-45fd-a416-8d315cba75a4", "comment": "Malware payload (RedLineStealer)", "value": "94684d593301d946769cbbf6eaf388cd2f01b4e8f6e512b65b15de091ff9a7d8fc01360a4ecaac686d2f8579db77dff7", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689837667, "uuid": "4550c5a9-9d10-4e5d-80a2-065b587e21df", "value": "T1C9840253A7D89073DDB527B069F703C30E35BDA18974836B3389685E0C72AD0A93676B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689837667, "uuid": "cb4c1772-17e7-45d4-93c7-b8562580e6e8", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689837667, "uuid": "e7793f20-47d3-4594-8004-8926c35bc63f", "value": "12288:sMrIy90JHXoKWDekYxbv00NcQEIgA8Kk:cy24xDYRb8Kk", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689837667, "uuid": "0cc64243-7c62-4966-aba2-5f1aaf71e2e2", "value": 399360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689837667, "uuid": "d2c37654-3d23-4827-997a-25df69e54049", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689837667, "uuid": "1908fbae-f13d-4297-8639-e7ae276ad230", "value": "026e9d2d6645c34f2e9f33fadeec589d.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "eed7927b-26d4-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1689840647, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689840647, "uuid": "cc5b4709-e5e2-412a-af01-4f4fd96ad022", "comment": "Malware payload (RedLineStealer)", "value": "f26f6a3da57f960505ee5689ba0767a7", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689840647, "uuid": "d1ab410b-e0a2-4236-a99d-4391b7168485", "comment": "Malware payload (RedLineStealer)", "value": "69a41b421b0a89e91a5bda32b1d8ab7067cfa1d484134733f5a2b6355ed9025b", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689840647, "uuid": "2d0b1093-ccd7-4146-a320-00599e279e47", "comment": "Malware payload (RedLineStealer)", "value": "bbf255f3d77886ed47c13bcd7cf0a0c436bd5723", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689840647, "uuid": "0856c885-d329-4fde-a171-49bbd7259939", "comment": "Malware payload (RedLineStealer)", "value": "31512488c8702298c2fd7c1fa68a830720ef07d0ae987e8c5fc872ff9d56007e458ddb6fee691fa7f257b4612041109e", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689840647, "uuid": "9b0ec2cb-7c91-4e70-a4de-1eb8b7767a35", "value": "T145840A83C7B23D59E9278B729E2FC6E877CDF6508E49377D12199A2F00B0276D1A7610", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689840647, "uuid": "21efdb6f-9a93-4d21-8935-ff19f5e6b0e6", "value": "2c1d6f07319e916f23334deb261840fd", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689840647, "uuid": "e3ca4255-168b-4748-8ee4-20da7674696b", "value": "6144:f0T/LcgQT8S7kZksQz2P40g/oW1SFv4NaAEbzS:fs/AD346LK9gQXx4NaJzS", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689840647, "uuid": "36f48bbd-7592-470e-96a7-0cfc28e2efaf", "value": 378880, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689840647, "uuid": "9040db1b-721a-424d-bcda-f22cb52036ae", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689840647, "uuid": "8b288a44-4715-4e9c-bcd7-cd1e068f6edb", "value": "f26f6a3da57f960505ee5689ba0767a7", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b9295f5a-26dd-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1689844423, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689844423, "uuid": "ef73e89e-ea9f-49c2-b6b9-94a976770950", "comment": "Malware payload (RedLineStealer)", "value": "69e8664bc0a59925a5942a112926bcd9", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689844423, "uuid": "183681bc-f3a5-4346-baa6-67070c58a7bf", "comment": "Malware payload (RedLineStealer)", "value": "6a85ca0b2367faa6c9c23ea00af52f3f5dc930b1210b3993016179aa978233cc", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689844423, "uuid": "f6a7543b-4250-4c9e-97ba-dd0dbb35f9f7", "comment": "Malware payload (RedLineStealer)", "value": "41be7b468a8f61dde74df9c1fcb5717b929b4d2c", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689844423, "uuid": "de397b5f-a47d-4782-80b9-c1afacc072ff", "comment": "Malware payload (RedLineStealer)", "value": "273b9f0edaff4cecff25d40418d1659edda488fa3119db0837dd423941e1a5e43445b34e1fc3f28438f0f72f63c90330", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689844423, "uuid": "20dcf582-603f-40d4-a006-47ad466da398", "value": "T1848401526BE99073EDB5277069F306C30B36BCA19D78836B2396644A0CB35C5E53237B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689844423, "uuid": "c8876893-2d5b-4a7d-b060-d562f24f08cd", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689844423, "uuid": "89d3a369-fb77-465e-951f-82c3e7253028", "value": "12288:wMrjy90uRUZgTguM5S8cHnl9SjD+7eq+OL:Dy3UZwjH0Dgeqj", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689844423, "uuid": "852225ac-12db-44ae-814c-6abea4d8780c", "value": 399872, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689844423, "uuid": "c89fc786-5653-4f3c-bdb4-9b93f4c4f26d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689844423, "uuid": "c2d74425-b9d0-487a-af16-8b2af2098e54", "value": "6a85ca0b2367faa6c9c23ea00af52f3f5dc930b1210b3.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0463a022-26ce-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1689837677, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689837677, "uuid": "0358d39a-7008-491d-af46-6754ba369565", "comment": "Malware payload (Amadey)", "value": "3133d51b9cb5dff2ffb1eb479a3a8197", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689837677, "uuid": "810867a2-5757-42a2-b9b7-1d3d4acd64c8", "comment": "Malware payload (Amadey)", "value": "6ba0db3b66f5f3df269e1eb1b3241575d1ec8d58b19767274aae0af44946bbb3", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689837677, "uuid": "381e6f88-71e6-48d6-a30f-c458747dc1fc", "comment": "Malware payload (Amadey)", "value": "c7751780b417509447b6374f2044c4a70bd3aea2", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689837677, "uuid": "d98eb02f-d480-4046-8773-2f712edc75cd", "comment": "Malware payload (Amadey)", "value": "ddaa1dae947016129ec3ce24a82fdce74f3a195d2d8db9a550e1145de1df7648a013e836425eb251313da57eefe0730d", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689837677, "uuid": "f49c3738-9f0d-4600-82ff-e226e544881c", "value": "T1A0B4125BE7D84033E5752BB04CF603930F3ABEE19D78926B2794644A0CB26C4A572377", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689837677, "uuid": "d0a7d7ff-633a-440a-98c5-31fe3f6e549e", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689837677, "uuid": "9a0b3f67-de44-4a15-aa5d-d11e5ebd4f0f", "value": "12288:2Mr3y90Mp419rk/h+B4egjTgl+ZP3SFgHEgD/r17DZ:ByDp4vg+uegjTgl6PQeESr91", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689837677, "uuid": "baceac8c-0048-467f-ad00-66357f3ae93e", "value": 527360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689837677, "uuid": "d2355643-708a-469c-8fb7-3cf5d03137a4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689837677, "uuid": "d02607cb-a222-4030-bc05-f39f3e986662", "value": "3133d51b9cb5dff2ffb1eb479a3a8197.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cf86365c-2711-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689866794, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689866794, "uuid": "f9f82aa1-9aad-4200-b9d9-7d372560ae4b", "comment": "Malware payload", "value": "13d5c33e18240fa3ad03851094977d07", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689866794, "uuid": "444f7885-27bd-4c17-8022-0413c72cbb54", "comment": "Malware payload", "value": "6bacfc828a2cef4c0cb83eecc9e1bdfa8b32c0072a95a23734e1b8fd18655ade", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689866794, "uuid": "5deea868-6372-4adb-9971-aefbd85ceb67", "comment": "Malware payload", "value": "1fe4306042b3e6dfeb80ca2b10deb7bc9306ecb2", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689866794, "uuid": "ae24bb51-2ced-4c65-a3ff-d0a76bb38703", "comment": "Malware payload", "value": "93575e75e7faa89a40a4be4c23f51d39ccf35e04afced23c9518e7ab600b28e1a5b32246fb4e9cd262326e47b88b6ea3", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689866794, "uuid": "f3708f8b-ad59-4435-9e7a-842d14324808", "value": "T119C5335E9E246AFAC8D824779C22DFE228716E3705915246B51FF7B20F304E51F6A3E0", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689866794, "uuid": "3a460133-7dc6-4355-a427-6dbc26f197ae", "value": "4328f7206db519cd4e82283211d98e83", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689866794, "uuid": "c51bfb73-306b-40c4-8b67-13c4975636f0", "value": "49152:dYvTqm6PsHzVAxZ85lsiLBLq75+XWL+NLJLvEBIfq8gVlbpBg6:dC/6PsJOqwigD+YBI+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689866794, "uuid": "30aad663-fbbb-4e5a-871f-5ed156391f6e", "value": 2600576, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689866794, "uuid": "874db4d0-6683-453e-b368-08029958b90b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689866794, "uuid": "f8d4fba4-7aa6-4f0a-ba66-8e6f7909cd60", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8668e3f9-26cf-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1689838325, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838325, "uuid": "f2139890-3883-4672-aa8b-726eaf3e72e3", "comment": "Malware payload (RedLineStealer)", "value": "c5207b51710304c5b97d387c2fe6e6d2", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838325, "uuid": "4051232b-5192-475f-8c26-afbc3f6846b2", "comment": "Malware payload (RedLineStealer)", "value": "6bd647ffc8bc8963a3e1793b2fa47d1715c4bc88c9827feb630e4780b4ba3c1a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838325, "uuid": "9bd3c478-711f-4a6d-bca5-b0be7d4b073e", "comment": "Malware payload (RedLineStealer)", "value": "b164b515501e1ab3997013a1a8d9974741db9c49", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838325, "uuid": "1cffee51-44f0-4bf5-996b-b14d8e5416eb", "comment": "Malware payload (RedLineStealer)", "value": "3f99881785769756c60fa36f2a4a2816dee6a0f499165e48545c27eeb14078863c83464253d3d1e6d48cc466fa1b19ae", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838325, "uuid": "a54f98bb-b2fc-4dfd-853c-716609b6687f", "value": "T168840202ABE88473DCFA67B02CFA12C31A3DBC519D34436B2395A8590D72684F57677B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838325, "uuid": "a54dc063-150a-43a6-a36f-577e1b9c1d0c", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838325, "uuid": "9d1c3fea-0765-40f1-b12c-c2fbbb47862f", "value": "6144:K1y+bnr+Lp0yN90QEpioamnXT45kWcnZNrQElP7bxJrkWpYCcHnlRHmcaWyShfLL:TMrLy90P1fnvhkWp5cHnl9XaVS9Lcu", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689838325, "uuid": "596c9c36-b18d-4c17-9f35-f9ce8d6c8884", "value": 399872, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689838325, "uuid": "768ab47b-2687-4c48-bc5d-4ecf1bd7e725", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838325, "uuid": "4c764b59-78cb-4a4e-b7a4-919807c95826", "value": "c5207b51710304c5b97d387c2fe6e6d2.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "49b640ae-26ad-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1689823620, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689823620, "uuid": "26d26e55-204d-41ab-a0f5-9bb9e4dc47fd", "comment": "Malware payload (Mirai)", "value": "1800ea405c28fd3deaad317620a6596c", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689823620, "uuid": "623de135-907a-4104-a812-dc84a61a094f", "comment": "Malware payload (Mirai)", "value": "6be257fdf47230b69fa1c554572485549a25f419e8d9faa47860d83f7dcb5956", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689823620, "uuid": "9e4a17ba-156b-449b-b67a-a5aa81e6cc19", "comment": "Malware payload (Mirai)", "value": "fdf5b1825f84947debcead4c2d4d1a8f2c2e8dd9", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689823620, "uuid": "89c11d76-07ce-4032-baff-fe17f10fe88d", "comment": "Malware payload (Mirai)", "value": "b23e59fb613b923ed3a39e2136ca6297fdc4a2b359dac5a1d8955cbe66c52c6ce85052ae27382472493664cb7594be33", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689823620, "uuid": "c45209ee-a2c3-4070-9b96-36c20df1daee", "value": "T142634C9AF801DD7DF84BD77E4453090AB530A3D153831B3A6797BDA3BC721992D22E81", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689823620, "uuid": "72f92985-bcb7-4796-9ac7-dfc902f08eba", "value": "1536:fWo3SXqGhYD4DXW80fHL1gxBVvxdJLL011iu7QCc:fWoiXxYEDXiL1aBRx/Lu77c", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689823620, "uuid": "5683a8ec-8902-46d2-8a4d-ea35190a9350", "value": 71804, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689823620, "uuid": "3acf50c5-8bd5-4ec6-a258-dd1f6ab9292b", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689823620, "uuid": "ecf40f1f-6ebe-44b0-b203-be512734935e", "value": "1800ea405c28fd3deaad317620a6596c", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "911e7a21-26e8-11ee-a6f9-42010a9c0055", "comment": "Malware payload (DarkCloud)", "timestamp": 1689849080, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689849080, "uuid": "cbb18116-f8af-488c-94b4-427084be176e", "comment": "Malware payload (DarkCloud)", "value": "2fcca15c1395bb3ff8f85df226fa1e64", "object_relation": "md5", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689849080, "uuid": "6c126891-7cb4-4553-aae3-155a9cf4e7da", "comment": "Malware payload (DarkCloud)", "value": "6d9352c69f57555cb6d8a4c038bf6d37259136618429c9432c13516701e27274", "object_relation": "sha256", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689849080, "uuid": "b5a81451-7a56-4fde-b206-d8d068860248", "comment": "Malware payload (DarkCloud)", "value": "7a8e817d7d14900c70f9c67266d80b7cb2d97931", "object_relation": "sha1", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689849080, "uuid": "bfe2b72e-c8bb-4c9d-be70-8f5a258092b0", "comment": "Malware payload (DarkCloud)", "value": "85dde7eb443873cb97a7247234cf50b2d0051f41ef9be1a72b00c4b2055a167de87f111ab31b26494f4283c35478e1f6", "object_relation": "sha3-384", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689849080, "uuid": "4319f8fd-50c6-4363-8fa1-04293ae5a369", "value": "T15964235B2D3B6E7EFF7337563F41DA78093C4005A5B800543926B23AB5EA1A92EC64F4", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689849080, "uuid": "cfcaf8ae-8ede-4b83-b0be-8c2e21e2c986", "value": "6144:gpU8PLHReXARAPY41jUiwI5mPqQy3LKjVdTuSBD0StUpbqa1Aov0BBOSS0VxOP:qPLxe+APY+UiBQybKjfT/+OIqPPOP", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689849080, "uuid": "1689fdc0-a972-48c2-8647-d017d62a673c", "value": 331358, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689849080, "uuid": "e9c82286-5b00-48f7-bc79-1b57d3008003", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689849080, "uuid": "640df5e1-f3a0-4fb3-a278-2268c24eb7a3", "value": "PI YW-201123.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c63cf3e8-26e3-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689847022, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689847022, "uuid": "38abd39e-6746-421a-9a51-6b50003c5acb", "comment": "Malware payload (AgentTesla)", "value": "b479c194a24e32c31774ecf2d097d357", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689847022, "uuid": "ab38626b-83e4-4a21-bc2c-0cb2c0b8fb58", "comment": "Malware payload (AgentTesla)", "value": "6e3a3a740b772fed78f6184d63e0d10290ef1d3b5fee540aa12240ec04b64c5d", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689847022, "uuid": "d01e262f-01fe-4de8-aa90-7ca23baa67df", "comment": "Malware payload (AgentTesla)", "value": "a12fa7fe1db32db4540458068bebae2366d8c283", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689847022, "uuid": "7cf4effe-6f12-4096-80cf-0ae08a4c62f0", "comment": "Malware payload (AgentTesla)", "value": "e3cb7d4579441bd2070733b18e80e79dcae5f01d4ab969399181ead6d3ebe7edf416f3973554ccf2cadb8adeb46abec5", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689847022, "uuid": "71f80c02-163f-475f-8958-694f5dd0dd71", "value": "T151D42359868B4CAFC6A71FBE24901AB4822DCFE6BC33F7475F0BF1A4E25724B0541924", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689847022, "uuid": "bf53d59c-8f78-4ac8-92a8-d505aa8ed256", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689847022, "uuid": "4d59327b-ccbb-4945-bdd1-53c7d30688b1", "value": "12288:kS6ln+flo/XciMvMq0Xcu3Vg30cJLcF6g8PuHBAE4zYKGCSgq6zqomgp3gZws:NTdCjEMqOMJgIPfE48KjLxQS", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689847022, "uuid": "cfc35d97-312f-4ab7-87f1-0db35b38a3ac", "value": 629248, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689847022, "uuid": "f5d77f42-82e9-4ec9-969a-367a85791582", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689847022, "uuid": "4c45c333-f560-4b38-816f-df48268472c4", "value": "SATINALMA S\u0130PAR\u0130\u015e\u0130 20230720.pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9b07b3ee-26ec-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1689850815, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689850815, "uuid": "eaefa04f-223a-4b35-b1cb-fe567cd0f839", "comment": "Malware payload (RedLineStealer)", "value": "d5aeaaa9c0373515524f92d713aa8ce8", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689850815, "uuid": "997a6e71-b17e-409e-b418-7a34d21b28c5", "comment": "Malware payload (RedLineStealer)", "value": "6eaec8aaa320b804bf32bde89dfe45ae19c69636b1bd0b38ac0034afd6096d11", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689850815, "uuid": "7615c30d-d7c5-4d51-8ebe-7091607c21da", "comment": "Malware payload (RedLineStealer)", "value": "a3ccce27b4a191cb3435f7d681cdb0c5a5c65a10", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689850815, "uuid": "907bb4ff-f747-4cdf-bec4-0e77592dc231", "comment": "Malware payload (RedLineStealer)", "value": "10d4972f1c369e6f2c8288ecd06e37521704a1aec4c733765d58292e7863e6dfb003959d254ed1815c4dc62619cd9ca0", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689850815, "uuid": "33ef7175-35dd-4cb6-b723-18b564cfbc9c", "value": "T110840A43C7E23D49E9278B729FAFC6E8764DF6508E49777D12199A2F00B00B6C1AF650", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689850815, "uuid": "f90f2486-181d-445c-9271-1f3407208b10", "value": "01c4ee1c294ad77d8fcb236b1ae3a868", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689850815, "uuid": "920017ee-be6a-48ca-9e88-87e76b3b2750", "value": "6144:UBBLOrDOgpUv96mNGlIUXfXuQ5B5FB6/pG+LS:+BCvWv906SfL5B5uEqS", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689850815, "uuid": "c6e2bf1e-01de-470d-9207-b005e50f2ba6", "value": 405504, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689850815, "uuid": "59b4f558-4535-4910-a806-240ce8a56fa2", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689850815, "uuid": "f0e9ff7e-3a39-484e-9894-b34792f020cc", "value": "d5aeaaa9c0373515524f92d713aa8ce8.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b9526b7e-26f3-11ee-a6f9-42010a9c0055", "comment": "Malware payload (GuLoader)", "timestamp": 1689853872, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689853872, "uuid": "99f9d7d3-157e-4ec3-9fc9-e511888f3223", "comment": "Malware payload (GuLoader)", "value": "404d563d82391dfd60b09552262967b7", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689853872, "uuid": "0d81a97c-c310-47a8-990e-541147d3ebd1", "comment": "Malware payload (GuLoader)", "value": "701a96b1981cefafd83443b56c6532f1bbe042bf8f7445d189358ef083bfba0f", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689853872, "uuid": "1e0d89e4-b4e5-475e-a152-bfcf9c06b2b1", "comment": "Malware payload (GuLoader)", "value": "1c8f6d90b6e3fec7a6ed912e584d112c6d828017", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689853872, "uuid": "dd4f2d14-aec5-48f6-9511-29cc6e82e583", "comment": "Malware payload (GuLoader)", "value": "f146f474b6d86f077403e535db8699b2c6b322387761f5e054be0720f61da26cc44bd554337ffc215a6187cba4fda22f", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689853872, "uuid": "d8d321e8-4a27-438c-b2d5-6aeae96f3b04", "value": "T14A7423E123A0C053D6E302329A77F66B3FEAC3207855860BB35099587D1A7E71D1E75E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689853872, "uuid": "629f9d93-d167-491a-9bb0-0313b493460c", "value": "e2a592076b17ef8bfb48b7e03965a3fc", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689853872, "uuid": "ad84cdf7-07a7-48b3-b735-3df6419a4f96", "value": "6144:5spNjlsNvGn6e6LWjwmuKVJncu+ekQhIEhkQ4PBfCkHxzv7+K1MgPiZnXw9SF:5cIvyjpPcaHhJjkR7HWgWw", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689853872, "uuid": "a0d190e4-d875-4949-bef6-93941298e73d", "value": 368432, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689853872, "uuid": "ec3624a3-76e6-4fd9-aa3e-b70551f2e4fc", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689853872, "uuid": "e8f8e272-9c37-4e49-8847-10d19068c64c", "value": "TR_Ptt54635732946772000000000000002023.scr", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5d5aa37e-26fe-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689858442, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689858442, "uuid": "5748f865-b418-41f2-8ce9-383b088259a3", "comment": "Malware payload", "value": "2349ed0bd00b655e2688ca903374b202", "object_relation": "md5", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689858442, "uuid": "54553d58-1326-4f31-ab5a-dcad2299f20c", "comment": "Malware payload", "value": "7036d0a513559ba22d0950bdc49cb48ce4f5d7b3ca40ea59b53db9effed865cd", "object_relation": "sha256", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689858442, "uuid": "9c8b1617-71ad-4dad-948d-a243e9e259a9", "comment": "Malware payload", "value": "c320e8592cb18306eb7e5151e5dd5d002968bc5f", "object_relation": "sha1", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689858442, "uuid": "6ef9d256-654d-4551-9611-277ca7c09484", "comment": "Malware payload", "value": "208d4ae3417c0656e773b0151a8dbb9ddea48b078b4f03ce5b373d7ade9385f6c3991960ad99ef19d9b9508e630383db", "object_relation": "sha3-384", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689858442, "uuid": "dcc44bd4-672c-43a2-b5af-a6ac7749b453", "value": "T1C462CFC9ECAC5C89C82DE911FFF6B2258A707E0F6D4703699D586D89421BE78601C48B", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689858442, "uuid": "0e3a040e-1273-4131-93dc-7fe636ed847c", "value": "384:asSm1k+/S1vBz+ccRbLwKP24GsFeKK1G73Ioc+wevGQJb0l2GQ:zd1nbssWsFec7o+HvulnQ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689858442, "uuid": "a6b0cd62-fcca-4590-906e-15cdc3e41444", "value": 14869, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689858442, "uuid": "62c66e56-b8c7-4190-b5c5-874d57faa3c0", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689858442, "uuid": "8ef1d284-d3ff-4712-8fc0-2a767967c8fc", "value": "20230719PDF.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4a140b13-273c-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689885038, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689885038, "uuid": "6112efa5-daa7-4b6b-a3bb-8275248d4fa2", "comment": "Malware payload", "value": "f3997627e230a94b935e8365ae211d2a", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689885038, "uuid": "8b82a83f-abc3-4521-9864-6dc48f144ec9", "comment": "Malware payload", "value": "7236ee4e74f5130fed690bfd955e40ae0c3f4f1e18e0f2d843c2e40665d9e510", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689885038, "uuid": "292132e0-10db-454a-8646-67e93b253fa6", "comment": "Malware payload", "value": "2a7c79ec3c7e823549a9659e531a91243dcd3084", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689885038, "uuid": "db01c3c6-49f6-4cab-8c80-71eb8a9d3e3e", "comment": "Malware payload", "value": "c2b59c0c4b27b2470105621dac6f812f56283b5f5144a08ce635ee146f90153d38c94e7aa416446070cc267f3af65dae", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689885038, "uuid": "5300ab1f-6832-4a12-8fb1-408522d66549", "value": "T11DA6296BB1A4812AD15DC13ED0B3DF41953370751F36C5EF9294026A0E9BAD8DE3EAB0", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689885038, "uuid": "c48bf78c-efc3-4337-9406-075cf5313ae5", "value": "5d1b57992eb01e9a84723f1cf593c843", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689885038, "uuid": "9aa53622-46af-42db-9012-dae1e933d5fe", "value": "49152:x93NQ9EWDZqTATFnYBP3Slqm0IH7zSj3d/jzTF3Kiglz7h01hvKwPvY3JaNp27jZ:x93JWblz4TKl2vPvWJv0", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689885038, "uuid": "746c2c0f-ad6c-4006-b538-006e6088096f", "value": 9756160, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689885038, "uuid": "149ef162-a650-420c-aef7-ffe5b31e7823", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689885038, "uuid": "a502e157-e044-4f56-8533-c9b50116b2f5", "value": "SecuriteInfo.com.Variant.Barys.434263.27025.15028", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f2c5114a-26e5-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1689847955, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689847955, "uuid": "d3c99c28-2b29-4c2d-8f2f-159eb515168d", "comment": "Malware payload (Amadey)", "value": "a6b36f0aee4f37052ad1c96a0db06148", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689847955, "uuid": "4c63fa07-a8ac-4e05-9c2b-3f7869acb390", "comment": "Malware payload (Amadey)", "value": "72ddbced999f33de0a977c40670cc1a87e9c8d80ec168a4eea6b4b4e6f3435dc", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689847955, "uuid": "6186e0d3-5262-45c9-96bf-6bfcb485a5c8", "comment": "Malware payload (Amadey)", "value": "94a110ffeae0aa14070b64fd98c323cc01c9cc00", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689847955, "uuid": "8a05cdf6-b161-4272-9351-971d9453402d", "comment": "Malware payload (Amadey)", "value": "e96858aa71e58d639bd9c53ac40d93435691faf079dd15f4f2d44ebfe3afb60a1230f98c2ccba74bb3cfa740c604c974", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689847955, "uuid": "b7173db3-a733-4d38-8e8d-515b4a6f29ab", "value": "T15B54A893C7923D45E9278B73BE2EC6E8764DF6508F89377D22199E2F04B0076C1A7612", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689847955, "uuid": "ab32a259-ec49-4607-8ce1-622c089dd66e", "value": "2c1d6f07319e916f23334deb261840fd", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689847955, "uuid": "8b002f7c-8117-497e-bf35-39b2b74f939a", "value": "3072:DaPJfpQKoVLIqkUIaQwp+SpGS175BdboiJ0xJ/5ildS0Jku:IfCLIdpAldeiJ0xqldS", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689847955, "uuid": "d6d6b91d-155e-4862-8c7e-02844dfbb777", "value": 296960, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689847955, "uuid": "49f19322-ef38-434d-a50e-0aabfc1bd900", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689847955, "uuid": "4af4a8ed-95fa-4a63-9dee-d3674dc8aa27", "value": "a6b36f0aee4f37052ad1c96a0db06148.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c2fba712-2739-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689883953, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689883953, "uuid": "23c2254d-3285-42b9-8fbf-be31879f248b", "comment": "Malware payload", "value": "a2f0c5b9ae2fd1d0d7c6c7cdbddc52a2", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689883953, "uuid": "52b1ebf2-099d-4ffa-b83f-134b3d967397", "comment": "Malware payload", "value": "732c6933975284af9ff5eb21fb1f667a66c0751cd2dc87cb87e352dfa8918ee3", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689883953, "uuid": "e404c17d-5200-4679-b43f-c69c6351d2d5", "comment": "Malware payload", "value": "ca55dde5af27f560c3baae265bbd2151cf2b0162", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689883953, "uuid": "32f1548d-cd0d-4ee6-83ee-b481f4272a12", "comment": "Malware payload", "value": "224ac3ecdda20ad3267396d3993a71887fbdc442dacd4320e82d69bd0a5b31fb3155a29317e8c465d1d5c3ec02e9934d", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689883953, "uuid": "e0e30b90-d877-43cb-801a-692654db4b4e", "value": "T10E842B2393B13D55E9258B729E1EC6E8760EF2508F6D77A5121B9A2F04F22B3D173B10", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689883953, "uuid": "882f1c5b-7c07-40e1-99d2-37f44533d1ae", "value": "9de2ee79b7674f53e928d4abe630aabb", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689883953, "uuid": "b21291fb-073b-4e3b-80e8-bc1e182a727d", "value": "6144:ylbLJLGB8W7FykBakZKQhB4dvbIX5DPHbjvRx1l:ybVa7FTMOKQzCK531l", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689883953, "uuid": "ce3859c2-1b6f-463d-a8f5-78a6b57574f2", "value": 378368, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689883953, "uuid": "e2374899-25f4-4676-bfad-5765c391930a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689883953, "uuid": "30b3dc5d-8d8d-4544-af92-19d1495e311e", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "205d4e99-270e-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Fabookie)", "timestamp": 1689865212, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689865212, "uuid": "c1d5d976-71f2-4495-9b2e-e6adc13ad157", "comment": "Malware payload (Fabookie)", "value": "a59538b5d4db8f09fda133a2bfbb7745", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Fabookie", "colour": "#289638", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689865212, "uuid": "823fc594-55d7-4f9f-af44-e92379ee1934", "comment": "Malware payload (Fabookie)", "value": "74d559ebeccc73bc9cc42e3725fe0c5fb69357d9a1a4812106cce5bf3c06394f", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Fabookie", "colour": "#289638", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689865212, "uuid": "8dfe400b-dd83-44af-977f-ddb53a9fb65e", "comment": "Malware payload (Fabookie)", "value": "af6306dbe2314eee76689ce108d5a0689412ceef", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Fabookie", "colour": "#289638", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689865212, "uuid": "209a215f-af3c-4045-9c2e-0f0c3adb48f7", "comment": "Malware payload (Fabookie)", "value": "89e0592046559f515334aec2e1f31d3df40e1587bcb846ab45f09f1a0e9e16f2eb8f555bc689c3ab6973e1826a703732", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Fabookie", "colour": "#289638", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689865212, "uuid": "b2937adc-e746-4ca4-8dc9-f48e7e7f7788", "value": "T136546C56F7A80961C4A7C17ED592A7A2EAF0B8401F2047C703518B7E5E33BF5EA39712", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689865212, "uuid": "0ab8a2f6-4626-4b76-94a1-86994a6445d1", "value": "31e556ae7fe1ed4edcf727f836365d92", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689865212, "uuid": "d691856e-fbd4-41c2-91ef-5e1c82641236", "value": "6144:Z8pJxVjZBkhQ5KsYNJdA6NZ+BPMMMUcMUDyu5Wp2iDUdSGZRW:GpJxLWNbp8P2qUd", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689865212, "uuid": "0d185741-d5cb-49d6-ab23-1e553eae87fb", "value": 299008, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689865212, "uuid": "4b8e97d0-0a37-474d-ab0b-b72d6e85e8b0", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689865212, "uuid": "657dc12c-9b84-494a-b5fa-9529ce55dc03", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6732e38f-26cb-11ee-a6f9-42010a9c0055", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1689836554, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689836554, "uuid": "53d96868-5ab7-499d-b944-7326a0ec27cd", "comment": "Malware payload (SnakeKeylogger)", "value": "5771c7f376bf8760e4536e1ac832be83", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689836554, "uuid": "ddde3f07-4255-41bc-ac5a-145dc098effb", "comment": "Malware payload (SnakeKeylogger)", "value": "74e0e44962853defab1a9e26b38a812fac44b61910ea18102c3e7b227ee03ebb", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689836554, "uuid": "1036e56f-6e08-4a77-ab3b-126aa438ab2a", "comment": "Malware payload (SnakeKeylogger)", "value": "011cc3fe71e481d4dd69d16fec2e328a1c542526", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689836554, "uuid": "3f1d3d6e-3448-4c46-ac8d-d1f101bcb1b2", "comment": "Malware payload (SnakeKeylogger)", "value": "db94d640373627a06ab0332141e7db0401ec7dba7c40eff3e5673c0e08d3d1b068f7b6a79bd701251b2295daaf45d19d", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689836554, "uuid": "cfddc2df-9805-4c05-bb81-4580ba883704", "value": "T1FAD41204A6374E2FD42B0FB4196623F8421D4FDEFD26C6875D16F6EFAA663424700A27", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689836554, "uuid": "9f63d906-9212-4d11-b1bf-d1dac32bfce6", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689836554, "uuid": "91403afd-5e07-4712-b874-7504eee60b7a", "value": "12288:aS6ln+flo/XciMv0AsRfPN1+Jexurhw4Z9dqeGFnDSvRhpb7:vTdCjE0AywJexur2YSFnDSTl7", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689836554, "uuid": "8ebaf940-7041-4eaf-ad85-cc3072c28597", "value": 604160, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689836554, "uuid": "9d10b6b8-e985-4f33-b20f-468633dd66cb", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689836554, "uuid": "febf5b0e-8750-471f-81c1-73a3cc998dad", "value": "PAGO 49595.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "090dd057-26ce-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1689837685, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689837685, "uuid": "4c19824c-7e3d-4c71-bd8a-eed0be20990e", "comment": "Malware payload (Amadey)", "value": "6ff2687a021b0f54182ae529b710ab97", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689837685, "uuid": "061fd44a-1299-44ed-8ec8-c70635724636", "comment": "Malware payload (Amadey)", "value": "74fa6fb7b84478a8b0f3eea42a593b1c200cf1004aaff3eb3e29fccb03d9bf71", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689837685, "uuid": "9189ed8f-5c94-4bf6-9d02-e9e095990bfe", "comment": "Malware payload (Amadey)", "value": "2d347e2413a552c8b8fbaf95b707e9c6a17aeb2b", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689837685, "uuid": "d672b426-86a0-427b-a678-66f80a722a77", "comment": "Malware payload (Amadey)", "value": "fd73afc28a8e77b0fabf2bc1658e1eae70d30d456014c60e5742db34e7eb7bc42109d8869e6e5a9ba312083f17806cea", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689837685, "uuid": "81648865-4098-4c0c-afd9-0932f6f86a63", "value": "T170840112E7EC8432D87627705CF703E31B37FCA59D64832B3756A91A09B3690993636B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689837685, "uuid": "2762bb46-8fbd-43b5-b644-6bd7873d378a", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689837685, "uuid": "eeaebcb8-71dc-499e-bf15-a12aca41fbdc", "value": "6144:K8y+bnr+2p0yN90QEj0RCEUxAun2LnhrtfOBMix+UTywL:IMrCy9010RnUxR2LnlteDuO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689837685, "uuid": "1132ab45-a18e-4147-8e18-5728958abedd", "value": 399360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689837685, "uuid": "6da6a0f2-7987-493b-9e33-ecd36ac8a99c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689837685, "uuid": "ab450c7b-5751-48f1-88be-3259ba237904", "value": "6ff2687a021b0f54182ae529b710ab97.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3f2993a8-26d0-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1689838634, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838634, "uuid": "15425f6c-ecaf-44de-92bf-0c4ad46837fd", "comment": "Malware payload (RedLineStealer)", "value": "d8b749cb322160fe7493300668983494", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838634, "uuid": "a631c2ef-0872-47d4-a24f-b992c54a92d8", "comment": "Malware payload (RedLineStealer)", "value": "78a80da889fb77e1536903aa1d2abef676b1663c0cdff25dc03f16254ea2168e", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838634, "uuid": "d92081f1-1fc1-4347-9f64-501d696af874", "comment": "Malware payload (RedLineStealer)", "value": "6e2c7f760f0a8c8809f51d77fecfd9e6b8adecde", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838634, "uuid": "03d5afe7-a4c7-41b6-b5c6-e3249d3dbbe6", "comment": "Malware payload (RedLineStealer)", "value": "f2562228903629830da010dfa0276ad376412d6a3c316cd8db8e28b7020a750fb150456b37ca52617c49f73ebdaf571d", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838634, "uuid": "d54275e6-b821-4cf6-82e6-6d8a6574044e", "value": "T1B4840A93C7A23D49E9278B729F2FC6E8764DF6508E697F7D12199A2F00B0076C1B7610", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838634, "uuid": "dd18d542-4e84-4fa2-83dc-483a86fe4110", "value": "2c1d6f07319e916f23334deb261840fd", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838634, "uuid": "9fae752e-d9cc-4798-878f-325dc432b61a", "value": "6144:iTQMLxiCEeIu1w2KvbOgc/PXm7iNJQqU2O4A8/N60S:iMMtn1wJbOgEuUQqU2O4z/U0S", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689838634, "uuid": "eb05fa8b-5f27-4c6f-a603-766773f2ae99", "value": 378880, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689838634, "uuid": "fb5d3a0a-0cb8-4e7c-9672-4617d9edbd8b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838634, "uuid": "3679d461-addb-4c02-bc39-f0bf8f473179", "value": "d8b749cb322160fe7493300668983494.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c8073053-26c7-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AZORult)", "timestamp": 1689834999, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689834999, "uuid": "af50a7f2-005d-41d9-8d95-f65e1cabad9e", "comment": "Malware payload (AZORult)", "value": "34441248d5a40a61b95aa1f20b42f7c0", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689834999, "uuid": "0e1507b0-d5ba-47b9-933c-7507b1ae72b6", "comment": "Malware payload (AZORult)", "value": "79892ac57af9846e3b718c7388c205438a9d0706a597b67638105d8b5572256d", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689834999, "uuid": "c6fe8563-497e-498b-b9ff-a52115d00a08", "comment": "Malware payload (AZORult)", "value": "93ea20e2370685727a55dad352d7bdeca326770b", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689834999, "uuid": "ca9d6b47-0e37-4c3b-b938-f1e2a83708aa", "comment": "Malware payload (AZORult)", "value": "ae1f7a359cf11c7b0a4bd50b1f334d9ca6bfd270cab2e39b444cbaa92f826cef5df275c19e993d81d02365dfea91f168", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689834999, "uuid": "40ab69ac-cfad-4496-bd84-16bb76062e71", "value": "T18254088462A2F64BD3410B70D9D0E7B925BB6DF59A01422E6D9E36F85C3FF290DB0172", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689834999, "uuid": "45268f96-1d34-49b2-8a50-4686807ea1c1", "value": "3abe302b6d9a1256e6a915429af4ffd2", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689834999, "uuid": "05b64c89-1050-4124-b0fb-d07202c885f1", "value": "6144:ajC8w75wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww5w5wwwwwws:z8w75wwwwwwwwwwwwwwwwwwwwwwwwwwU", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689834999, "uuid": "149c3693-509b-42b2-8aef-1983a942af72", "value": 289411, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689834999, "uuid": "02969acf-1a0e-42cb-bcb4-62566eb7cfea", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689834999, "uuid": "f4cafb0e-85f2-4019-9dc2-fffbc3f099a5", "value": "34441248d5a40a61b95aa1f20b42f7c0", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "569eddcf-273e-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689885918, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689885918, "uuid": "b1f1ae29-9420-4fe3-96d7-9ee5b4749b60", "comment": "Malware payload (AgentTesla)", "value": "26902439b97a49f43343f56542ccd022", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689885918, "uuid": "a6eb4334-9598-450f-bd8b-8f40881df589", "comment": "Malware payload (AgentTesla)", "value": "7a9219fbe2409d6080f9853798e178538b6f58669d94fa4346efae44e7478869", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689885918, "uuid": "20f22442-6132-4e95-b982-9f61907f08b7", "comment": "Malware payload (AgentTesla)", "value": "62c8627231ee0197fa6c1340480ff9ce86433dec", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689885918, "uuid": "993e3f6b-4def-4ed5-bcba-a6d56d406e77", "comment": "Malware payload (AgentTesla)", "value": "0fd5cec9de4651cafbe62418572eb72d40861692d3f7b2abab7f1fd380e22f8efd0c826edd6ea4c1cf0b5725c904bd2b", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689885918, "uuid": "a4230000-f0ce-4ed5-abe9-426cd527449e", "value": "T187050220D5BD8BAFDA7367F5B524193943B66E6A7432D32E9E02B0C37552F035102B2B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689885918, "uuid": "997f9479-73e6-4b62-97e1-c6452f33badc", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689885918, "uuid": "f6ced7ad-97af-4004-bfd5-2222e756cbd5", "value": "24576:+2ATdCjEQPPymw6h4coQW0z+DVPqGZXU:+b5CAQPR49QW0+Ds", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689885918, "uuid": "832b88b6-f2d1-4ff2-b840-6d080161fdd8", "value": 798208, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689885918, "uuid": "9a1e97cb-a4cd-4cb0-89fe-19b7361327b6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689885918, "uuid": "e1ed73b3-6ff3-4ca9-8e2e-469ac2547ffc", "value": "DHL564.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4e0db3f5-273c-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689885045, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689885045, "uuid": "0d48cf12-da81-438c-8aca-f3ab32976efb", "comment": "Malware payload", "value": "c8eafc39d5cc71a6cf123e5d410380d3", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689885045, "uuid": "c9841033-6ba3-403c-a91e-6b61fd45ff8f", "comment": "Malware payload", "value": "7b7a8f8f1e883eb8f57ea765643e8dada597f5edff474ccd8d64e42f755e49c5", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689885045, "uuid": "74a1bb08-0a28-4720-9e5f-b2160bc85438", "comment": "Malware payload", "value": "16b959d7ec87ca6f0c99c7e4c1fe034c0adf9fb5", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689885045, "uuid": "315bc05a-7f3c-42de-8101-a3ca32b6d548", "comment": "Malware payload", "value": "c3ee326c0751435a29ca7ef2b2b3d3d65e467fa159de759c641acda4b06078f1407f1c0097bd4db09d0ebfb2ca43dedb", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689885045, "uuid": "b36b3bef-a4d7-4999-b003-b954981af34f", "value": "T116A6296BB1A4812AD15DC13ED0B3DF41953370751F36C5EF9294026A0E9BAD8DE3EAB0", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689885045, "uuid": "6b2dbd07-b84d-40aa-b28f-b46e5ba946f6", "value": "5d1b57992eb01e9a84723f1cf593c843", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689885045, "uuid": "8af9bafe-a749-45da-8382-5a20bab713eb", "value": "49152:393NQ9EWDZqTATFnYBP3Slqm0IH7zSj3d/jzTF3Kiglz7h01CvjwPvY3JKNpW7jZ:393JWblz4TKl2ZPvWJ/0", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689885045, "uuid": "da0d33b9-e3c1-424c-8e87-f293586e3216", "value": 9738240, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689885045, "uuid": "8351b5c5-6abf-472b-87f8-dc1a69394fc8", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689885045, "uuid": "2d6dc5ec-6723-446e-afac-908f0097692b", "value": "SecuriteInfo.com.Variant.Barys.434263.22167.11215", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d58a75e0-26f4-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689854349, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689854349, "uuid": "b2932cc3-7ddf-4b8a-922b-f246b7b680bc", "comment": "Malware payload (AgentTesla)", "value": "99ddcf878ae0537cd0423769c4a8e831", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689854349, "uuid": "c37c3645-b170-4f8e-abbf-bd4c2684049d", "comment": "Malware payload (AgentTesla)", "value": "7b8b1dc1843eb601fea0db72ac0d4263a5e4a0517ef8a138e20d81950e5686c3", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689854349, "uuid": "17c9f835-6252-4462-8797-44285768e932", "comment": "Malware payload (AgentTesla)", "value": "f78cf8376bb74272c445a25afc7aa1fb3237e2b6", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689854349, "uuid": "07bb33db-be85-4889-8a87-d0ca6c7cb98c", "comment": "Malware payload (AgentTesla)", "value": "8532720773473e246a325093d40c2913ec13a0441f5599614b90483428f71553fbae23cb9f56febb4fd35ad64e71de71", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689854349, "uuid": "219ba079-7f4c-4e19-a793-be33414803b2", "value": "T1F3157E9F32B8C78AE55DB6B074210639CAEA942F61DED7493F24E0A416D93EC1150FB3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689854349, "uuid": "daac1b5b-f114-4d1d-8791-c66542df3e9e", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689854349, "uuid": "cd51bd08-6f58-4d54-987e-0259335f17ee", "value": "12288:dZfr/QzCWmVEc035Bg74x12/ZuI7L9AnjUFLngn:TfrYzCrVEvg74x1kX979gn", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689854349, "uuid": "fd6e8f98-ba58-4e20-ae9c-682393e31c98", "value": 878080, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689854349, "uuid": "987fde5d-f8cf-4aeb-b8ce-ac4aed19c889", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689854349, "uuid": "7183f7db-e6dc-44a6-b558-fe26acfb9557", "value": "Overdue invoice 12010643.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a9ea52df-26e3-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689846974, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689846974, "uuid": "3df7b37e-833f-4941-a69a-a0caf69f16fb", "comment": "Malware payload (AgentTesla)", "value": "076d74658cd68fbb94ae2e02910cac76", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "QUOTATION", "colour": "#75C1ED", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689846974, "uuid": "739ca145-2fd5-4add-98a3-18fec2c34bb8", "comment": "Malware payload (AgentTesla)", "value": "7bb39046c247f108e256f67b7ada64ef2d1a979c823c5049d3b65cba631ade6f", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "QUOTATION", "colour": "#75C1ED", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689846974, "uuid": "4ad0662e-ab85-415b-9b01-47ad5dd0edec", "comment": "Malware payload (AgentTesla)", "value": "4fac2e09dbebab0b88530b9ec179fb402eee367c", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "QUOTATION", "colour": "#75C1ED", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689846974, "uuid": "1bc9586f-782a-42b6-97f7-d8342dc0e9da", "comment": "Malware payload (AgentTesla)", "value": "123f15e25ab83df054d4eea8008dc29e7cff8b5096859746fb9cf432f85035c25d77990f610845862d346bdfd5320adb", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "QUOTATION", "colour": "#75C1ED", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689846974, "uuid": "a277acb4-1d5e-4b83-b3d1-45678ea14e6e", "value": "T139057D9B31B8C6C7E55D21B1B4224279C8E99C3F61CED74A2724F9A826D93ED0054FB3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689846974, "uuid": "ddd0227c-c2e7-4c0b-b0a5-a9a82e5321df", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689846974, "uuid": "f7cf45b0-5cff-4c94-972f-29f9887a8e97", "value": "12288:gWmFSMrOEgqn+lALlUgCZpAB0hviM40qEu462txQzmF6KvzkQmvgS6:grFzngGnLlULBn45E6C6z9OkQmoS6", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689846974, "uuid": "18a1b33a-ca03-4edc-b9be-bdcc477d8feb", "value": 835072, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689846974, "uuid": "5d5cd5c8-0b3c-40d2-8fd1-83de0d425d08", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689846974, "uuid": "4f46d859-ae4a-4d6b-a711-c9c44b55871d", "value": "COA.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ef98cf89-26e5-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1689847950, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689847950, "uuid": "9918980f-bfea-464c-ab42-dd1e07db3756", "comment": "Malware payload (RedLineStealer)", "value": "37a2f855a7bf0617e6e1a56b0ffe930c", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689847950, "uuid": "682067e2-6fa1-42ff-9128-0116268a352c", "comment": "Malware payload (RedLineStealer)", "value": "7c1f977a3b607dab39ee80ccef392929f038c69d75730e3881011b292c518710", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689847950, "uuid": "b05ec859-c5f9-4938-aa54-857f154b046d", "comment": "Malware payload (RedLineStealer)", "value": "38f63f33295172133a1f24594cb4e7c51ad747c2", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689847950, "uuid": "14d3d786-de83-4f6e-86db-1c21d16792d5", "comment": "Malware payload (RedLineStealer)", "value": "2aa6d6f35bda4f93df257054ae872380747f92d98532f2ee00adae422a24a57f44205f4a5c14d662acb0481dfa8e095c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689847950, "uuid": "936d432c-0ef9-4335-9e6d-7e9e54727919", "value": "T137840983C7A23D49E9278B729F2FD6E8764DF2508E49777D1218DA3F04B11B6D1A3620", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689847950, "uuid": "1139fd9e-bbf3-4ba5-9b82-05bac9555b18", "value": "2c1d6f07319e916f23334deb261840fd", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689847950, "uuid": "0104a0ea-481a-4070-bfbe-385661cec46a", "value": "6144:d0T/LcisCDim3MIvAW6dkMIHyUaXWNTFTE0/S:ds/Aih+m3BvxUdiyjXITFR/S", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689847950, "uuid": "e2504909-594d-4412-ab0f-f48c1d65e1b1", "value": 378880, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689847950, "uuid": "e7fdd746-95b2-40aa-adbe-ab20933d45b5", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689847950, "uuid": "88e96aed-adb5-4b8d-a4b3-267b5f360dea", "value": "37a2f855a7bf0617e6e1a56b0ffe930c.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b7cf0514-26d3-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1689840125, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689840125, "uuid": "3261bf2d-54bf-4304-bb42-af4da435c2ad", "comment": "Malware payload (RedLineStealer)", "value": "2a5fee3aeb178d6f9d0ad8da6752ed62", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689840125, "uuid": "dc231a10-b7f2-42dc-afb2-60632578ed08", "comment": "Malware payload (RedLineStealer)", "value": "7d1f6eeb31bd2e40692c777766b604a0bf50848518f5c931a53d7c48b988e8ef", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689840125, "uuid": "0f16257f-46bf-4538-b562-ffecda871ef1", "comment": "Malware payload (RedLineStealer)", "value": "abca698074e3b9b736a667d16876d0d6962d3f94", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689840125, "uuid": "e41373ad-59b8-433b-b326-64a215373ebd", "comment": "Malware payload (RedLineStealer)", "value": "24fe6b931a373bc3f58c98b4e0209aff0adfdef8c3caa51b2f039cd829e92a0da18d94d31b2818a0613509829de1b8ff", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689840125, "uuid": "695fc62b-adf7-4a7d-88fc-1034c855a0a8", "value": "T1AE840253B3E88077DDB42BB058FB03D31B36BCA19974926B27969E490CB1580B4763B7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689840125, "uuid": "65b3cf18-f613-47f9-8790-a38fcab8abf6", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689840125, "uuid": "760505d7-3e1e-483f-b6f6-e6e865acd029", "value": "6144:K1y+bnr+cp0yN90QEurtXOTTx4fEcn5ohF38TkpAfrFcnfdyWv9:zMrAy900rtX814f3ovm0AfrFiv9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689840125, "uuid": "ba0b7fd9-1013-4794-a547-1a1feb7d1468", "value": 398336, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689840125, "uuid": "f313df91-672d-46a8-a911-0b334d18521d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689840125, "uuid": "eb71fe6f-d284-49f7-8d93-797734bda3a9", "value": "2a5fee3aeb178d6f9d0ad8da6752ed62.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7cc65490-26ca-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1689836161, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689836161, "uuid": "df03edbe-822d-49a5-9dc1-64c5ff62b17a", "comment": "Malware payload (RedLineStealer)", "value": "5ce3e07185414336f21f58d714e9ea05", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689836161, "uuid": "2f8fe80b-77bd-405d-ad62-0d3f3e54f017", "comment": "Malware payload (RedLineStealer)", "value": "7db1063bd97bfec377245750eee13f04b2e28bd906ab67b8df9d78e0b8d7b413", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689836161, "uuid": "cda1ccae-0f22-4088-9764-83936f951e8a", "comment": "Malware payload (RedLineStealer)", "value": "33cf0ad9191cd529ee787cb88340c7838b9a60dd", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689836161, "uuid": "65a8411e-6f62-40dc-bf89-a112ddcce519", "comment": "Malware payload (RedLineStealer)", "value": "10f30abf119d9b97981cf2bb5d9a3d403427b609de57921805fdebcac38cf8bf4e218a0543f7cd8f084677e34d76d2dd", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689836161, "uuid": "5749d36c-d8e0-45c5-9521-0a516c6bf47f", "value": "T1C274E12136A1C036D06BA9314871CA925E7ABCF2E77C61C733583A3E6D716D08BB4797", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689836161, "uuid": "fb6fcb49-edfd-4991-bb08-c031eab878e3", "value": "5dc16ea88b2eab7740fd105d5e24a675", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689836161, "uuid": "f2b37585-df67-4d4f-be83-c537738e763c", "value": "6144:RD9BXaCIFXl0LYSa4zHZ9fgbQGtb8usdCe9SZ8aPwzMzNCT:Rh9DIFXBKEbDtQusYrzho", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689836161, "uuid": "3f4c3cb0-3e30-4cbc-88e7-8601adc0da6c", "value": 354816, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689836161, "uuid": "00de5003-b3dc-41eb-8c40-bcaf98cfa21f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689836161, "uuid": "76483d76-ec2c-43d9-b2dd-f5acb6532c27", "value": "5ce3e07185414336f21f58d714e9ea05.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "61c3d407-26c8-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1689835257, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689835257, "uuid": "6762a2ec-ef93-4eb5-86e2-d16bd9bb2452", "comment": "Malware payload (Amadey)", "value": "24202126ab5dc35b921dcf11b5d32e07", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689835257, "uuid": "f7fe6921-42a2-4317-9d7f-213c9c1cc169", "comment": "Malware payload (Amadey)", "value": "7e67d80089c9ee979b10f16e8a8da030f12915bafe6b679c6838127be8f4152f", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689835257, "uuid": "bca45626-9fcd-4c2f-84a9-d066b394c4f8", "comment": "Malware payload (Amadey)", "value": "963d7f7d82b6f2db47902e9bcad155b4b6c6347e", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689835257, "uuid": "24bfb515-3970-4cab-9444-bd957512c624", "comment": "Malware payload (Amadey)", "value": "8e278b33e1a2f10e2ef997513ee2e00cdb6c842c8bfca9606b19348c20186e5eec476084c1c5afabb40c6b95b0d6cc3b", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689835257, "uuid": "291cbef2-69a2-45c2-87c1-8146d340cf20", "value": "T19DB40207AAD88573E8B51B3019F203871F32BDA19D3483EF2796A95A1CB36D5A471337", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689835257, "uuid": "768a9182-1949-4f29-9b16-194adc62bcd2", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689835257, "uuid": "77366a44-8154-4b0b-9696-ed0aefcb570b", "value": "6144:KAy+bnr+5p0yN90QErTq4ZtKFFuGv9kpuqZ+swb3bgkN6Yn2Jgqq1MlTtbPsmB:8Mrxy90llSF16uqZ+xH6YnOgTmB", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689835257, "uuid": "ab57ed8f-7bc7-4ec0-80d3-ae97fe59b472", "value": 527360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689835257, "uuid": "8782ba5b-9ba9-4fb6-ab39-49768ae29d41", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689835257, "uuid": "d0a3efb7-56f9-4040-8f2d-03e54747dfd0", "value": "24202126ab5dc35b921dcf11b5d32e07.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a600034b-26e3-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689846967, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689846967, "uuid": "e7affe25-4d1a-4e28-9106-6c5ff839e695", "comment": "Malware payload (AgentTesla)", "value": "f7e3726f0758de244474cf21d4cb9b1c", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "QUOTATION", "colour": "#75C1ED", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689846967, "uuid": "f333c200-68e4-4100-a23f-48c298924b1c", "comment": "Malware payload (AgentTesla)", "value": "7edaf845a36914859d373e74ffffec17af5c75a35c1e0bb9f0aa842401a016e5", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "QUOTATION", "colour": "#75C1ED", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689846967, "uuid": "b93d57a9-0735-4dd4-a4e2-e6dc7a45e20f", "comment": "Malware payload (AgentTesla)", "value": "89d9522c2a8b90271f81469ab09877e9b6456570", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "QUOTATION", "colour": "#75C1ED", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689846967, "uuid": "d9400e00-372e-4bd5-97f7-7c1f56d97858", "comment": "Malware payload (AgentTesla)", "value": "dbb01a133ae938cf5a2aea8adb8a41d7ad672c68b6a6b9afee32f9df2eb37d4658d7be30feca2ea03ea41b08ed1b6403", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "QUOTATION", "colour": "#75C1ED", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689846967, "uuid": "fdc08035-632f-4d2e-af8a-aacca5d0ee10", "value": "T137B423787BEE3C8F55823C97FEED6C75D3B1EA648B62884D155CE3D81296CC88C580A4", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689846967, "uuid": "c4d549f6-dd55-4363-88cc-e4d5728ff60a", "value": "12288:tvj/DihSMrOEgqd+pATlUgCnpAByhviE4+qEu4c2trP5XREaED2b/Bm:tb+hzngC9TlULvd4/EcsFREem", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689846967, "uuid": "7f8504a2-2ccc-4266-bb8d-f04ea5e7a314", "value": 533630, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689846967, "uuid": "256fcd2b-2e7d-48a8-b7c7-f6ed1bc9a93d", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689846967, "uuid": "eb559dd9-53b3-43ef-b565-955021dc3bad", "value": "COA.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "72fa9698-26e4-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1689847311, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689847311, "uuid": "438dbb2d-d2be-4414-97db-d4d765b1d5c4", "comment": "Malware payload (Formbook)", "value": "d9a212b413511ff8673949de454ae9b0", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689847311, "uuid": "48252896-8336-4abc-9429-27eed3b32859", "comment": "Malware payload (Formbook)", "value": "7f16701eeca94cea23e593f41578c9e1d919a18d5b67c72537df507ebbba9267", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689847311, "uuid": "c76d691c-fbf8-4b26-91a7-3d7246283c82", "comment": "Malware payload (Formbook)", "value": "84716577d4b6353fcfbf9725093a10b453a3040f", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689847311, "uuid": "958f436a-f374-4f5b-a507-ed9a9ce83387", "comment": "Malware payload (Formbook)", "value": "8f7b0267634d521d382c5868f663b964ae5d47b95c972e92be888857e5d12dd77ee126878704d5dcd19240d5ca0d468e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689847311, "uuid": "03f7260b-84c8-438d-a648-a4bb98fd0efc", "value": "T15354126022B4C963D5D1EA701E3A46671EF7D42A5D7A830B83B0EF1DBC13680DBAE751", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689847311, "uuid": "e49b99fc-8346-41d3-90ee-fb2bba60b97f", "value": "61259b55b8912888e90f516ca08dc514", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689847311, "uuid": "59adba05-079c-4807-9a49-4817bc3b7501", "value": "6144:PYa6tLC4SiNAyX+I8qhJwQYwlQ4X+rkbe8tw1+UAujiWUIJqVu:PYfLNAyoSGlXrkbekwUfujnJqVu", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689847311, "uuid": "4723646f-2389-4865-8c48-023278f378af", "value": 278934, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689847311, "uuid": "d0c34b42-ecb5-4192-a52d-ff34e8beab90", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689847311, "uuid": "036159b7-d935-4f88-ad52-5ba305e91ae9", "value": "Invoice.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5adfc10a-272f-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689879483, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689879483, "uuid": "21a0e7df-7bd5-4ba2-acbf-df360abd93b7", "comment": "Malware payload", "value": "354f94de7c8e9a4e7273d8c10abe4d4f", "object_relation": "md5", "Tag": [ { "name": "PowerShellDiscordKeyLogger", "colour": "#8F67D2", "exportable": true, "hide_tag": false }, { "name": "webshell", "colour": "#DEA34F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689879483, "uuid": "a3d5ea18-a2a5-4cea-8a07-4fdaf0a6a3fc", "comment": "Malware payload", "value": "804a1d3f5576f8706facd240d203e5077ec0201f91d82614e66c29d083ccd40d", "object_relation": "sha256", "Tag": [ { "name": "PowerShellDiscordKeyLogger", "colour": "#8F67D2", "exportable": true, "hide_tag": false }, { "name": "webshell", "colour": "#DEA34F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689879483, "uuid": "017590dd-2155-4885-bf9c-09b194782197", "comment": "Malware payload", "value": "7b4909e5e256697bd035b3cd083bd02baa247430", "object_relation": "sha1", "Tag": [ { "name": "PowerShellDiscordKeyLogger", "colour": "#8F67D2", "exportable": true, "hide_tag": false }, { "name": "webshell", "colour": "#DEA34F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689879483, "uuid": "dcdf79b7-a04d-492b-92a2-232919ed1f07", "comment": "Malware payload", "value": "649d06f0d00f7d0709d05f4c8d4f186b4e17535b21b1b3731062d8dcad25fa1810f6326eddfaf60d83352b99e4911e26", "object_relation": "sha3-384", "Tag": [ { "name": "PowerShellDiscordKeyLogger", "colour": "#8F67D2", "exportable": true, "hide_tag": false }, { "name": "webshell", "colour": "#DEA34F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689879483, "uuid": "9cc9bfb8-4a34-4efb-b250-fc7a8227a886", "value": "T16121EEF76B1E5012C9F6CB420D4B925ECF7081A198C00711B5FE0E609E39127A39EBCD", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689879483, "uuid": "8fad3c61-3c07-4e4e-bd07-d14929d889d8", "value": "24:DOVtyCiGsFRj7CnswvpdPNuR71q2z8JAh/:DOVtyCiGsFRCFMqcr/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689879483, "uuid": "70a19584-6ca5-402b-9f4d-b8f73a05b5fe", "value": 1116, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689879483, "uuid": "91946ed8-e2df-43f3-a5d3-3477ddfd94a9", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689879483, "uuid": "f0b0faf0-d8ac-4ed8-8c18-ffd1471c2ef0", "value": "DfYNJq6H.posh", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "418fab1c-26ad-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1689823606, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689823606, "uuid": "de3e8cd1-0a67-4065-8adc-f7deaf440490", "comment": "Malware payload (Mirai)", "value": "d154db2b344b61e12de5f5d2498073fc", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689823606, "uuid": "9359cd04-d1e3-4b14-add6-21c34a3b20a5", "comment": "Malware payload (Mirai)", "value": "80689f6918d804679e23c73ab32fcf7bcadf4a3a39129778d32df01e88868cdb", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689823606, "uuid": "90bfc941-a8cb-4d5a-9070-5f5a06c6863e", "comment": "Malware payload (Mirai)", "value": "7f02416f6112def2e144ef12f234ff97cf5e5cdf", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689823606, "uuid": "1b43675b-ac26-49fc-b147-7712330256a0", "comment": "Malware payload (Mirai)", "value": "a34a51f13c80b741ffd2cdc0970dc3dd80d914b6aaf950c275ad1e6df94116400ad99037f479b5797fba29c4c1e82d04", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689823606, "uuid": "8f10a052-1320-4dbb-929a-0759f642bb91", "value": "T1F2535B02B71C0E17C4A31DB0263F57D097BBEAD022F4F684251E8B9A9A75E365581FCD", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689823606, "uuid": "76bbd4d8-a379-4caf-841d-81bd68d44091", "value": "768:qABKBVCsBR+wNRpaRNhZgR7tYG6hZC8fFm29EMk0/U9/ikxvufC7DKNxoaFV+t7a:qyKhliBIY4umwdW/iSWfCnKN+++pyWtC", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689823606, "uuid": "1d46414a-8eae-46a4-aeb7-35e6f231cd4f", "value": 65204, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689823606, "uuid": "27c73661-2607-4a3d-ad7f-4d85c4c62235", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689823606, "uuid": "4454c4f7-a377-4009-bceb-133f1a416612", "value": "d154db2b344b61e12de5f5d2498073fc", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e6d2b5eb-26e5-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1689847935, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689847935, "uuid": "98ae00a5-5610-4003-af65-0bf6f0c95530", "comment": "Malware payload (RedLineStealer)", "value": "513a509c250dcbcfb62c1b6191fc7e53", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689847935, "uuid": "a5916155-025a-4910-824a-7b0fbb5844c7", "comment": "Malware payload (RedLineStealer)", "value": "80c33721dd8916cf61ad4cfe3a1f57bd083b1adf9fdad50707739a67ee1c9bdf", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689847935, "uuid": "d34cba4b-3093-42e1-905a-34d13d299048", "comment": "Malware payload (RedLineStealer)", "value": "178f6536c34418890075aba7cab396d4da2d487e", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689847935, "uuid": "7954ab7e-2c36-4d8e-96c7-f4de0e5eb9d5", "comment": "Malware payload (RedLineStealer)", "value": "5e46f3cfddcbbf304fa5d5d339b0a52c2fd0e42e90b0f5c5dc352c757d083d5bb4d569fb1982ebb42bf3ebcc10338330", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689847935, "uuid": "02078249-684c-425f-bbcb-d8775350a109", "value": "T128840212A7D88032DCF51BB05DF606932F3ABDE268B4836B239599094D739C4E57237B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689847935, "uuid": "e930bca1-0b6d-4077-81d7-006414b0e12b", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689847935, "uuid": "1a5c2527-efcc-4acd-8f33-8763189eb272", "value": "6144:Kmy+bnr+6p0yN90QE6LoizgY+72NOaqTyDwtqmq/zQ2PLLsK2CmVuCcHnlRHfOFl:GMray905isasFu1mI/PwlcHnl9qRVT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689847935, "uuid": "9f6e34a4-cf58-4916-afdd-8b1c54aaa912", "value": 399360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689847935, "uuid": "08cbba8d-7bc4-4117-8eca-df6742ddc174", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689847935, "uuid": "971dca95-06ec-4522-8174-5ddfbbed1202", "value": "513a509c250dcbcfb62c1b6191fc7e53.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "355a7225-2751-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Stealc)", "timestamp": 1689894023, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689894023, "uuid": "21993918-b627-4b7d-a0e2-e1ad0323d7b5", "comment": "Malware payload (Stealc)", "value": "05cac23ad10f4a717a7787f6f73dcbcd", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689894023, "uuid": "7650a51c-8434-461a-9100-60ba225b1881", "comment": "Malware payload (Stealc)", "value": "80de2633a99c32d2153c688a919441c977b0897358c45875b4c9834f7868e333", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689894023, "uuid": "afeecf6f-7470-4f4d-8e4b-03e61b676948", "comment": "Malware payload (Stealc)", "value": "3b39b949657bfb809105e0e3440c39c4fb9404ce", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689894023, "uuid": "26944663-e9e2-4f75-816c-03863f740935", "comment": "Malware payload (Stealc)", "value": "8e2740e487d750071d910bc1ed293e9ab0784097e90532861ddadbc11b3fd4cfd6f901953c3ccec1ad4f8ff586e582b3", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689894023, "uuid": "9be0aabc-803c-47a1-aecc-19465f491c7c", "value": "T1ECC5B7B2D285ECBDE02740BD8D65D261291BFF588068953D345AFA1525F3383A0EBE1F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689894023, "uuid": "f7ce8467-c1ae-4299-a11c-620203c34b28", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689894023, "uuid": "3ad6f00e-893d-46f4-8695-59b2012acb16", "value": "49152:6zrUlEJ23sUU8Q+A67wrpwrpicpycpgRe+mQRIWk:6zrU2JQ9A67w6g9bm", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689894023, "uuid": "1b0d4754-d107-4689-a0cc-27cd8ad14c82", "value": 2560096, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689894023, "uuid": "6222a635-edc1-4d98-960a-1d8c1783388d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689894023, "uuid": "6cd49605-2731-4afe-8198-41428bed7a35", "value": "05cac23ad10f4a717a7787f6f73dcbcd.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "06d498c5-26a8-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Gafgyt)", "timestamp": 1689821360, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689821360, "uuid": "a71a2d71-339e-4813-9e40-a7832d6b8f50", "comment": "Malware payload (Gafgyt)", "value": "4af774bc31b903343054b2c1538b0d60", "object_relation": "md5", "Tag": [ { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689821360, "uuid": "e1151fd2-fa02-43df-af1f-7d370367d528", "comment": "Malware payload (Gafgyt)", "value": "814fddbcdd6feb1b4bb854e5510561af6f3dbd67144f0e5db6cc400aca30fa70", "object_relation": "sha256", "Tag": [ { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689821360, "uuid": "3a8338bb-921d-42bb-9a31-c2ba8c588f55", "comment": "Malware payload (Gafgyt)", "value": "3fbf588f8697d70a63be75a877549d149eb2344c", "object_relation": "sha1", "Tag": [ { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689821360, "uuid": "98a7474c-2b9a-4f69-9943-b2cba960fe2c", "comment": "Malware payload (Gafgyt)", "value": "66933e5387adbe1f42c1d853834963234cc4822c32bb9e39a4ff3f611b2868b5b0e9f9ea08e93c188ee87e4b8c27b747", "object_relation": "sha3-384", "Tag": [ { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689821360, "uuid": "6bea1648-9521-4ad4-8754-da6a01032054", "value": "T1FB632A07F54281FDC19AC1745B2BBA3E993271FD0229F2B67BE4EB222C5AD211D29D44", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689821360, "uuid": "0fb53737-197d-41fc-ba1b-f324049bdd16", "value": "1536:8KBdaKD4+0xT0BV2R5IwLWO2F+xmvi1PXEiVtE2qeqJSQM/:Xdai4+0xT0Dg57Lhk+xmviRXLY2IJSQk", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689821360, "uuid": "2ba3cf81-1962-45ba-8b13-73c00cb5b21a", "value": 67392, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689821360, "uuid": "fabcd08e-db3f-4518-a9b6-42c2001833bf", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689821360, "uuid": "f1583442-57c8-4a15-8cbb-6204a710e66d", "value": "x86_64", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "dba0d0da-26e4-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Loki)", "timestamp": 1689847487, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689847487, "uuid": "5f30add5-dad0-40e2-83ca-064395a9c850", "comment": "Malware payload (Loki)", "value": "0ee961aae84a360ac0dd273290640808", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689847487, "uuid": "1debeafb-bfcf-4f8d-b852-9b9e0081a6fc", "comment": "Malware payload (Loki)", "value": "827555c608d1e12973d7c28d45b4ca8d5342d1dc77b12a5d403a32d83e591fb8", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689847487, "uuid": "5a6588e0-8e27-484d-be24-7ed8c37545bc", "comment": "Malware payload (Loki)", "value": "02cc67241d0a19b14b0b44d42717d455cf2a1566", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689847487, "uuid": "10194c57-4cdb-4409-9acd-a74e91f2f740", "comment": "Malware payload (Loki)", "value": "1452334b4028148e754477eedd596bad5e63a06edbff35be2402835d3f69f907bbe512a6503b5ace87c176dd33943d20", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689847487, "uuid": "afe87d7e-7b51-4778-9666-e76ad37bec92", "value": "T12FD4F11496FD8B6EC5730BB5A538153C4BBA5FAA7136D31F8E22B0E63992F024101B77", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689847487, "uuid": "64910f24-ee05-49c1-9386-f713b1bf9097", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689847487, "uuid": "96afdbf4-1d3c-46e9-91a6-21556ab600fa", "value": "12288:V+1S6ln+flo/XciMvYx/zBSylkjg9r7ne/C3n+oCV10SZ9Jhj:V+8TdCjEkDlks9PU8ZCH0SZzh", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689847487, "uuid": "686a9dc8-f5b4-4e11-810e-f40afd42c62b", "value": 627712, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689847487, "uuid": "0819c707-5979-4946-9d3b-6cbad8add07d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689847487, "uuid": "3d6ca16e-3349-4fa6-be44-50baa92bb6e9", "value": "0018188403.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "98de50a8-2746-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689889466, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689889466, "uuid": "3f791a27-eccb-405c-bf6e-76a8a7257094", "comment": "Malware payload", "value": "1d8e6325e62c7e65a61ec67d8ea49618", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689889466, "uuid": "fa8a1d31-a7fd-4612-816d-5b0d484c70ba", "comment": "Malware payload", "value": "82e326156adec2026e8e0aa855442e0ad0ba79d30fd32edc514718586f8c6f5b", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689889466, "uuid": "a3e3f34f-50cc-40a2-9286-10008fb1f7ad", "comment": "Malware payload", "value": "657be0925f4484192570d53b0116a1913ab7b622", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689889466, "uuid": "2bd3ddcc-3873-4cf2-b681-50c277b5f4fe", "comment": "Malware payload", "value": "acaaa10395742ad3a15f5dc600593a9b2af4e8e1548ad4ebdfb78dce17d1524b0b4cd49477f11abfad031563b65d4cc8", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689889466, "uuid": "f927085f-ec34-49e0-8c50-20b94b651c61", "value": "T164B41203ABD88073D87517B05CF723930B367CA19934535A2BA59D1E0DB2BD8A5363BB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689889466, "uuid": "22421802-7125-4565-8e83-6afeee9a978c", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689889466, "uuid": "ef91260c-b3e8-41dc-92d2-b1444913648a", "value": "6144:KDy+bnr+Hp0yN90QENzWrc1tGtu75jZYTWZjRHY6r4zivicXRAhzb1d5J9yvzwDG:lMrny90/gcjGUVamaifBs/YvHXDeO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689889466, "uuid": "d6f678ff-3720-4c90-93d8-e68a3e7d82f9", "value": 526848, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689889466, "uuid": "606df9e9-d5e1-4306-84cd-967a4d2e2db9", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689889466, "uuid": "f671a861-c48d-45f2-8e4b-f72c0608c2b4", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cf02a1c0-2731-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689880537, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689880537, "uuid": "1d42551d-a7e0-46e1-9f4e-622dc902b96d", "comment": "Malware payload (AgentTesla)", "value": "99e597da05aaf5d26b622d43f8ded132", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689880537, "uuid": "f373fe3c-5e1f-4d6c-92a5-7efc6da1779b", "comment": "Malware payload (AgentTesla)", "value": "830b93cdc24c1d75ee7ba0afcaddb58690f9d3ff96ded60ea5657768b188d301", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689880537, "uuid": "98938e02-2f98-41ee-b40e-aff1f5df00a8", "comment": "Malware payload (AgentTesla)", "value": "e61bee5fd8ea180bc1f52638868d7a1dddbb9403", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689880537, "uuid": "886cf604-2ac0-4c78-b663-7e6fdea860bf", "comment": "Malware payload (AgentTesla)", "value": "319df2e685149a1b7f72f2a5ba5c60a600f3626a82ecaadc08bc34084546e9c8b6246206030522b9f5e0178c06f2efc5", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689880537, "uuid": "813b0a06-ceb4-4f0c-acff-004c22cf8736", "value": "T1FEE4221132643B93C479EEF19421A21827766115626BCBCE9CB031D72EE6B42BF52FD3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689880537, "uuid": "0cc1a071-6a41-44c8-a487-0956ffb96e7b", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689880537, "uuid": "23f1a626-2543-493f-80b7-9769f0978746", "value": "12288:zWc/bUYIsYolnmXENrlJ/IqYgSPKa2bFVZFDDo/2hQJ3K:KiXrYoHJ/IqGR2xFD+J", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689880537, "uuid": "26d36aea-350b-4338-aa97-ab73dd9fc335", "value": 680960, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689880537, "uuid": "1654fca3-8b11-4f59-a1eb-9c38d97b5334", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689880537, "uuid": "f2245726-4457-4e07-89da-11c989630cef", "value": "99e597da05aaf5d26b622d43f8ded132", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "95ed2a43-2701-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1689859825, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689859825, "uuid": "81326f95-b081-4034-8ded-d6b4967880ae", "comment": "Malware payload (RedLineStealer)", "value": "7d4b7d65d467b752ea018b9d1d5c1a60", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689859825, "uuid": "25ae5cc8-73f9-4960-9d95-2cb787aece24", "comment": "Malware payload (RedLineStealer)", "value": "84ad507d0a4638076bcbbfaae1a6d538334ed0108a635b48bc0913267ce3b31c", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689859825, "uuid": "adce9d3f-3825-43c6-8b20-f64b5b75c4db", "comment": "Malware payload (RedLineStealer)", "value": "bf63f8c558227aca1d809fe39c0c8a70754470b5", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689859825, "uuid": "37e33a4f-5252-47fb-9cde-add9b2293842", "comment": "Malware payload (RedLineStealer)", "value": "1e4776287f44740be16a4c0d87523d8e4f945993d8b74192b7b19e2cc53abbd23314e6b26444b442e081e42ccf14b945", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689859825, "uuid": "d7d5ce16-6e0b-401d-95a8-0be11f2c6d0e", "value": "T14E55DFB76C3B058EC1B0233E2CFB790AB6EED2803D55D51F4DAB07C9D1762905AE2499", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689859825, "uuid": "b08d309f-3b83-4b06-b09d-0e1291405537", "value": "da31105089a03ba80334eee13355d2ba", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689859825, "uuid": "fcd74db4-9daa-4103-a514-06026f16ca6b", "value": "24576:HaQmbljQAq/RAVvFKIw2CT9IOgTdV9C6paPFTgHv:HaQyljTqJAVvFKR2CT97gTdV9C6paPF8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689859825, "uuid": "98266b1d-307b-45eb-b1d6-965a7524d55a", "value": 1377968, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689859825, "uuid": "25da8a0f-3cea-4d9e-9377-fb7d71aa61bd", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689859825, "uuid": "688e9d10-1965-4ccf-bdfd-2c6a1dbf83e5", "value": "7d4b7d65d467b752ea018b9d1d5c1a60.bin.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2c24984f-26d0-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1689838603, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838603, "uuid": "3cabf9bc-9405-4f0c-b070-2eada9b6a00f", "comment": "Malware payload (Amadey)", "value": "d862e9a452c7bc0daa550a022ca86b8b", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838603, "uuid": "1f30a6e4-04c4-4689-bfe4-20d3ba8d4314", "comment": "Malware payload (Amadey)", "value": "851f9e75420335742c1a8bf8c2cc7a9b030852f3c42cb731d5e579781d5d0e73", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838603, "uuid": "769beeb6-41de-463f-96d2-e39fa8c25e14", "comment": "Malware payload (Amadey)", "value": "b6ce7e37f6535c3120f676f17d109d307b678bcb", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838603, "uuid": "50780862-010f-4aee-af61-b818daac9be6", "comment": "Malware payload (Amadey)", "value": "117bc4f319a95dbd51301ff2dd3e4fed33ef3ee9dcf75531974bc851ad97408c24f654f810a3ea22a2268cb4d0be88de", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838603, "uuid": "4e8298dc-8801-47af-aff0-19cbef8971d5", "value": "T101840242A6DC8032D8B6277049FA12831F3ABCA26E74936F32965C4E0D73994F53577B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838603, "uuid": "f0f0662d-066a-48ba-8b29-53842f7f82be", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838603, "uuid": "41a15353-e373-47dc-b85a-0ecad583bda1", "value": "6144:Kby+bnr+up0yN90QEHjdfvZIX1JLPY8sGAMQp5LLx2ZhmVPCcHnlRHCvLiVXDaz:VMrKy90xjxvoPYzOw5OhcHnl9a+VY", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689838603, "uuid": "518685e1-0991-41b2-9c28-1a6c8d70189d", "value": 399360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689838603, "uuid": "7fedba46-cc5b-4e31-b737-2d17823522eb", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838603, "uuid": "9918cb4e-bb10-453e-9f02-4189267e3f36", "value": "d862e9a452c7bc0daa550a022ca86b8b.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4c9a8ad8-26ad-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1689823625, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689823625, "uuid": "08830b6f-34af-459b-92a7-16d30f7ba86d", "comment": "Malware payload (Mirai)", "value": "2f84e56e922eaee958a4e2b3f907ac0e", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689823625, "uuid": "5fb2badd-885c-4e95-98dc-ecc9f1924af9", "comment": "Malware payload (Mirai)", "value": "86a2649a20bbfc5668f0b7a75c3033f907ad7e6a621d40d4d29a8ef4223fbc50", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689823625, "uuid": "f9f4d066-e644-4d0e-97f9-015a079b65db", "comment": "Malware payload (Mirai)", "value": "65a93fe783f89e1021969774916f67d4c47ce9f3", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689823625, "uuid": "e12136e8-ffd3-44a9-bd0f-6c482641d960", "comment": "Malware payload (Mirai)", "value": "602c10289128c257116e87b8a7c3dc57414fb59655e6c39281bb05690be83eede9fba7fd6347fb75f3dbe2dce97dd034", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689823625, "uuid": "9b34d380-ab49-4063-a4b3-b617a4f09d77", "value": "T1CE438C77E4195E64C4490670B0A09EB51F63F1C843972EBB19AAC275A487FACF901FEC", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689823625, "uuid": "ede9cf59-bc63-4e5c-93ba-2c1431b6f671", "value": "1536:0naWb//1JMxl+GYpi1OhKoC1kxVWySYICLRnbWl:8xb/9JMxYGY7oo7VWySYIMbg", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689823625, "uuid": "29f55e03-9d3e-4513-860c-46954dba000e", "value": 60124, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689823625, "uuid": "a429eec8-b333-40cd-832d-888a0a11497b", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689823625, "uuid": "863cfa45-0588-40ab-8d4f-ae83e951402d", "value": "2f84e56e922eaee958a4e2b3f907ac0e", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1e6b17fc-26f6-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RemcosRAT)", "timestamp": 1689854900, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689854900, "uuid": "e2c686a7-5928-4f31-b439-51c5c42a0202", "comment": "Malware payload (RemcosRAT)", "value": "12e6cd7b5a93a2fed042ff785b861914", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "remcos", "colour": "#0EEF17", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689854900, "uuid": "8be6a13c-59e0-4b54-918d-ce4b606091d2", "comment": "Malware payload (RemcosRAT)", "value": "86f904bd34599c076037e60fdc6e3773d26255bcbb60bdd3782dba976ed81d3b", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "remcos", "colour": "#0EEF17", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689854900, "uuid": "f2f0f15e-611f-402f-ad0a-5a60865d1235", "comment": "Malware payload (RemcosRAT)", "value": "a25b6ed104d41f87d16c61477d863f551547103a", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "remcos", "colour": "#0EEF17", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689854900, "uuid": "affb56a2-7b52-4c3f-913e-451b868478f2", "comment": "Malware payload (RemcosRAT)", "value": "5cadf6f8e6fd67becda4517e7eefaa1043151c86530d8d39628dc0af5d014a61bfae9d7811dbcc2b50de8fae5611170b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "remcos", "colour": "#0EEF17", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689854900, "uuid": "cd2793b4-c2f6-45d1-85f8-33e33e7e4d34", "value": "T1613412986B2ED46AE194C6FC8514D5F222D95C7E0D2665CE1BCCFE2FFD27200ED910A2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689854900, "uuid": "401e3257-44cd-4f3d-b687-325cee8407d2", "value": "bc4f8e98d1041d53dd63bfb91ed10d0a", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689854900, "uuid": "5d7fe7d0-d2ba-465f-952c-f20fee77d890", "value": "6144:LvGSN9gWuLpcBKnVBYAsmrzpyDfOXXVxB:LvbGWulcBKV3uOX", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689854900, "uuid": "71249fab-9b89-46a6-aa4f-cb27979de46c", "value": 238080, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689854900, "uuid": "21b509d7-3ffa-4b80-a179-1b69a8b25988", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689854900, "uuid": "64fbf3da-60e3-4bb9-a6db-6e4c1ca9e412", "value": "bOwQ.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f0a20329-26e5-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1689847952, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689847952, "uuid": "86c5683f-2242-4711-84bc-2886d30224e1", "comment": "Malware payload (RedLineStealer)", "value": "d8d62ed9ae77f1bbdaeca84c08362c32", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689847952, "uuid": "f9d46b96-e3cc-4d38-9ef1-93af323eb74d", "comment": "Malware payload (RedLineStealer)", "value": "87bd91609e43807a44ecf378eec46a6f6f2099897da00868fada238745fb83e2", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689847952, "uuid": "f8046c52-b640-4737-b1cb-28f29686e483", "comment": "Malware payload (RedLineStealer)", "value": "d05cf4ce8894aee13b2ba1c07d6edd340aba25b8", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689847952, "uuid": "15252aa6-3575-4cd1-a582-05ab63910ea7", "comment": "Malware payload (RedLineStealer)", "value": "10e50ea218217f63b044da014b37ea8900a89bc2f6eafe5c49c05e8e3dbf59405909369c9877e435f707c31006a41be8", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689847952, "uuid": "a4ac5681-6b6a-43a2-ab3e-187666e9f721", "value": "T10B840B93C7E23D49E9278B729E2FC6E876CDF6508E49777D12199A3F00B00B6D1A7610", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689847952, "uuid": "81684eab-0d2d-4b6a-9143-2f42b3f55703", "value": "2c1d6f07319e916f23334deb261840fd", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689847952, "uuid": "a5a3b2db-55bb-4a60-9360-a2859d03361f", "value": "6144:l+j1LgXQLFH0cF45E3klYgK1csHxzp0S:lS1sXEU8IEj7vz0S", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689847952, "uuid": "4a8c2ab9-7291-446b-b579-daaab5926dd2", "value": 378368, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689847952, "uuid": "ec155e31-3dfa-43c4-ba0e-d7827d2e28d5", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689847952, "uuid": "1e5e1033-6d20-49d2-8b2a-8d8063dca016", "value": "d8d62ed9ae77f1bbdaeca84c08362c32.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "23fbf7a6-26f3-11ee-a6f9-42010a9c0055", "comment": "Malware payload (GuLoader)", "timestamp": 1689853621, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689853621, "uuid": "79812670-6414-4390-9f19-28564505984e", "comment": "Malware payload (GuLoader)", "value": "3d72fb99b44c9cf56f1705c3f10c7da3", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689853621, "uuid": "68a15480-415f-413f-bb9b-0ff253e539b4", "comment": "Malware payload (GuLoader)", "value": "87f8c85df68002b8d54949ea50bea8fc75f653f4ec4427a9680fec5bc5308976", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689853621, "uuid": "fccf6f76-46b8-4ff0-9b1f-9376e99f89d2", "comment": "Malware payload (GuLoader)", "value": "1482ddaa14d649e128450626d562ab108e3511d4", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689853621, "uuid": "c6384071-beb2-4eac-9b2b-c81cd4efb2e5", "comment": "Malware payload (GuLoader)", "value": "21795bb6ff84dc13acabc4cb0f0a73f67f9a2a2b16761e6450ac5452eccd610469094c7770ace9a4e9fd22abadde8603", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689853621, "uuid": "d3de039f-fc6b-4411-9e3d-99599f98ba94", "value": "T145741216A761D1B3D4A34830113FBA376EA6BAD0B8519C2353D07E857CF63931B2EB19", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689853621, "uuid": "8f451b39-aaec-4927-bbe7-2fd751a8ffe5", "value": "e2a592076b17ef8bfb48b7e03965a3fc", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689853621, "uuid": "8df16994-c76a-40c1-af63-91fc22825c57", "value": "6144:fspNjlsNKEDAVDFdl8wS778GWsfIcduur0Vk0nlDYSknZG7YEOTUGjibw9NZ:fcIKlVpdOFTWMPr0WkiU7BOTUGjCwl", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689853621, "uuid": "929f41db-f6f3-468b-ac2b-f26dff9d6421", "value": 365624, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689853621, "uuid": "230911be-3bcf-478f-bbeb-ef46faa684ac", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689853621, "uuid": "d06c0a60-4f48-439b-9b4a-837e5e9b17da", "value": "SOC 104th Tender __April 24-26, 2023.scr", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6f78a4fc-26cf-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1689838286, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838286, "uuid": "f44162b1-3082-476b-8f47-6fe7c08fc0d9", "comment": "Malware payload (RedLineStealer)", "value": "a978f896e896a6fd41f4049c93c3c1b4", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838286, "uuid": "2aa0d192-29a8-4c29-9fc2-d76d775a9d65", "comment": "Malware payload (RedLineStealer)", "value": "880408dbb5cbb8c29b3fc1d25f4d2dc4f9a0b4a5790948b95e78267c70816b3e", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838286, "uuid": "55771b46-e071-491b-ae6e-fd862ac05cb1", "comment": "Malware payload (RedLineStealer)", "value": "81105b4b87ff07f2173791c466a64569a3270d2a", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838286, "uuid": "f2296a0d-77b9-481a-b416-b47fc195f00d", "comment": "Malware payload (RedLineStealer)", "value": "c73cbd36ef43ed9b2509dbd43420601093d03128a8078e0d6e48e0635e8eae7732aabe7d2daad1a71212f63b01031f72", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838286, "uuid": "ff8957b3-ea31-46f6-80da-3706593048ab", "value": "T16F840153ABD89072F9B95B7048F203930F36BCA15978976B2744A81E0CB25C4E93677F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838286, "uuid": "50ddd913-8984-4017-bb94-88a29c1f896b", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838286, "uuid": "f72c8645-43d5-4837-a56d-939ef077db0e", "value": "6144:KMy+bnr+Xp0yN90QEUnWhkWcnZNbQR51ZTamjnuglNPTuRxZ/5ykUCr5o6c:MMrzy90GWEinu0PMxzy/CtDc", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689838286, "uuid": "aeb934d7-cce6-4e9e-b013-810241d33620", "value": 398336, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689838286, "uuid": "0d2abeb6-68d2-4cea-9701-900c8e3f8445", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838286, "uuid": "b17c0b97-44ca-408e-9b4e-f7bc92b6e286", "value": "a978f896e896a6fd41f4049c93c3c1b4.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e86810b9-26d0-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1689838918, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838918, "uuid": "910ce2e0-6181-4cc0-ace2-0391f7beee64", "comment": "Malware payload (RedLineStealer)", "value": "f78500e0a2540d73819d85e1170241ef", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838918, "uuid": "215d3b65-41b8-4cee-9711-73b7e9be2731", "comment": "Malware payload (RedLineStealer)", "value": "8829aa850568b2df72c2ac829041e87bb1e04ba8d58a64acb4dede726c906b7e", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838918, "uuid": "2cc483a5-5163-42e8-a13f-029c7ff58816", "comment": "Malware payload (RedLineStealer)", "value": "f560a626d8586b8679f0671f6fac9f3da1747795", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838918, "uuid": "40eed315-432a-4233-bba6-2546c9bd1359", "comment": "Malware payload (RedLineStealer)", "value": "7dc19f862e362279a2db6f140f6f9ae55f1edea89600c304ea382d4affb2b36b2a8dc5ce21bcd13e6b90c0ab526ef90a", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838918, "uuid": "005fefba-315c-4461-bc44-2c315027bd5a", "value": "T112840252ABDC8033D9B617701CFA02931B36BDB55E34876B3689585E4CB32C4A97273B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838918, "uuid": "5a30d182-e0a2-4763-9eaa-db9bec35fcbe", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838918, "uuid": "956639ba-b85d-431d-8bf4-7d7dd2350d37", "value": "6144:Kry+bnr+zp0yN90QEwrfJAlXqlP5eHmk6eASrmsFH0gw/ybfuwONgCjlB:hMrXy90OcqlVyAImmH0g5bfuwOrD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689838918, "uuid": "97d20262-a3d7-43bf-befc-c9e738844564", "value": 398336, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689838918, "uuid": "57359b7f-601d-4575-8306-5448a33bfd91", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838918, "uuid": "1dd83393-1410-429d-9540-6e02a66515b7", "value": "f78500e0a2540d73819d85e1170241ef.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5e5475ce-26ad-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689823654, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689823654, "uuid": "176bf67f-7026-4d92-b42a-bb601e4800ef", "comment": "Malware payload", "value": "0bd6f0798458fece4b3ec18fb09eeac1", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689823654, "uuid": "b5b53603-18a1-4826-938f-0137b28b1a1d", "comment": "Malware payload", "value": "88c732c1de33b9e766581f63561a63b59b8a545bc2cf0a6f1c71f4635069b822", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689823654, "uuid": "37a21e10-1f0b-4023-b562-5a16997630b8", "comment": "Malware payload", "value": "9bc6ecb97a9fb830fe5e18fd013873240d893fcb", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689823654, "uuid": "a3f9b6fa-758c-4628-a820-eb34c66d9f8e", "comment": "Malware payload", "value": "19c597d9700f4c01e27cc4f0d0f54bdf439220803d7251a3163857453055308b9a2da5a7631935120ce164d5d3e317c8", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689823654, "uuid": "63f35968-b4de-489d-b04d-76a3cd8e0aab", "value": "T169339E10B440C073C92B663D5459D2A19B7E79211BF595433FBB0BAE8F316E1A33E34A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689823654, "uuid": "b83d077d-90a5-4836-9d5a-36c438b54295", "value": "9fb005de05885508ee358053ad39fca9", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689823654, "uuid": "17f61519-ff6a-4495-b24c-28ba77d9e1e0", "value": "1536:UEAn/jiGB/DjXE2EoNfLABbr4IMRkTteNV+9c1a:UEAGE+oCrhMRc4v", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689823654, "uuid": "d0a24d3c-6ca6-4e21-b51a-148e8303d3f8", "value": 51712, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689823654, "uuid": "e53b22bd-3124-4ea1-9993-c7129c4f188f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689823654, "uuid": "62717398-d00e-4cdd-a749-da19ab07cab3", "value": "SecuriteInfo.com.Win32.PWSX-gen.18871.23841", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "15ba96ca-2705-11ee-a6f9-42010a9c0055", "comment": "Malware payload (njrat)", "timestamp": 1689861328, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689861328, "uuid": "4796cfb0-3ffa-4f15-9727-42dc913f78c2", "comment": "Malware payload (njrat)", "value": "2c2a5b46bd15e13fd2f3df4c06457578", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689861328, "uuid": "62772063-777f-40e0-a005-72a04772045f", "comment": "Malware payload (njrat)", "value": "89a06a16c73f4cee629bc145fa8ca6dc2003b4c3a3ff4a0c1cec473ec42ae875", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689861328, "uuid": "1f4bb71e-aec3-4293-8a43-caf26d691954", "comment": "Malware payload (njrat)", "value": "4ef3481467fc0ce0bb1df5b627d218ef2ae2fc58", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689861328, "uuid": "fc5dd438-5ecb-4ee5-b20b-18be19fb0d14", "comment": "Malware payload (njrat)", "value": "f97870a356aec06975fcec8a61ee18116ae6312a7bc7570cabbfacfa5f044b461f6a749ef737843e335b151dd7ad94fb", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689861328, "uuid": "ba2f4102-c2c4-4412-bb4f-07808114931a", "value": "T1C893D84977E56524E1BF5AF75871F2004E74B48B1602F39D48F218AA1A33AC44F89FEB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689861328, "uuid": "b8cc4504-dc4e-4870-bf02-70e467308f1b", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689861328, "uuid": "ea9afd5a-3117-4058-a47d-c9a12067c794", "value": "768:9Y3h+TnkpjTMpALPGMtsas88EtNXhU9Y1mxCXxrjEtCdnl2pi1Rz4Rk3WsGdpogM:y+7kVbPGHz88Eb71pjEwzGi1dDyDogS", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689861328, "uuid": "7d97f835-0ab1-47a9-86cb-2b960139091b", "value": 95232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689861328, "uuid": "51eefe35-984f-4e5c-a9bc-04da18cb0a45", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689861328, "uuid": "53bf71eb-55b4-4d15-9961-071d7301cdda", "value": "2C2A5B46BD15E13FD2F3DF4C06457578.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c50212a5-26ce-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1689838000, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838000, "uuid": "74570734-d44e-4bce-9f42-baab77d80b1d", "comment": "Malware payload (Amadey)", "value": "82adca6647dd63e47b3599223d288f07", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838000, "uuid": "29fa9ecc-6520-467f-8aec-08ee93e16876", "comment": "Malware payload (Amadey)", "value": "89f4a0f33d4a32a893dc7ec23490020544ec2280e463b0080509755d9b3d361a", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838000, "uuid": "46b73dd8-a59a-4f25-b846-1d8f1a0f16b0", "comment": "Malware payload (Amadey)", "value": "4e56a2bf5df455ee5f42a2e6a8d2a8f17d0218c0", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838000, "uuid": "89b7261a-33ae-4d49-b1eb-adc12706c699", "comment": "Malware payload (Amadey)", "value": "41de88037e90b6f466762feb67ac2a9e8a989d851fe80bbbe5559c8bd089909f89e082a5e2d022b644aa55c39c481db4", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838000, "uuid": "7c1f5bb2-8e0c-4550-829f-65dffabcde83", "value": "T1D4840217FBE89032E9B51B7018F602D30B36BCA15D7893673755696A0CB3680B83677B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838000, "uuid": "4a1d0caa-5a39-468a-976a-dbe8d10c815a", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838000, "uuid": "6558db11-374b-4d7f-9388-513b5afb6fda", "value": "6144:KVy+bnr+Jp0yN90QEFk3eQ56fVFg97m1SlHobqwAOgYKbg9:PMr9y90Uv0Y961Sub2Ofn9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689838000, "uuid": "e63d4af9-1543-489a-91b6-de3828a7a09e", "value": 398336, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689838000, "uuid": "e5ca274c-b37e-4a70-af5a-0fc518f80eb0", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838000, "uuid": "35096b1d-6558-4ac5-a820-ee425ea2477f", "value": "82adca6647dd63e47b3599223d288f07.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6fc929a5-26fe-11ee-a6f9-42010a9c0055", "comment": "Malware payload (NanoCore)", "timestamp": 1689858473, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689858473, "uuid": "66b5ad10-6d51-476e-bbe6-a31db62e93e6", "comment": "Malware payload (NanoCore)", "value": "43b15e0dfdb66fa67e39f767afa5ee37", "object_relation": "md5", "Tag": [ { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689858473, "uuid": "7de80f12-2f1f-4f51-9cbe-94e40d4eec6d", "comment": "Malware payload (NanoCore)", "value": "8a15ccd0341332929f509e80b2ece72acd86dbdb629b06a67c85dfdafa1fd0fb", "object_relation": "sha256", "Tag": [ { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689858473, "uuid": "e2283d8a-9462-4e73-9156-2860911ddaeb", "comment": "Malware payload (NanoCore)", "value": "32df21f5efe13d8815db81b735e0481aa8ddcba8", "object_relation": "sha1", "Tag": [ { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689858473, "uuid": "c51739e9-1e7d-4171-90e5-0ec6a742f4e4", "comment": "Malware payload (NanoCore)", "value": "147c44370ed37a8636e6a19a955ad0e1077ea3b832e6607a5af5fb612a657e9877de7b720a66a4d799bd87343bdc616e", "object_relation": "sha3-384", "Tag": [ { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689858473, "uuid": "4f04575e-a630-4c51-a68b-52eefa1685b5", "value": "T12FD423CFDCD9EE6456B3C42FC4C29E2E82B1E41512A0C947E3246475AFCAF1CDA153A8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689858473, "uuid": "1a825a54-ebb3-4514-b602-232700241c69", "value": "12288:MDe1fzVGHBtwQqtoINsc0f/thMnxVAPSgdD51Boa/glP+cktuVeN9MLMHJh:ae56kQ+oINKuxCagdTBhOZktUiHJh", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689858473, "uuid": "723f593b-3637-4134-a65c-1752a66d5658", "value": 644010, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689858473, "uuid": "75b7685a-28cb-4f4f-8c49-528072fcc54f", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689858473, "uuid": "66156545-727d-4e1c-b52c-2008a63f3ff4", "value": "bmesj6.tbz", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "193ea3f8-26e0-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689845443, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689845443, "uuid": "cb77e256-749c-43fa-b674-3be0554cb31b", "comment": "Malware payload (AgentTesla)", "value": "5cd373a0b14f513e35aa0eaf55eab256", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689845443, "uuid": "dcc01707-5e58-46a2-b549-8479eca8c344", "comment": "Malware payload (AgentTesla)", "value": "8a6575788812abf874d6fd5c6bf536121372c2311a94b370e93c6e0ea74b1546", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689845443, "uuid": "825f665a-95be-4114-92ff-44b175508c55", "comment": "Malware payload (AgentTesla)", "value": "243c65e10f629649c8d0450eb731fe2bf8479816", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689845443, "uuid": "d38899eb-4def-416f-bacb-03566fc2808e", "comment": "Malware payload (AgentTesla)", "value": "aa7de44e1b73d6cbfab0976aa794bf6936b10eecfcff683e0b1eeb8a951328ae2d55e3efa34a4cb1195d8212f4fe5308", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689845443, "uuid": "04247b9f-8148-422d-97ba-a867a83293aa", "value": "T12AD41211E6A64D3BE3572F7C580136B4426A9FC7BC2BCB4BCA4FF472E60F1069458A46", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689845443, "uuid": "5a3b18d4-d699-45c6-b250-a79601006ac7", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689845443, "uuid": "a62abdf4-4fa6-46f5-8974-aabe1630f675", "value": "12288:cS6ln+flo/XciMvbQDI5ClnYgHQGON78ebqn0xg2RWA78fBsAgg:VTdCjEkk5KnKR78ee0Ssh78f/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689845443, "uuid": "92e9583a-e810-4e76-9fea-c730516fffc7", "value": 627200, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689845443, "uuid": "c4820c82-2bb1-481e-a4cd-005f04d0f297", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689845443, "uuid": "b3a0f27a-771f-4496-8f9b-1f7e88231467", "value": "SecuriteInfo.com.Win32.PWSX-gen.5678.20225", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6d0d171b-26cb-11ee-a6f9-42010a9c0055", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1689836564, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689836564, "uuid": "2dbf9ce5-c2b2-4634-a4c8-bbc4a342fa5d", "comment": "Malware payload (SnakeKeylogger)", "value": "3974423cf3a5ca86b4cbc9c0968f62ea", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689836564, "uuid": "447516f1-92fb-466a-b54d-375c2e5fa06e", "comment": "Malware payload (SnakeKeylogger)", "value": "8a88d8c71eeff5031c0be922bad9639753a904fbf78536c0f8ac0619ae69d1b4", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689836564, "uuid": "e14965f9-13de-4ec0-b86f-b7bf3af28140", "comment": "Malware payload (SnakeKeylogger)", "value": "a88c8cce74fd4d8f767a87548fc20a22c779f099", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689836564, "uuid": "40ec61a5-d087-496a-9ccf-437935bd4b39", "comment": "Malware payload (SnakeKeylogger)", "value": "ee44b7cb1c1d6ac200610c85bfabcb7b7a646559648bdbd8ad66c81c780d5e454381c089adad17f11d3a5f89ebad8496", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689836564, "uuid": "ae4a3e90-8632-4bf1-bb31-2849f904e6db", "value": "T122D4230532BACAB7D5AB5F78085121F2822D5FEAF837CBC75D97F1E6EA953460340212", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689836564, "uuid": "f82309dc-e11c-4de4-902f-e838a0bee849", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689836564, "uuid": "6d630cd1-2a88-483f-bc6a-27d2bbb6dff7", "value": "12288:FS6ln+flo/XciMvACJKTHlqdivLfLhL+uVWayCHZwuDUIjvSbJ94u+U:MTdCjEBJyHlqdiDfLhLjVWayC5woUIjX", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689836564, "uuid": "e9fac3c5-fc48-4b1d-ac77-83c5debab97f", "value": 604160, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689836564, "uuid": "e4e98324-5b8d-47aa-8da1-1897043f94f4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689836564, "uuid": "190914cf-f813-48b8-b11a-0d6d4e64c19b", "value": "PAGO 748844.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ffc5dd59-26cd-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1689837669, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689837669, "uuid": "2d589ac4-c354-495a-b93b-39685111cf00", "comment": "Malware payload (RedLineStealer)", "value": "2e8378a779c529d72cae6f125711e88c", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689837669, "uuid": "170b29a9-9d65-4d00-aceb-a3c14faf8ea0", "comment": "Malware payload (RedLineStealer)", "value": "8b549a868852eb291819180cd971dd7b163003efa16b8efacf685d2d5f879a5b", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689837669, "uuid": "521e9c2b-c797-4f87-93bc-821be61da309", "comment": "Malware payload (RedLineStealer)", "value": "4b1d1bab9924629cc6b968efc89925468c90cdb9", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689837669, "uuid": "1d19cfe3-f3b0-42c2-aa80-ec41ff30cc4c", "comment": "Malware payload (RedLineStealer)", "value": "9cb00990ad2de112ea90a99d7d88321d7af85a6f3aeafb95dd72c0fd029595cc7020e7619b933e85b09278c6ebfe4790", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689837669, "uuid": "5ea7087f-ddad-4ba4-8359-a03c596818db", "value": "T1A6840153E7E88032D9B51B705CFA02D71B36BDA55834866B3B86A81E1CB36D1B53036F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689837669, "uuid": "b536ca4c-40a1-4fb4-95e0-2178822408c7", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689837669, "uuid": "3969c1cc-df7a-4823-9637-cd258dc05b43", "value": "6144:K3y+bnr+Kp0yN90QE5HRKn43pGULDIfkdamIgLWFlv1/ea+AFw5YMdc5bcg9xb:lMriy90rUn4zLDIcABv1x+kLiecgjb", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689837669, "uuid": "4d0698ab-77ee-4e6d-ac63-2e8f33722414", "value": 399360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689837669, "uuid": "5a9e63c6-a56f-494c-ba07-86386c59c32c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689837669, "uuid": "7af778b2-5324-4007-94ea-476007d516ff", "value": "2e8378a779c529d72cae6f125711e88c.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0a3283cd-26ce-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1689837687, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689837687, "uuid": "8811de31-c0fc-4c73-bc45-a974a15ded22", "comment": "Malware payload (RedLineStealer)", "value": "5ee74b810db166020a744ab4b75d1669", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689837687, "uuid": "b0bf9dd9-03b0-46cf-906a-a2e6bc6aa57a", "comment": "Malware payload (RedLineStealer)", "value": "8b67d9791b79236ade59c729eec38f873025c53c0f5acef4b7e4484724a0063c", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689837687, "uuid": "9cbcccd2-8dfc-4208-aa0a-7d894d50b2f9", "comment": "Malware payload (RedLineStealer)", "value": "f88eb7c0eb7063aaff1308c9d2136200fa062242", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689837687, "uuid": "6bfabced-b599-48f9-9783-dba12932f93c", "comment": "Malware payload (RedLineStealer)", "value": "69ef769da8a958d4b55045986732fd2df2fc5989b105ab897cf10e52b6a7226fd50b3a6865bcf4f8ffc52f3ce298edce", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689837687, "uuid": "d3211419-170c-406f-85a7-ae787505efd6", "value": "T180B41252A7DC9532ECB1277058F707E70F327DA65C7C86AB2350691B0CB3A90A93572B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689837687, "uuid": "8586b771-86d7-476d-bd64-e6e9f8d46993", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689837687, "uuid": "b1d8a715-e4eb-4f56-a368-83cdbed7c3d0", "value": "12288:+Mrmy90EcLquoJNL0wwEjqB/RasMV71ms:YyLxulwU/Eis", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689837687, "uuid": "08a72076-8cbf-4129-bd3f-113eb4d4873a", "value": 526848, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689837687, "uuid": "b0bb6cbb-41da-4a47-b15d-22d0858113ed", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689837687, "uuid": "5e94f47d-4833-4650-8ccc-be77005f4edc", "value": "5ee74b810db166020a744ab4b75d1669.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "02856fc4-26a8-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1689821353, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689821353, "uuid": "69dacd12-3c6e-4d0d-8da9-69fb1b19ee67", "comment": "Malware payload (Mirai)", "value": "d27a2135d4ad29f48987797515ff45af", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689821353, "uuid": "1dfcf6c2-92ea-4543-b534-910750afb74a", "comment": "Malware payload (Mirai)", "value": "8c174a277b58f57225a25c6c65cb6c2fe31152f58498e7f6539340cc769077f8", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689821353, "uuid": "d35230b5-d777-4117-9b17-d5b1b5861b80", "comment": "Malware payload (Mirai)", "value": "b74ea2146f75c8688635b950129bc809d616682e", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689821353, "uuid": "60d089e0-7a21-4db6-9f11-444c13c9cb9d", "comment": "Malware payload (Mirai)", "value": "b3dc562d18dd754c689f99f1e9e519dc2b6ddb7ec8c73301dfe738f5782d3479921d99503eb12fed15e26f3eb98e784d", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689821353, "uuid": "79bf7f8a-6822-45b9-add5-b110704ad1fd", "value": "T115E31A56EA418B13C4D61775B6EF4245333397A493EB73069928BBB43F8279F0E23A05", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689821353, "uuid": "03e99255-e661-4613-a460-8967032b57a5", "value": "3072:jdpNh4LiRpf7naLHbz4N9GUJURIJ1F2iXb15AM/9gkrk+jW:jdpNmi/jnaLHbz4NMUJdH2iXb12M/9HW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689821353, "uuid": "53199a71-4ad3-448e-95db-595085abc8a8", "value": 153586, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689821353, "uuid": "a76af471-a8c8-4082-876b-af585b1dc1ad", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689821353, "uuid": "6c981d76-6b65-4501-ba0d-5097a30594e6", "value": "arm7", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e38e49bb-26ed-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AveMariaRAT)", "timestamp": 1689851366, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689851366, "uuid": "676f8f27-363e-4b57-816a-93f216aa555f", "comment": "Malware payload (AveMariaRAT)", "value": "6e096613f4ea618cb010a40d1e2b2aea", "object_relation": "md5", "Tag": [ { "name": "arj", "colour": "#A79FA5", "exportable": true, "hide_tag": false }, { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689851366, "uuid": "be482527-68be-44ea-916b-c4cb55d954f0", "comment": "Malware payload (AveMariaRAT)", "value": "8defff707d3f3a971a52fc70479d446b599187a1f4191e82cd35359ba69fed46", "object_relation": "sha256", "Tag": [ { "name": "arj", "colour": "#A79FA5", "exportable": true, "hide_tag": false }, { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689851366, "uuid": "5a34ad99-1ea2-4357-8876-ae1f8ccdcc5d", "comment": "Malware payload (AveMariaRAT)", "value": "e7e3dd4db96502b8476dceaf2dfd2f361b2b7adc", "object_relation": "sha1", "Tag": [ { "name": "arj", "colour": "#A79FA5", "exportable": true, "hide_tag": false }, { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689851366, "uuid": "5eb21eb7-7fb7-4ec7-aa87-7f61db8cbb4d", "comment": "Malware payload (AveMariaRAT)", "value": "797d0fe1b62a0fae21edf5738572f96f0cdac6a87903fc47dcdff3e63acd4c1f74f413d4e667de30060df6283aa22180", "object_relation": "sha3-384", "Tag": [ { "name": "arj", "colour": "#A79FA5", "exportable": true, "hide_tag": false }, { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689851366, "uuid": "43932968-9dbf-4441-bea0-fd380da006ec", "value": "T1A6C4236FF6FAEA991B031DF60B045554148F43CA973A8D1C3B7A448E7AD9A3C10DE863", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689851366, "uuid": "b2401daf-6cdb-4487-9433-1f8d5b27ed1e", "value": "12288:FYa5Kz6f41hgFjlJP98BTGVFQDcI1IskwOK03fGKreXVs:Sa50huP9mGkDcMIrwHIfGKqXVs", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689851366, "uuid": "e8186a71-de22-4a28-9858-85856f5704ca", "value": 581928, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689851366, "uuid": "d2a2f58b-9671-481c-b157-9fe053c3bb04", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689851366, "uuid": "f362158d-e208-4bf0-ba42-915f04497faa", "value": "SAMPLE-ORDER.arj", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "75e06cd2-2717-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689869221, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689869221, "uuid": "d1141834-acbc-4018-8c99-e8b0008caed5", "comment": "Malware payload", "value": "80cc187a15b6b6340385922631bad640", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689869221, "uuid": "0411b29e-1bcc-4c40-942c-5841aca3ad21", "comment": "Malware payload", "value": "8e40b48d06466da3b63341dc62dd0403c57fc2f017317d842ea86d601dde38e5", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689869221, "uuid": "b49886da-b1e8-4a1e-9a94-9f3cdc90a62f", "comment": "Malware payload", "value": "a74ca1c69f69388c358f36fb44dcccfa057d792d", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689869221, "uuid": "61c68749-4fb1-4433-a634-f1c15242adf8", "comment": "Malware payload", "value": "4134487349156be1fa86dd289ec983b79376d46d9645492a67cfefbc59bcb701e4a8f1f9e5ee7d18b87acf6db03186e9", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689869221, "uuid": "837d2df6-bc86-4937-adb3-97b7e1eb127c", "value": "T16B130A99BE244CF7EA51533E80E7C7766B3CF1814E235BA3B734F6345B236A22095246", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689869221, "uuid": "ccd8edf3-6b7c-4cbd-965c-16361da57dd7", "value": "e623cecc3195834a15144a4d38dde690", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689869221, "uuid": "fc835533-a3eb-439d-971b-ac6f931fb17e", "value": "384:0jXpuEDKOlrP95I4GS1dQhNz7YrgAlBCxIgVbPeuaBU3losjuzZ6UwYRGZqm7aLm:MuEDlV70HA6zPP3lLuzZPKq9WvlnZxb", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689869221, "uuid": "f81c3dfb-b193-48cc-800e-26bbf26741aa", "value": 43659, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689869221, "uuid": "53699955-77b8-4a69-9fa9-543b7bfa5242", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689869221, "uuid": "cb7fffae-1125-44ec-bce9-aa79d945b506", "value": "80cc187a15b6b6340385922631bad640", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "020ebe61-26ce-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1689837673, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689837673, "uuid": "40b32010-4121-48b3-bb5f-54cfadbe5ada", "comment": "Malware payload (Amadey)", "value": "34c92f1b6b922ed423132a72c41e14c0", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689837673, "uuid": "1cfab360-10be-4f02-8b93-b010124237ad", "comment": "Malware payload (Amadey)", "value": "8e6dae5587d0150e1fa568f6ff42d2f6790750c017c08f86cff2c14b18de7422", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689837673, "uuid": "47039a25-c5b5-4074-98a9-2eb71124c502", "comment": "Malware payload (Amadey)", "value": "0d10bccb8a7c64727139a12b32553e3568f00a51", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689837673, "uuid": "18e81be7-ae9f-46a7-95e1-23540731642c", "comment": "Malware payload (Amadey)", "value": "122a72c62874049dc4981b01f9f17925c279a6d532f062ebce1702f3e3be1c12e2798e3c9460945607550f5d46ec6a14", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689837673, "uuid": "8c1d7cbb-e7c6-42e3-92f1-a89934165112", "value": "T15E840213F7ED9432C5B56BB018F606931B3AFCA09D38875B2741696E0CB3694A93173B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689837673, "uuid": "21dccb9b-0d3f-40c3-9eb8-b6e237378673", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689837673, "uuid": "dbb738fe-ebb1-4e49-843f-f9d38907e3d6", "value": "6144:KQy+bnr+Pp0yN90QEbAP9s5pCJAKzG2t1+0oExIIJf/SgTP:AMrHy90t69sTC6wHoE3SgT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689837673, "uuid": "372fc6bc-a984-46e9-bc5f-b0481ebcdcc4", "value": 398848, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689837673, "uuid": "dfe46af6-026b-4272-b941-8dccc42080ce", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689837673, "uuid": "664581e0-cbe8-42d3-aea8-55df7f6ab81b", "value": "34c92f1b6b922ed423132a72c41e14c0.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7d9e670a-26cf-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1689838310, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838310, "uuid": "92bc2b87-e481-422c-bc42-e8016c3d4b81", "comment": "Malware payload (RedLineStealer)", "value": "b9f014f26b8a99acdad9106ce1cac29c", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838310, "uuid": "02cd9f5a-676b-4aaa-9d87-c909bbe01618", "comment": "Malware payload (RedLineStealer)", "value": "8eba24ee3e138317d934c0264fc7ce6a10eb4fcd9b6075080617349c9ad8fa5d", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838310, "uuid": "f1861e20-9903-4576-9d4b-c4a150058955", "comment": "Malware payload (RedLineStealer)", "value": "99893cae0295fd1ca28c2cb22e1eda08d87f398b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838310, "uuid": "e32d3705-f4a9-4a6d-aee3-c3eb4565ac76", "comment": "Malware payload (RedLineStealer)", "value": "5559e25149fb3af374a9a6d26a4228410bb746a0617b237227a3b8fb34ac011960cef8c24b643d4148bca52c86519f03", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838310, "uuid": "a2b7f602-b452-46c2-b412-56bec32d0d38", "value": "T1A1840143AAD88073D9B52B7018FB12C31F36BCA54978877F2691AD5E18729C0E43677B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838310, "uuid": "8adc1c4c-07e1-4083-aa76-1776ac00b962", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838310, "uuid": "744fbb15-fd69-41ef-8a34-3add7d8a52f5", "value": "6144:Kjy+bnr+cp0yN90QEQHinDVkWcnZNbQR5sQZ1VPvSNeQiFDcKTcohZX:JMrYy90uMP16NeQiFDzcohp", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689838310, "uuid": "99738f82-1376-4d9b-988e-a133e56a5f1a", "value": 399360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689838310, "uuid": "0e785cb1-4340-4841-9fe9-6a5292e734ce", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838310, "uuid": "6af2d00b-db68-481e-afe8-8005fde85032", "value": "b9f014f26b8a99acdad9106ce1cac29c.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a13e0057-26e6-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1689848248, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689848248, "uuid": "6535dae1-a1d5-4988-a67b-27e8c6e03d2b", "comment": "Malware payload (Amadey)", "value": "fba52e6594f6268cea85a2d19616cd14", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689848248, "uuid": "fe7f958c-cf8e-4e41-a795-558c4c8e1f94", "comment": "Malware payload (Amadey)", "value": "8ec5e441677ddf6a6b6d073539bfdcc1274adac8790f10483a58675668507d88", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689848248, "uuid": "419059b3-b9cc-4b22-9fd8-33cb30bfb09b", "comment": "Malware payload (Amadey)", "value": "d9cb9af06f01c0a181cae76aaa92af966d4ab7cb", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689848248, "uuid": "7658fafe-7318-4871-b026-e5456492f1d1", "comment": "Malware payload (Amadey)", "value": "3da9b4f3b03eb8e647b557e1b45dd08b60890ab428ec69fa85c11826e684b18b73f773c199b7bc8c589610065b7ad09a", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689848248, "uuid": "dba71161-9e2e-4bfb-b024-079e1ce1b8a1", "value": "T17CB4120263E54433D8B137B15CF203531F3ABCA1AE28936B2655699A1DB37C1A93277B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689848248, "uuid": "87277393-2254-4403-89fb-7f61b2dc6ddb", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689848248, "uuid": "a8a6ba6a-2a70-43d1-92f5-9b80545371ad", "value": "12288:3Mrzy902YjKZqfdGRy3drzkOH0/ijHPE8awV:oyAHV2yNrzpUa4xwV", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689848248, "uuid": "305033c3-e23a-4cd3-bf20-a01aa333df84", "value": 527360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689848248, "uuid": "e347a698-91e7-4727-9cfb-0e9f16c24e88", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689848248, "uuid": "89393daa-f80d-43a4-bebd-b9b8c92f9609", "value": "fba52e6594f6268cea85a2d19616cd14.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e7302847-26d0-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1689838916, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838916, "uuid": "2db84b2a-a6b4-4161-9865-0e91abf0a511", "comment": "Malware payload (RedLineStealer)", "value": "f9f33a15cca0c0414be4c7d6d588d01c", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838916, "uuid": "b8a45fc7-4a71-4d00-8324-a5ff4a1f33e0", "comment": "Malware payload (RedLineStealer)", "value": "8ed8f60cb9f351b9dabc5ec0516d61fc0d7f9479f64b08c26752f43f43627a3a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838916, "uuid": "8f876dea-9070-43c5-8162-1695522087fa", "comment": "Malware payload (RedLineStealer)", "value": "22c8a08efa12729f20632d458322d46c443fe898", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838916, "uuid": "472dcb15-6818-4b0c-8768-aa6fec549b6e", "comment": "Malware payload (RedLineStealer)", "value": "801b778d3caf5ba1ad7f71eb2bd6b4bc404c578cd87555577eb4cda104b43fdb73b2eaeee99d20a5a1867bf456bc9c16", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838916, "uuid": "a62dbbf4-f3fb-467f-8a18-24777b930ba6", "value": "T10F840212B7D88072D9B51B3048F717C30A3A7CA1AD78836F3786985E4CB3698A17577B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838916, "uuid": "7baf78c6-5865-4fec-aef6-b44934a001fd", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838916, "uuid": "22ed22de-5e84-4847-b190-802d844ccc9e", "value": "6144:KGy+bnr+ep0yN90QEHQul/RvY6bUZ6r5QKPf45HwDVMCcHnlRHn87iR+biuy7K:CMrGy90WujMeHPemcHnl98fOK", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689838916, "uuid": "cf400475-55c2-41f2-941a-90e0b85d3e6a", "value": 399360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689838916, "uuid": "5abf7532-1b81-4625-b954-3a45353c890e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838916, "uuid": "b7333a03-d119-4ae1-aa17-5379e6d5f271", "value": "f9f33a15cca0c0414be4c7d6d588d01c.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fd35216e-26ec-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689850979, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689850979, "uuid": "c27b9908-f11c-4c80-aa2a-b3b2a00b149f", "comment": "Malware payload (AgentTesla)", "value": "3f118c266c1bb31fc883f95d5b70046c", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689850979, "uuid": "e0da2622-5ce9-449c-8695-059343003cae", "comment": "Malware payload (AgentTesla)", "value": "8f500096f92da941f02a57f236bd196e79a7e62dd3cfa262d4b84bb6ba5a9771", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689850979, "uuid": "842cd9bd-eb1d-4fe3-85fd-795f3d7104fc", "comment": "Malware payload (AgentTesla)", "value": "48783e9ca57739f76f0a9286851f315e54dfde9a", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689850979, "uuid": "23705cdd-3907-4e6a-b124-a1ecf670c832", "comment": "Malware payload (AgentTesla)", "value": "8b6f96f033e24bb7f68ff2a231bedb71b381a18aa0d13091b1a7c0b89d8c2a1bc1a4a3f9cf06679fe5f07f886f53f917", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689850979, "uuid": "ed4c11ed-b12f-4b71-9f77-c9dac6b5a834", "value": "T126053B5B357CC2A6EA39637D102109E985F54C1F61CDB2091B38A8BC85FD6E90C1FE7A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689850979, "uuid": "38411238-ef88-43ad-bb20-e85caf5029ef", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689850979, "uuid": "9c5ef56b-4a77-4d52-877c-6badc00710e2", "value": "12288:OtuSQzOWmUCohx9cLTnpL53wP12dH5wcxmPVbh/05:+uDzOr1nh53wP0LwRw", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689850979, "uuid": "43f2be68-124f-4a65-a021-4690443d31fa", "value": 826368, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689850979, "uuid": "38bd4d3b-a7dd-4bd3-b67a-989c8c1f99f9", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689850979, "uuid": "5ad3a96b-b85c-4a17-9d36-09120566bcad", "value": "CI-23JC0607-TWO USA.pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6065fdcb-26fe-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689858447, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689858447, "uuid": "30bb3b3c-f670-4b33-85fa-2dbc09d2d1b8", "comment": "Malware payload", "value": "eec0c5fb5066c59aefe2c0b89b4bfa8e", "object_relation": "md5", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689858447, "uuid": "a3df4904-a02e-4e7c-90fe-b4a406e8e1d4", "comment": "Malware payload", "value": "8fba229bfe3c09d0f6e05be3ffb4507ad9ba70ba290e08f6512499244efb7034", "object_relation": "sha256", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689858447, "uuid": "c81f5b5f-3ea6-4f2a-9873-032f51f58472", "comment": "Malware payload", "value": "6e2ee7cd61727a7843862c7a8dc0b9bc1bd9a7a1", "object_relation": "sha1", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689858447, "uuid": "0149786e-b936-4052-9cd4-f1303b5e3eaf", "comment": "Malware payload", "value": "7bb1ecb1a8696f7d3bd72a3ded230ea2b68d6eeab37be60514e884e635734f020dde01d26676bd65d7c1a3097ed1ac22", "object_relation": "sha3-384", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689858447, "uuid": "e5dff502-c106-4623-8246-cf7b23f86188", "value": "T149E533816C22D7C7598FB3B89B2EACAADA45C7129F1C494FD48A43FD4C79452BCEC184", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689858447, "uuid": "5c737666-1b06-47f0-911a-115bed906aa0", "value": "49152:7SYgqMEdcA6ctjbSrX+5VQeDF3TuvrUnRwWMgmSiL2/Baoe2FhW+4oG3LsR:zFRapcJb0S56vwR1SZ2/BaoeSs+W3QR", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689858447, "uuid": "5289014f-d04c-438c-8282-8e8f57b4734b", "value": 3307085, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689858447, "uuid": "7aec3c3f-05bd-4306-b2d1-5e90f7aa6307", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689858447, "uuid": "af2358d2-506a-4189-8d8e-0dc2de7bbce8", "value": "Arc_Digital56844IZGCP99965-HGEKA54000FCZBZgpyny.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e2436e94-26d0-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1689838908, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838908, "uuid": "c15ff773-2927-4db9-9ef6-54e7204c26fa", "comment": "Malware payload (Amadey)", "value": "eec33d98310728049c59adc8d2840f90", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838908, "uuid": "ed7b73da-689b-4076-a684-ee570692a4f1", "comment": "Malware payload (Amadey)", "value": "8fd8cd6868aa9eb2c576d28da5d7a14ad9830a6ace8689ebfc126fa7b5a48f02", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838908, "uuid": "a97f09e9-b55f-4475-a796-27e5f9d47565", "comment": "Malware payload (Amadey)", "value": "042813a5c25f8b128f8bf7b16578202937070bf7", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838908, "uuid": "d1adb700-72c3-4226-b7c1-e17a05d1d29c", "comment": "Malware payload (Amadey)", "value": "609276df36ffd3c8c1da8da35265dddbfdebbd6e6d01dfd2da0c886bb3475a90ad0246ba6da0f2711995077c4459a825", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838908, "uuid": "9909ee86-46cf-4e54-abd9-d4c98a75c0fc", "value": "T182B41263AAE94172E8B5277008F646E30E3A7DA19D79C36B2746688E0C733D0E571737", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838908, "uuid": "e02d49a4-8384-4c4e-903d-185ae1f10e2f", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838908, "uuid": "b45afcc9-ae64-44ca-9ac1-0631ae26117a", "value": "12288:cMrTy90hlmrSOwpWo6XnTt+ZOx2O5p9jgw:Xyxo6DR8OLlX", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689838908, "uuid": "eeed37f5-7529-4bca-a9eb-102b2e34649a", "value": 526848, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689838908, "uuid": "2fe4417b-2e7a-49fb-bdfd-44800d98e1de", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838908, "uuid": "e080a296-810a-4042-a198-beb0ab79a5e4", "value": "eec33d98310728049c59adc8d2840f90.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "35196809-26f1-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RustyStealer)", "timestamp": 1689852791, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689852791, "uuid": "65d8768d-fcd1-4402-83b5-9a037d347dda", "comment": "Malware payload (RustyStealer)", "value": "6e49292c03ecfa4534aafc7e8bc8af83", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RustyStealer", "colour": "#889E80", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689852791, "uuid": "41e75f02-a414-4cb3-b7ec-689fe9142d13", "comment": "Malware payload (RustyStealer)", "value": "90a0f491e64700ffe523857b5e4c920e6483b81416d8c8b68c6f3113d7f235d2", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RustyStealer", "colour": "#889E80", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689852791, "uuid": "74e92109-1ae2-447f-9cad-e23032bed531", "comment": "Malware payload (RustyStealer)", "value": "68d86b78857e688e08ec6db7e000cfe2fdae2b3e", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RustyStealer", "colour": "#889E80", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689852791, "uuid": "be55f4dd-88b2-4b89-b201-b740936fa04c", "comment": "Malware payload (RustyStealer)", "value": "c87b5dae70baf2fc8b378d4b14b9998d97191be5d2183216f1684cc1553061da6b38c6bbc73c2dd5ea1284d8129305b1", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RustyStealer", "colour": "#889E80", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689852791, "uuid": "b1677db9-ae88-4810-94b7-1fb792cc68c6", "value": "T1E0466C119CA42BF0E9D7AE75446E621537313F68D715CBA30C3AE3B59C631A6FE0B608", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689852791, "uuid": "ae9159cc-16c2-4190-89c2-5e3cd3587290", "value": "77658839c6359d973fb78c1875ca2d9c", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689852791, "uuid": "ec5b6ecb-b517-4682-a1a9-6c3d9f004f21", "value": "49152:z8Op2rDgjNiS6Q80QNuo0rLAxR6iA64g1/zz/yRM0jZvf/SAdWdcexigVNWzYMb/:zPdcuoSt6r1/zzifVHtEwMAwq", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689852791, "uuid": "69aa5a13-fea3-473e-baa4-6a4112680740", "value": 5394698, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689852791, "uuid": "d90d361c-1408-4004-9af1-cd3d802a8320", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689852791, "uuid": "972bcc87-a024-4778-9db0-50b31b6925c9", "value": "stubclean.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "28b748b9-26b4-11ee-a6f9-42010a9c0055", "comment": "Malware payload (LaplasClipper)", "timestamp": 1689826571, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689826571, "uuid": "06f8831b-47da-441f-a73f-2c4de675d7ad", "comment": "Malware payload (LaplasClipper)", "value": "b273c68306bfba8fe55a39fe29c5a160", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LaplasClipper", "colour": "#5DA8D7", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689826571, "uuid": "e24730db-b7ea-431d-a22d-527dcdd4af9e", "comment": "Malware payload (LaplasClipper)", "value": "90a8447971f2150fe9ba03d2680af7bdd33de721e9e1521166a7826ed143a2d8", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LaplasClipper", "colour": "#5DA8D7", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689826571, "uuid": "65e993d7-ac45-4af9-af86-8ac61251b5c0", "comment": "Malware payload (LaplasClipper)", "value": "4f323552f4303b5394680c4f73452ff63a6972cc", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LaplasClipper", "colour": "#5DA8D7", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689826571, "uuid": "638b4929-386b-4a7f-90d5-3cdffc6b468f", "comment": "Malware payload (LaplasClipper)", "value": "148bd2f0e5a3cbd9b7e3ca97bc8edcc849ae6008fe4d7d6904c62ecd9adc776e613d13de77b9cb21e5e6c2b3dce36828", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LaplasClipper", "colour": "#5DA8D7", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689826571, "uuid": "2eedb77b-1d43-4133-83a8-918f347504a8", "value": "T187856D973DEC85B0C062343947D09E94A53EBFE469CD4E9B27704A650B5F4F0B6E2A0E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689826571, "uuid": "cdb5df66-90ca-4b2c-8285-aa46fe074dc3", "value": "28f039ba63a716b696dd5058ca2bb671", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689826571, "uuid": "7a397c72-9253-4210-9fd0-f86f582cffeb", "value": "6144:B0TtB357yFQgb8AQ5wDsNXq+2MffwMvrgJngQ8vFr6:B0TtB357GfsN6nMfLcJgQo", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689826571, "uuid": "c81eeb7a-fbed-4007-a3c6-6628cc243c2b", "value": 1838080, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689826571, "uuid": "1079fbde-1a20-41df-9ea2-1d7f36e46e8a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689826571, "uuid": "73136f2c-3a35-424f-9433-d6bd27efa5d4", "value": "b273c68306bfba8fe55a39fe29c5a160", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2659956d-26d0-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1689838593, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838593, "uuid": "13bab757-97ef-45bc-8c6f-5a827d5082f6", "comment": "Malware payload (RedLineStealer)", "value": "d333c708022e6b3de80dd27ba778ad1e", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838593, "uuid": "8575547d-803b-4143-bab2-af2f00aeeeff", "comment": "Malware payload (RedLineStealer)", "value": "90c326785dca9be91a3ea6d5c150bdb97ab96e4bdf1482bbaa58748a8ba0d3a8", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838593, "uuid": "5fbbb18b-bdc6-432f-8225-53f70acbfe0d", "comment": "Malware payload (RedLineStealer)", "value": "89381b7c4737fd52f64a7684454f55e644dda33b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838593, "uuid": "1e99c18f-0f94-4abe-8682-3ff1b26153e4", "comment": "Malware payload (RedLineStealer)", "value": "31ea55730ebf5d204619d2ca67636dbbb91e8441ba8ec732a97672a463b4cc0e2dbbdc06810c619ba1758a0ec6c0a907", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838593, "uuid": "c814f8a2-b4c8-4759-86a8-8b30b40ea19b", "value": "T1EFB41242E7D85173DDF62B7058FA12D70B3BBC915DB9432B3386689A0C73680997272B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838593, "uuid": "62363a8b-2c48-467f-a306-b6ba7a59658c", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838593, "uuid": "d76c1218-4b99-4bef-a85d-0023f41e0c35", "value": "12288:RMrpy90aMX2aGn5tUs810tP91kWsGLg4/P+VgHbO5:MyLMX2J5tUs8+Nsb4/2VgHbY", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689838593, "uuid": "968d071d-67b6-43b9-b838-bb7f7601116f", "value": 528384, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689838593, "uuid": "4d2e7eb5-e053-4e30-9270-2fa2217d4361", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838593, "uuid": "9054faa4-6be5-4739-aca3-c5953085f034", "value": "d333c708022e6b3de80dd27ba778ad1e.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "373eb588-26d0-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1689838621, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838621, "uuid": "27669e8d-1838-490b-b3a5-c7aa7aa91d1f", "comment": "Malware payload (RedLineStealer)", "value": "eaaeb19bb0c520376787d29095288ed4", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838621, "uuid": "dcf84454-c183-4959-8c74-d511af5f9f19", "comment": "Malware payload (RedLineStealer)", "value": "90e24aa6a6fd876ca3d9f5eac541639fef64ecbc7e46d610db9b953bc703a293", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838621, "uuid": "131ac0b3-21ff-4c4a-9076-4d17307b5a04", "comment": "Malware payload (RedLineStealer)", "value": "8dae2b8a9fd418caa17c3cd54d2627ad80e3d056", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838621, "uuid": "9be2a475-515e-4a69-bdbd-38844520ad3e", "comment": "Malware payload (RedLineStealer)", "value": "c77a58bffde9d05ec3b72e5234a0fc285c2452c4462c9bc43cc1b8085a0861b18b15a89c63afb10c23c866304c51d3cc", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838621, "uuid": "0d19a578-daae-44e6-b732-c052ba7a5643", "value": "T14C840103E7D8A073D9B5237058FB03930B377DA15E7883AB2385995E1D72A90A43577B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838621, "uuid": "82dae02c-4327-4ba3-87ed-dd3fd56d368f", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838621, "uuid": "a2b24434-9e51-4fa7-8193-30e84586a114", "value": "6144:KUy+bnr+cp0yN90QEDv0cckW8nZNLo9P4sCla9p0l8qOQBUEopwENtPcAL021+KO:wMrMy90Bv0TlntEEJXJLy", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689838621, "uuid": "19eab677-f02b-4bfb-9ce2-fa113d2b25f3", "value": 397824, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689838621, "uuid": "4b35e377-dbec-49d4-9677-9d84eb703d1c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838621, "uuid": "5d565710-faf9-4eff-9cec-b6f7e5f890d1", "value": "eaaeb19bb0c520376787d29095288ed4.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "78d668cd-26cf-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1689838302, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838302, "uuid": "5cd0798a-10ec-4bef-99ff-21339fb5e017", "comment": "Malware payload (Amadey)", "value": "aeb3741f220a13965dac5010be052171", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838302, "uuid": "295a9bd2-b507-4d32-8aa8-c9ff2a580d51", "comment": "Malware payload (Amadey)", "value": "92527cc74dea9d866bf70dad6e12e1fbe7afb575896dfca421aeff81dab35764", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838302, "uuid": "9e43d33b-99a0-4c3b-b59f-fe3e7092890e", "comment": "Malware payload (Amadey)", "value": "748f05efed03a35f44f4afeab51c6210194be9a9", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838302, "uuid": "03e2cb13-2545-4e69-b2e9-693a0f6c73c7", "comment": "Malware payload (Amadey)", "value": "8cf75b40b3882f1467483a632248f59e26713574250ee50bbc93d6e0a159176b77b58718592c29c9c58d580c213270c8", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838302, "uuid": "319df52c-339e-49ea-a314-ae9a6348da89", "value": "T160840152EAE88133D4B567706CF612C30F36BCA19D78876B3755A82A4CB36C0A43577B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838302, "uuid": "8da80f8d-0cdf-477f-96a8-4c72bc5061cd", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838302, "uuid": "378fb1c6-b151-4928-b09b-bc2b8844a98c", "value": "6144:KEy+bnr+np0yN90QETaJq78vT4iITMhFWfOFU4ysK55uYXToyDyVe93n:EMr3y90tn7Y4xTMhofO2t1uYXToyDyM", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689838302, "uuid": "f194dcca-d4d1-4581-815d-5a9d824a095e", "value": 399360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689838302, "uuid": "7067d729-aa4d-43a7-9e2b-1d25aa80416f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838302, "uuid": "c26b33c7-6a23-432c-9942-54c7a00ee5cd", "value": "aeb3741f220a13965dac5010be052171.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b2892a69-26e7-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689848706, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689848706, "uuid": "2ca177fb-b6d8-48d4-9d05-beb6a7303f4c", "comment": "Malware payload", "value": "5b61449b8e9f78d8e6566d74b4fe6da1", "object_relation": "md5", "Tag": [ { "name": "cve-2017-0199", "colour": "#B8DD67", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "docx", "colour": "#0DD1A9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689848706, "uuid": "95947102-8fe2-4afc-9d73-83466f83ea10", "comment": "Malware payload", "value": "92cfe7e4eaf68facc93ecac6090c7cc9af7ead004257884a8ae33c5c8b4e2774", "object_relation": "sha256", "Tag": [ { "name": "cve-2017-0199", "colour": "#B8DD67", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "docx", "colour": "#0DD1A9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689848706, "uuid": "580db631-2175-4709-b165-e939c0d57879", "comment": "Malware payload", "value": "2852daac0cf4599f8f3737dd827d22a414ced4a0", "object_relation": "sha1", "Tag": [ { "name": "cve-2017-0199", "colour": "#B8DD67", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "docx", "colour": "#0DD1A9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689848706, "uuid": "abaed7de-7781-4efe-a747-23455b2ca2aa", "comment": "Malware payload", "value": "4c947f8ec0e7e8457e66871fffd5affc78c3aff7b45e5d311afe66f2ca93704e590aa69c381ea4e68f721332d6097848", "object_relation": "sha3-384", "Tag": [ { "name": "cve-2017-0199", "colour": "#B8DD67", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "docx", "colour": "#0DD1A9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689848706, "uuid": "ee88dfef-36a9-4430-9f86-a82f1be9721f", "value": "T171F29D7791C18A3FD3435E3196066208D7B8A317B956738376708B9DC8BF6CA6E70A4C", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689848706, "uuid": "36ff6ca9-bde0-43fd-bab6-93a904254bd6", "value": "768:PIPN5f4Z8QlFcArtIgglgUSL34O6EzfiAZV368R0YtxFfiA74O6rfiA+24O6nRI:P760mUtIRG34mK4d0YpK64JK524Y", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689848706, "uuid": "a7d11018-6b13-472d-aa2a-0c2c4d449ae7", "value": 36176, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689848706, "uuid": "aa0e7207-676e-4d01-a6cc-63f3b159dd57", "value": "application/vnd.openxmlformats-officedocument.wordprocessingml.document", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689848706, "uuid": "fc2425e8-63e3-4ab9-81ce-9b2468557f68", "value": "order.docx", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a17cc78d-269c-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689816466, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689816466, "uuid": "8301a400-60a6-4b16-89ae-a8a2504fd919", "comment": "Malware payload", "value": "7d0b8f32ef1abc94892e6f5827b519f0", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689816466, "uuid": "51fc8845-580d-4be9-a2bf-82f929489b20", "comment": "Malware payload", "value": "93f8c18429afe367f5a8c8c57b0ad10ff4d1d356c10d5a680bc400f9147490aa", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689816466, "uuid": "32c78eb1-4886-46ab-ae7f-41052f9a9621", "comment": "Malware payload", "value": "9c5f05f512a6e524278787131ed82405063d0b6e", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689816466, "uuid": "bf7d82ba-3bde-4917-80db-54feccf8ad7e", "comment": "Malware payload", "value": "562c80d2235b24e18bdb923689430f5e0b188a9520f0547753aed4b8e6ec0fde46c1f9ed0902d720c91a8da03932eb1f", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689816466, "uuid": "4de83849-9471-4e49-a539-5a8e189b7a0e", "value": "T1BBA48C2176DAC936C5BE06B0362D879B55297E7447F2C0EB13C85D2E1EB38C15372EA2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689816466, "uuid": "3c46815c-c80f-4a0c-bc5b-f8eff45ae4e5", "value": "86e1cc10a4459a30bed399af61da7a84", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689816466, "uuid": "ce06f525-fb2b-4279-8417-56db9a8a6c21", "value": "6144:vrDow+ZsrLg3bmfKlGzIqSqYf+SAOfVKE/M5TiyX1pjhZW:3owv43bqKlRHJVa9iyX1pjh", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689816466, "uuid": "70daee00-aa38-4da6-a594-cefef6eb4f80", "value": 487936, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689816466, "uuid": "9bae8dce-3f63-4227-a778-d434dd43094a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689816466, "uuid": "845abaf4-3713-4b4b-b718-037dbb416543", "value": "SecuriteInfo.com.HEUR.13374.30762", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b5eccc5f-26ed-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1689851289, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689851289, "uuid": "06515eed-eb7d-425a-92a7-2f3d4dd77ade", "comment": "Malware payload (Formbook)", "value": "a062adec514eae902a49905065fd8851", "object_relation": "md5", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689851289, "uuid": "188aeb3d-3231-47f8-b00f-d7407d8a6268", "comment": "Malware payload (Formbook)", "value": "941186254d9824965a7e4290072e748f4573b325728fe13a00f4435e6618bae5", "object_relation": "sha256", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689851289, "uuid": "5e647366-1fa9-4fc9-8a1c-e3614a4c1264", "comment": "Malware payload (Formbook)", "value": "56946f0f1495ccf62adb8f388bd434c8a439cff0", "object_relation": "sha1", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689851289, "uuid": "da0ecf43-6250-4bde-8d5d-a2f1c428868c", "comment": "Malware payload (Formbook)", "value": "dfd1855fe05a02300ea4638bdc523b17337358696c1d7254010417872999ad5b456297a989dbd148bf8ad61f02fc1388", "object_relation": "sha3-384", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689851289, "uuid": "f7a3e29a-1440-4877-bfe9-f882ac860812", "value": "T19D44231488208297C12CE676B01CC34658E54FBFD1CCEE09DBAF781626DB796A4CDAF5", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689851289, "uuid": "72e53c0d-995b-4694-bc33-e78fad4ba781", "value": "6144:MCCwbbiASDQmqbpBMfwYtumKmYe2fltyBt19/uVom01:MCCwbbibDT+deklEBT9mVlo", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689851289, "uuid": "334f8160-5d53-4acd-8a67-9d8b0f184fa7", "value": 261304, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689851289, "uuid": "65307d80-e543-4506-88ce-8012148a79d0", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689851289, "uuid": "78290948-bc17-4163-8e5a-9a6c18956198", "value": "RFQ # 1045981 - MAA_D Plant Project r01.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4962e484-274d-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689892339, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689892339, "uuid": "f5abc1b7-9839-49c7-81c5-18cf40332074", "comment": "Malware payload", "value": "cc3acb8427438b960c0b538139ab393d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689892339, "uuid": "c28d4878-7ce6-457f-9e86-c2bbb2363806", "comment": "Malware payload", "value": "94275cf1acfb28bff46ddc65fa9babab668dc8b9bc23d7e4d8b833dd500a6ff2", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689892339, "uuid": "151a0101-2faa-43d4-96ca-2770bcdcf5fd", "comment": "Malware payload", "value": "6f64f71a467848d6508df17717d78f672cda78c1", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689892339, "uuid": "19a20e74-e47a-4eb9-9b27-114a2b06b85c", "comment": "Malware payload", "value": "0ffd79bb9105bcb9971bb0b31e74674acc98bd9335ac08964184336ae04f3b410399a01faa555f10bcedd60aa9826d00", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689892339, "uuid": "e02beabf-979c-487a-bbf0-529e0887d0fd", "value": "T1A2B41202A7E89036D8F6277048F713831F36BCA1EE78833B17565D5E4CB26959132B6B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689892339, "uuid": "8edd6011-8737-490a-95e3-1478a69714f0", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689892339, "uuid": "893f8dfc-b709-4969-94aa-9762aacca679", "value": "12288:AMrsy90n6e6feGHmAwomr/lkS73ysS6qayvm3oWd:cyM6e6mMmAwo+/KE3ysS1ayqd", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689892339, "uuid": "5d547c78-c06f-4676-ba74-6cac8816a962", "value": 527360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689892339, "uuid": "930d26d2-0ffc-42e4-9c68-7451d2e04b90", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689892339, "uuid": "d59a023b-d5fc-4fed-99b9-e73ebf5e7806", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4357bda4-26e4-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1689847231, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689847231, "uuid": "4a1051ba-b6d9-487d-af94-b4cb8ccee7ec", "comment": "Malware payload (Formbook)", "value": "4b13c07a48e57799e54f6e38e34ff6be", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689847231, "uuid": "d25f4572-250d-49de-9914-3b2baf3ee42c", "comment": "Malware payload (Formbook)", "value": "94509d1a6070cfbaeeee0e3de30bf14dce5f4b28bfeef4ab3cf9bedbd0a07dd1", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689847231, "uuid": "80f751c8-7c12-49d9-838e-4a2717ca162a", "comment": "Malware payload (Formbook)", "value": "6a0290c82cb922e60e949b7f52e9c9fe031433f1", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689847231, "uuid": "4c20df4b-b1e6-4131-b59c-cdbaed979d70", "comment": "Malware payload (Formbook)", "value": "8032b5415b121e84aefa27d3a80623fde3a6e417fc3cf1294e8d17e27802fdb7b7a78111ca497afebdb16c3d644a64ec", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689847231, "uuid": "469910e5-268f-4cb1-9007-e8327fe2f626", "value": "T11B5412002AD4D86BE4565B319FF66B36E9F2910925A4C70F1B90DFC578B2AA1E70F313", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689847231, "uuid": "a65ee71a-c3a7-4d56-adcc-47ccad48ddb4", "value": "61259b55b8912888e90f516ca08dc514", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689847231, "uuid": "4c902f1f-03e1-480b-85ee-26a00b8bb6a9", "value": "6144:/Ya6xeXPYBCWD04uosQ3v4nDR/dxo0u4pSDZJhFlrUdGv:/YbefYQ6eBQfMR/no4m/HKd4", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689847231, "uuid": "9174ce36-4171-4366-a385-4cb55a4d85db", "value": 278696, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689847231, "uuid": "76d431d6-8e24-485e-8e1a-c0eab21a27f8", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689847231, "uuid": "b218e9c3-b53c-4eff-8e01-6e8c551a5344", "value": "Invoice.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d3701174-2722-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1689874102, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689874102, "uuid": "cab54a3a-137b-4df4-897b-e8525a338880", "comment": "Malware payload (RedLineStealer)", "value": "5286744b98cee26d81ce05f456e4d20b", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689874102, "uuid": "bd985c8c-22ff-4b87-8bb8-636e61917599", "comment": "Malware payload (RedLineStealer)", "value": "960f09b61208a03ecf2c86b17adfcc5b871c0b874b0478827496926bc5200b8e", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689874102, "uuid": "f56835da-1cf5-47ba-8046-557a226a668b", "comment": "Malware payload (RedLineStealer)", "value": "3a13d4dc5675be711058c9de8952a8eed53e91f3", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689874102, "uuid": "40bcb406-2153-4e31-8b16-d285d3e44dde", "comment": "Malware payload (RedLineStealer)", "value": "77df6d26dec00f3cde364a2dbfbb950d89fbeb1c481b2319772dc0fe71f99c58cd888bfd4ea418359f97799ae0f15299", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689874102, "uuid": "fbc7fa00-3794-4938-a3cc-0734605e0969", "value": "T1D255CFB76C3B068EC1A0637E2CFB790AB7EEE3803C59D61B1D6B07D8C1761545AD2099", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689874102, "uuid": "8745f81b-40af-448e-8860-085eae86e1f4", "value": "76455649f85e79f41b63448e060dd2b4", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689874102, "uuid": "734a710f-ff2f-4827-8b25-903ed3b65e87", "value": "24576:wriIXw584u1g2t+zvH5iYE36wv2CT9IOgTdV9C6paXBFQ2:wrc584u1n0Ta2CT97gTdV9C6paXBFQ2", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689874102, "uuid": "8aff2b99-9a79-46d6-ada8-4bf2c60eed47", "value": 1383000, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689874102, "uuid": "8b888204-602a-4f37-af38-0c3815b0b1ef", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689874102, "uuid": "5afb311c-a33e-4ebd-ba7d-71164d1d8251", "value": "SecuriteInfo.com.Win32.PWSX-gen.4729.30", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bdee3837-26ce-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1689837988, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689837988, "uuid": "03437c55-93aa-4668-8da1-d251a5ca8b9f", "comment": "Malware payload (RedLineStealer)", "value": "8db815190d477d5ff3320f63ee0322af", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689837988, "uuid": "4c7a14ab-7b06-4506-a59b-a39ef41f700f", "comment": "Malware payload (RedLineStealer)", "value": "9712f3ca55a69dc82a720b41eeb39aa2d2482719c764715d774a1d1d1d11ea1a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689837988, "uuid": "403f57e6-e79d-4c88-9e2f-922425913453", "comment": "Malware payload (RedLineStealer)", "value": "f20c18ef6555549e9d467d3e63258dd51d561b7c", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689837988, "uuid": "ce1b4a55-4956-42f9-a5b8-f30037080011", "comment": "Malware payload (RedLineStealer)", "value": "30c8691aa55de8112031a8b814c718bb827650a55289f32a677e456b89639ca28b88539d62f44ba68225283f7e74ac8e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689837988, "uuid": "144815bd-8c7a-4f05-98c8-79df81434980", "value": "T1EE84F113ABE88137D9B62B7048F703931B3B7D924D38876B2645A85F0D726C4A93177B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689837988, "uuid": "e1f2b095-8a85-45b2-93f6-e37030ac6a87", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689837988, "uuid": "4907a224-d5e4-4d5f-ab5b-7794a6b2fd78", "value": "6144:Kuy+bnr+Hp0yN90QEXnPQvYkWsjZNoBnY6y8byR+cuVsv33+RRSlwlBEfXSm:SMrry90VnPiyY0yR+5Kvn+R8JCm", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689837988, "uuid": "ad6d2d81-7c3e-4c81-bb9d-9660451b9484", "value": 398336, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689837988, "uuid": "83536e84-da87-406c-8f73-58c19d195f90", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689837988, "uuid": "19d14397-fbc0-4dfc-84ad-31b7efd9f935", "value": "8db815190d477d5ff3320f63ee0322af.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "950fb563-26d1-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1689839208, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689839208, "uuid": "be653e33-222a-4128-8b79-6dcf75afc1e3", "comment": "Malware payload (RedLineStealer)", "value": "f5f74fabef9a471e4530f611b0a7b5ef", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689839208, "uuid": "afe0b4ce-46c1-4738-8feb-84747345c4e9", "comment": "Malware payload (RedLineStealer)", "value": "973c875729ccab5d3b082d708b110a460dba4a519e065e5e2292bdf399bb251a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689839208, "uuid": "6a6dbd8e-2e09-4532-9a4d-56350233004a", "comment": "Malware payload (RedLineStealer)", "value": "ddbd5d87673c73e8a7d09f37a4f2aac0114653ba", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689839208, "uuid": "4dcec0d7-22a8-42a0-8a22-c12083702e4d", "comment": "Malware payload (RedLineStealer)", "value": "1b97449ee7d37443178285beb6b619639c0f3f5b046711bc8b616473ba5ed48ac5c2bd08dfd24f386cbede02900f67da", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689839208, "uuid": "f9017226-8c25-4c94-900c-2057216463e5", "value": "T128840213E7D89132CCB61BB058F307831A3ABD925DB4536B2685AC5B1CB3A84B47177B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689839208, "uuid": "8c8236d5-07aa-42be-9f43-899483b6ea72", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689839208, "uuid": "68c42a6b-10cf-443f-9345-fa4a797cebf3", "value": "6144:Khy+bnr+Fp0yN90QEyMRCCR/NeyRf+5UnXVfXbLh/BlmVemYfaX6OlA+hX:PMrJy90zR/R/JeUnX9XbrfmkaXFhhX", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689839208, "uuid": "7145e4b4-09a8-47f1-b246-c32356d39d76", "value": 398336, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689839208, "uuid": "3acfd2ce-279d-4e6d-b297-f1b61c765552", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689839208, "uuid": "f30ad9bf-740e-47b0-af70-b97ca85e1199", "value": "f5f74fabef9a471e4530f611b0a7b5ef.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b80d21c4-26ce-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1689837978, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689837978, "uuid": "129132bb-8df3-4974-b66d-43f13b37b3d8", "comment": "Malware payload (RedLineStealer)", "value": "5eca1019c6ec1fbc5b0143c7836df0ca", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689837978, "uuid": "e193141e-9a38-460f-8cef-c595ef832389", "comment": "Malware payload (RedLineStealer)", "value": "978e171cd435407b5d649543a5f213344d9b9d293c3ec582611301fc874c971a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689837978, "uuid": "7c990b31-7b04-4f73-94a6-732d46b64220", "comment": "Malware payload (RedLineStealer)", "value": "174a5053bb6cb656f0ca4b8f2e012c9ee0704642", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689837978, "uuid": "dca6f2ef-d66c-42a5-9939-817c529e2f39", "comment": "Malware payload (RedLineStealer)", "value": "aabbbaa13e64fd73df839afdcf99920b218152b732abe6a8a8f73ea01439f7d6b8ffdae8caee69a5ff029601af81473e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689837978, "uuid": "20d6551d-dfca-4de9-846a-b16a3f5d10a6", "value": "T155840153A7E88072D9B927B068F307C30B35FCA15D7883A72B51A95E1CB25C5A87137B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689837978, "uuid": "56392f94-618f-4d27-b490-7a443b505d1e", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689837978, "uuid": "8ca4d373-9fc4-4da6-a167-1710c5d24b1a", "value": "12288:DMr7y907Q+pQWEErMXujR9c1uXVwXk6JVs:gyQQz49FwXTK", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689837978, "uuid": "4a85ec98-2d29-4cf1-ae42-a55a16c0f7e6", "value": 398336, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689837978, "uuid": "83bdfc75-5ac3-4aea-b7a6-6aa9c1efed70", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689837978, "uuid": "c7929e6f-4c37-4389-928b-94690e83522b", "value": "5eca1019c6ec1fbc5b0143c7836df0ca.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4d244ce0-26cd-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1689837369, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689837369, "uuid": "46ea2330-08ad-417f-83c9-d1b53f68ce4c", "comment": "Malware payload (RedLineStealer)", "value": "07c4932eac4c00d7bf3e7c2431f28d16", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689837369, "uuid": "5e26f784-52ca-4d10-8170-27376f0f7b17", "comment": "Malware payload (RedLineStealer)", "value": "979a97cb16762728856ff5dd929cb625d1673048544e092731742005342da799", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689837369, "uuid": "7d2f7a32-a752-4874-a349-1869d90608a1", "comment": "Malware payload (RedLineStealer)", "value": "f6770982591d3c388f83c128da9cda9b7ca36162", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689837369, "uuid": "f4f68f95-ec0d-4965-a707-ddf6412da9fa", "comment": "Malware payload (RedLineStealer)", "value": "9cffc4c73a7e3781f6c2220e4213779bc2fb7feb32cd2222bbc76d88f0319513944eff3056956e9cfca4f5e7948ba2b0", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689837369, "uuid": "93b44ac2-eefc-465e-9105-9a8c890b388d", "value": "T1C7840116E7E98123D9B42BB058F712C31F35FCB25D34931B6A99695E1CB25C0A23237B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689837369, "uuid": "8e9d22ff-652b-4d16-a79d-fa648fe378c8", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689837369, "uuid": "724cb67f-b1fe-4030-825f-e6c96c4c1ea1", "value": "6144:Kry+bnr+Op0yN90QEfkmMM1ki99QVS9AdKrs3zzmx+hpnKS9:hMrCy90NEM1kGIdxo+79", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689837369, "uuid": "9c5f1386-0703-4185-98ed-dcf4b38ae8a2", "value": 399360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689837369, "uuid": "125ca911-624f-4f6b-9d0e-323a198d37e5", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689837369, "uuid": "2f15e194-c6dc-4c8f-bcfe-0487e61b364d", "value": "07c4932eac4c00d7bf3e7c2431f28d16.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a35c3aca-26dd-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1689844386, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689844386, "uuid": "29d9ce42-3085-434d-84e9-e209be141e56", "comment": "Malware payload (Amadey)", "value": "ba973ac4a8bd8976b526b3ea03a71b66", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689844386, "uuid": "bd5d1aaa-cdfb-4e3a-a436-20246a472307", "comment": "Malware payload (Amadey)", "value": "98026bae4974a33c6e9b7a6059cee4eec4d72efa0881ec2fda669aaaf1e45b03", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689844386, "uuid": "7c90b721-8b2b-43c8-bb7b-2d742b96bfc1", "comment": "Malware payload (Amadey)", "value": "f46c87bb79c2b9bde94cf31697e439185c8808b2", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689844386, "uuid": "14ff176b-7ad7-415b-b8d0-db3c38c493ad", "comment": "Malware payload (Amadey)", "value": "17e5236c2598c281570e16b95d41bff2bb5369f139c78c5bcd19ad3b9cce2edc03c9d6465513e67bb6ce559c8d280b15", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689844386, "uuid": "12d0c8ad-5f6a-4e4d-bb11-33d47e9a73b8", "value": "T18D840112EBE88032E9F42B7058FA07831B36BDA15D74437B3B46985E0C73691A57636F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689844386, "uuid": "474507ce-9c88-4ce9-a018-449c70709a89", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689844386, "uuid": "085bca7a-4e9b-4393-9a67-45e9d0a8deec", "value": "6144:KGy+bnr+Kp0yN90QEbLQkWGjZNJbp75yEGQEqO5Y9AiNOP3ooyA+:OMrqy901LVqEQYy3v4", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689844386, "uuid": "e83bce65-d7d4-46d8-ac44-975541732963", "value": 399360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689844386, "uuid": "3891aab7-52e0-4dcc-94d4-9691e9726b14", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689844386, "uuid": "8d5e2573-c86c-49f1-af13-f403d58abcda", "value": "98026bae4974a33c6e9b7a6059cee4eec4d72efa0881e.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b87a88b2-2732-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689880929, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689880929, "uuid": "577596c7-a739-442d-ae38-8dcc351d5cbd", "comment": "Malware payload", "value": "b6a0fed96c9d08e4649a4c9515c1a57c", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689880929, "uuid": "af7f1c0f-e366-4640-a6fa-ded3d6e92535", "comment": "Malware payload", "value": "9844a3b3de2ea6c62ea04738b6d9531c7ef1befe988d49b43b85d9e1189c1a26", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689880929, "uuid": "2eaccd3e-4ccb-4f27-98b2-d1f5854b0f10", "comment": "Malware payload", "value": "68a148a389eddc9235bd959a6790d3c2c7dd0c8a", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689880929, "uuid": "904ca152-70e3-4221-bd4f-7c3c62d85cda", "comment": "Malware payload", "value": "f2057d1268ae46bd31761b4302cc9e4fe2807fb5ec7242ae99be0f089515e1d9515567fd867097a8c299620c9842841e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689880929, "uuid": "8aae295b-1423-4b92-87a6-f3cdcad50490", "value": "T1BAE429503C9042F1E9F2307E27ECA521861DE0F027391FCB55880AEBEE645D67E7A697", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689880929, "uuid": "4c6888f4-7d8d-4940-b16b-7ba028d7a953", "value": "5722a240450086d692c8b0e1ad2f7715", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689880929, "uuid": "50d8b185-eadc-4023-8138-d306910cb48a", "value": "12288:flHocPL6F1FHYfpB4ZM+Rfz8GMxXpSuvtkpvjyEEXxg3Sxur:fmc2F1hRfUXpipiXCOu", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689880929, "uuid": "b8f3c2fd-7b4b-4046-af02-95299ad6f433", "value": 698368, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689880929, "uuid": "e11137a2-b220-4bef-8805-a13b3cf8f70c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689880929, "uuid": "b2a0d9bd-f0c6-459a-bb2b-986f02962908", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c6295dff-26ce-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1689838002, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838002, "uuid": "e160dabe-a82c-46de-a6b7-ec5aa89af594", "comment": "Malware payload (RedLineStealer)", "value": "923ce5241f2f8328529a1eb04c1cb742", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838002, "uuid": "8610e0ff-8904-4441-a172-6c33ebd2d7f9", "comment": "Malware payload (RedLineStealer)", "value": "98aab473b868e84ad029ff16a24ff1ecae4c4bc3beb00ea431396d57985132db", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838002, "uuid": "52f4c8ff-99a3-4628-8d49-a4c61681ae93", "comment": "Malware payload (RedLineStealer)", "value": "cdc78ebc45993c14de2960bbd54ea1c2cfe9d3e6", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838002, "uuid": "f71cbb07-f0e3-4a6e-af6d-5b45a55c9e3c", "comment": "Malware payload (RedLineStealer)", "value": "9346000c7b44c8ecdeb79ec94e629f9548979f0c0e7e12622ae4182af4febc8eccf8337b92b8b18a4f12c2510a444750", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838002, "uuid": "97d57803-1720-4543-8fc1-5c829e51fb3a", "value": "T1FD840243ABD85432DCB613705DF616D72B3ABCA2693483AF2395945F0CB3694A53233B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838002, "uuid": "ba5337b4-acbb-4858-99be-a48d3e21d7f4", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838002, "uuid": "fcdfa988-79af-46e1-a95d-e0aaf0762ae0", "value": "6144:KCy+bnr+Sp0yN90QE8P3oar8u3gHk4SD/L4dSXOxzCcHnlRH7wf/o/wqh9o1Mr:SMrKy90S6u/IOO8cHnl9GRqrT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689838002, "uuid": "3ac17b62-18c2-4ff6-8e60-c2374d117cc7", "value": 399872, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689838002, "uuid": "8d08c2b8-a776-42ce-96fb-b238782b0714", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838002, "uuid": "98c0223e-1d0c-4622-9b7d-c614cc53319c", "value": "923ce5241f2f8328529a1eb04c1cb742.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7a019072-26cf-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1689838304, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838304, "uuid": "8dc3f472-890b-4d75-87bb-223462e22ead", "comment": "Malware payload (Amadey)", "value": "b2a6158e5066da9cdf80f68a45607dbf", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838304, "uuid": "8fdf633b-44da-4ddb-aabd-7089c00785cc", "comment": "Malware payload (Amadey)", "value": "9be0387d865bef272b66fe34363fa38f5c4e2be5b6b773526bfc1d14b4791eb9", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838304, "uuid": "f7ae4ae2-d5fe-479c-9d2f-243638dcde64", "comment": "Malware payload (Amadey)", "value": "9c0a1b48a8f821e1bfe1cb4266aed6fa30294c9c", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838304, "uuid": "63200b1b-689c-420a-9664-e8e396288383", "comment": "Malware payload (Amadey)", "value": "ee528ab42873d8689eb1b8a4db904d476fbdffc2e468844876546ee9a45014ab5d4a2833d7a8fab8e42b43529364db68", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838304, "uuid": "5608ee5a-551b-447b-8e8f-4056e7fb94a7", "value": "T10AB40213F5D884B7D5B627701CFB12A70F36BCE5497842AB2785A90E0CB3584A53276F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838304, "uuid": "ca03f854-388d-487a-a787-431f93a44e85", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838304, "uuid": "b2ec61b7-fd26-4888-a6d7-e20aa7605c8c", "value": "12288:7MrVy90uCP6AGluvgTtGOTN8F3a56b3WEwjXh:iyG6AGsgTtLma6b2h", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689838304, "uuid": "534151d7-628c-4c19-8b6c-31dc228bb6ab", "value": 526336, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689838304, "uuid": "eac6919a-8641-4053-9a2c-f540c0777dc7", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838304, "uuid": "4ada3edf-0f43-48c9-90b9-2cd3c24f3bba", "value": "b2a6158e5066da9cdf80f68a45607dbf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c3dd9f4f-26ce-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1689837998, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689837998, "uuid": "d50089a2-45a3-4fdd-8af6-092f0eff61bb", "comment": "Malware payload (Amadey)", "value": "77fe152db6ab834d5d19e0bc498a3390", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689837998, "uuid": "26ad3e39-5476-420c-95e2-7cd78075b139", "comment": "Malware payload (Amadey)", "value": "9cb8e2b1548adfff7c012acfadb576ae6e5f0fdcfc0942eeb26b4c9fb8613e93", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689837998, "uuid": "88733674-724b-42fa-927b-a5aca9082172", "comment": "Malware payload (Amadey)", "value": "061f087d858f6f62bb8b825f97037c6adf09b5ba", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689837998, "uuid": "cab03a76-f7e1-4389-9d59-28e595fe5894", "comment": "Malware payload (Amadey)", "value": "1aa58deaec2cf3a15d4ee42045850b20fa308cadc5f2eb4a388b9a2a1132f308e23471816599d2237745d616605c48af", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689837998, "uuid": "85dfd7e1-18cd-4875-bdb6-5531224a9f9b", "value": "T104840203F3E88072C8B42BB058F613831B3ABDA29D74835B2395A95D4DB35C8E975776", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689837998, "uuid": "6ae3535c-e111-478d-a5a0-c56ea14eb750", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689837998, "uuid": "98190ae7-4ffb-4d8f-8932-63d3c43c8173", "value": "12288:cMrqy90Bww5CNmmmx1qYnUAwFcHnl9A0X6YDp:Wy2wwoQmYnpHUQ99", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689837998, "uuid": "93b8ac4c-870e-4a66-9d4a-008747ff9de4", "value": 399360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689837998, "uuid": "1323a743-9a3b-4194-9ecc-7e326e29623a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689837998, "uuid": "b4f0c7c8-4af1-4227-b678-09aad4170d19", "value": "77fe152db6ab834d5d19e0bc498a3390.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a5707053-26e6-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1689848255, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689848255, "uuid": "0b2e96e4-2bdb-4c20-a702-e7a1613befa7", "comment": "Malware payload (RedLineStealer)", "value": "abe9d3749596136311130b89606671ca", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689848255, "uuid": "7d060ae1-f348-44a9-a29f-3dd95124fe55", "comment": "Malware payload (RedLineStealer)", "value": "9e357f2682eb5473bd85a410128f0ed610fcf2fae5897f06f117242fadf3df5b", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689848255, "uuid": "bb5a753c-0af7-473c-a7cd-69e51312c78d", "comment": "Malware payload (RedLineStealer)", "value": "7eed44121115aed202cee5d517c5b923f4baa9d4", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689848255, "uuid": "49b310d5-91e8-4fd7-b9d6-2c842dd22f17", "comment": "Malware payload (RedLineStealer)", "value": "faa70449d9b814ac57dc3b16b1c3ec38702b8855d9ebaac6c6ec63a54c84c8f8e800ab5674c16f759f6c852a7a30842a", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689848255, "uuid": "ad481c9e-41cb-4e32-a07b-71ec8e81c0a4", "value": "T163840102EBEC8072E9B527B06CF703D31B35BCA54934876B2756A55A1C73AC0A535B3B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689848255, "uuid": "cb9e9828-db43-47d3-950d-836e172973a9", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689848255, "uuid": "183f4759-b136-4f88-872c-cd25a2816977", "value": "6144:Kvy+bnr+mp0yN90QEY4e51WXhdG7xF9XRt5KjEVTxkZ7t50apusk:1MrGy90/7SxFhRt5UYk/zpul", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689848255, "uuid": "7c58fc69-1801-4404-8c61-6a88d3495c8e", "value": 399360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689848255, "uuid": "d39b0f9a-741d-4e40-8a60-5fb45fae379d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689848255, "uuid": "ec4350a3-5c2f-4547-b4bf-43d9b79c3cef", "value": "9e357f2682eb5473bd85a410128f0ed610fcf2fae5897.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "041c3261-26a8-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1689821356, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689821356, "uuid": "a880241c-5027-4e2b-9c6d-3b9bc8372124", "comment": "Malware payload (Mirai)", "value": "42cbac6d774055a100edc1c4d8fd1a57", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689821356, "uuid": "89ff4e4d-f1e1-408f-8f5f-36a057549f25", "comment": "Malware payload (Mirai)", "value": "9edce3686ead484f64db96e907d8db4d2beeb23857973c5632e0095931a1907e", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689821356, "uuid": "aa89d834-ce14-434d-96b5-a2960f84f71a", "comment": "Malware payload (Mirai)", "value": "685da6f8cd2d47bb48ab50c70df867e77c1691cd", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689821356, "uuid": "bdc417dc-065e-4c20-825c-f213f11d9419", "comment": "Malware payload (Mirai)", "value": "e611ae184e3a8f1df45023f5687e9964f006f770ec2f2fca9b5571750e761a61799ba9d3e9d28dcfd683e33c528d02b3", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689821356, "uuid": "4feb30ec-d54d-4f66-88f6-4ebb45a5cdd4", "value": "T102730856B8814B22C5C512BAF92E118E332327F8E3DEB2139D116F247BC696B0E37D55", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689821356, "uuid": "9a2d0ac3-55f9-49ac-9359-0a80601645e7", "value": "1536:Nan32WKl1+wx7o9Y1peL7OEf36A6kEa7h0fIVi64fvvvTGPD5uYIWA:HW61luY1wfq4EaZ4fvvvqPDcRl", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689821356, "uuid": "39b8ca62-e3a4-483c-9414-83bff1a2f381", "value": 80152, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689821356, "uuid": "537b58d7-1972-46fc-986b-b36cd7c59d10", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689821356, "uuid": "1e73cf5d-499c-4507-a9ad-21543b6d3123", "value": "arm6", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "63d4dbce-26fe-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689858453, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689858453, "uuid": "45890b4d-4087-4151-9ea3-cc72ab526091", "comment": "Malware payload", "value": "2f8f02f741448bcbc9f8177f6cfec2e3", "object_relation": "md5", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689858453, "uuid": "7c44ae7a-babd-4f8d-a3a9-48f36584800c", "comment": "Malware payload", "value": "9fdbdf346f640bd8d6e93a920187e5a121829d179f8c735776855dc75ec34620", "object_relation": "sha256", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689858453, "uuid": "fa83b8ff-d27d-4544-80c5-e8cc49594da4", "comment": "Malware payload", "value": "393bd5c1bc665b8f403d84058dd8ad348cfb8e1f", "object_relation": "sha1", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689858453, "uuid": "caaa94cf-2883-4408-bec0-7afe6af7f927", "comment": "Malware payload", "value": "40d58707b52c0771858597ccf500f34e595248d49a042e4cf46028933f528d46d1ae1d5323139bcefe05145c540bd723", "object_relation": "sha3-384", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689858453, "uuid": "86a8e39f-e0d7-46ba-be4f-d30cf8eb0b38", "value": "T1585533D964EDE4AD2D923739F43B60AD624F9BDEF173A61049BF0A1DA35D401E436230", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689858453, "uuid": "10a0e6c0-05ed-47d9-86a2-88cefc2219ee", "value": "24576:V47LZKZGHwkcc27LV/7VCmokGfMChQcoaBzlbbJBNUzjl/bPvU7xLYUDgmFjoyNH:2XZKcQc23VjVuf3lbbbWR/bP8GMBFjoc", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689858453, "uuid": "3af15ba5-c070-4a44-bbe0-de33320d1a8a", "value": 1336652, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689858453, "uuid": "aac9641c-3c0b-4fd7-b828-f9aa5e84534b", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689858453, "uuid": "5d9e1620-7d2f-4434-ba1a-d86920bccb72", "value": "FacturaDigitalonline-ID-1689799569.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c1d45962-26d3-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1689840142, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689840142, "uuid": "ed2f495d-f015-43d3-9a77-4e528f587671", "comment": "Malware payload (RedLineStealer)", "value": "5c3913024841f5c14f0ef8c9f3d3a4c5", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689840142, "uuid": "ece14b03-6850-4ff2-bb87-d26029ea133f", "comment": "Malware payload (RedLineStealer)", "value": "a080fb72f5167c76a0076864e959058168d7fdf22699e51b865adc0688eebac9", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689840142, "uuid": "83a8d7fc-a070-4c8b-ac13-1af4871fd01d", "comment": "Malware payload (RedLineStealer)", "value": "370f816fdb27b4f9e5ca32bf8eca2618b28e1443", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689840142, "uuid": "53a34a70-830b-40e9-873c-f1a16f4e029b", "comment": "Malware payload (RedLineStealer)", "value": "6d5aa58f9ec69e37d1b850858275323533c9be3d2c51b75a441848e8e699b7682bb331f3ea59f00fe49890238b33656c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689840142, "uuid": "a864f1de-314f-4daa-a9a0-f151ab91f570", "value": "T13184F983D7A23D48E9278B728F2FC6E8764DF6508E59777F12199A3F04B0076C1A7624", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689840142, "uuid": "caa21be7-81b2-487e-978a-f892b17a349d", "value": "2c1d6f07319e916f23334deb261840fd", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689840142, "uuid": "d02003bc-c19e-4c7f-8038-cde330ba3fa6", "value": "6144:gtn2L1dS5qEPskQcWjFuFVe3tQxSruz4RdyF1aO3ES:gd2JdSlPB5Ve+xwByFkEES", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689840142, "uuid": "b2ddc191-12c2-46de-b91d-4ca823a493e7", "value": 378368, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689840142, "uuid": "7a0e4722-10bb-4747-b814-227d0180bc6f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689840142, "uuid": "fb195d93-06f7-4144-86c5-20afa8a209c4", "value": "5c3913024841f5c14f0ef8c9f3d3a4c5.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7ec99cc5-26cf-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1689838312, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838312, "uuid": "25c957c4-b723-4429-8622-007b5ced809e", "comment": "Malware payload (RedLineStealer)", "value": "c959f9edd32700844b7534c3fe2f7134", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838312, "uuid": "f05d4f08-5041-43bc-8b82-653a5a6899ce", "comment": "Malware payload (RedLineStealer)", "value": "a1eccdd241607a65d2c7a7722d87f992ae42a971ac221b491c59238eafc65a3e", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838312, "uuid": "d344db27-ad99-4c60-8e6b-7e2235a58a64", "comment": "Malware payload (RedLineStealer)", "value": "c979169ce17834f409f58696fe8df4f87171abdb", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838312, "uuid": "a4de278c-6c7f-4a60-b4ff-7007bbf33a84", "comment": "Malware payload (RedLineStealer)", "value": "a0932cc76a8a974a29597d58d85766432e41f61027c68f7c8457b3dd7af9adc484c796b1e5bcd98bed3992042fcc00f8", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838312, "uuid": "95da8f30-ed1b-4acb-90b9-e47cc81be1e6", "value": "T1F7840112A7EC8572E971277058F707D30B367CE15D38837B2386A95E1C72A90A436B7B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838312, "uuid": "6437f908-9091-4042-826a-48dac3b60e34", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838312, "uuid": "013e1ace-8bad-4b37-a231-ca8b68fdce63", "value": "6144:K9y+bnr+Rp0yN90QEqkBYOUkWsjZNoXn+amKytc85aT+YAV1T:/Mr9y90gkaO0x57a1v", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689838312, "uuid": "539de07b-9ae5-4346-87a8-0f338b525ed1", "value": 399360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689838312, "uuid": "b0581b85-961e-4b98-bf49-d52f4227e33d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838312, "uuid": "895268aa-d55b-4d79-9ba0-3df3a531c6e8", "value": "c959f9edd32700844b7534c3fe2f7134.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "907e432a-26f9-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689856380, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689856380, "uuid": "62a05abc-146b-41f6-b16e-3fd86931fc2a", "comment": "Malware payload (AgentTesla)", "value": "611bbee51bf5bb71c0169d1d9bad938a", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689856380, "uuid": "87414e96-6370-4acf-8375-8cac1287d65d", "comment": "Malware payload (AgentTesla)", "value": "a2e38aa46d2276f84e4a8b4686e05aa76c0682f1f375ffa350bda83189061c23", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689856380, "uuid": "3297c19a-7ffb-44f2-bd99-40e024d4178c", "comment": "Malware payload (AgentTesla)", "value": "5fe39f6aff6a0271c6babe27ef10f876c3c8e4f0", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689856380, "uuid": "12499072-96f6-4cef-a8ca-b52a3b504beb", "comment": "Malware payload (AgentTesla)", "value": "6713c23ec887c15215ee44a126c39cd12d5ee65012a1cca71f606f698b97de2413bc6c5180881b9ef5f8f66dfb4e88ea", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689856380, "uuid": "9591809f-7847-4a91-8684-10120a78d306", "value": "T151E4011996ED8BAEC9735BF0F925163C0BB75EA57432C31B5E21B4CA3981B034602B77", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689856380, "uuid": "0787a8ee-83c4-4a21-a19d-4dd0432e35ce", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689856380, "uuid": "4118fe74-8e0c-4fe7-8869-a5d13b21ad44", "value": "12288:HI4S6ln+flo/XciMvspOhd4CDt83zSG52uO6KIB2sxTafR2HAVrBa1Ge6:HIBTdCjEqOhGCJ8WO5KIssxWZ22e6", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689856380, "uuid": "e84d37df-7c0c-4878-998c-55956c5526f7", "value": 701952, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689856380, "uuid": "7e80022a-5f67-4d47-be94-8912efda8422", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689856380, "uuid": "92cad061-01bc-47ca-b90e-17d22cd1ca1d", "value": "SecuriteInfo.com.Trojan.Siggen21.10179.28219.17045", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "78c38119-274c-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689891989, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689891989, "uuid": "d8a3f430-59e1-4d38-9818-23e4d0c80311", "comment": "Malware payload", "value": "aedb7e34caa9664fd459365c92a8490e", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689891989, "uuid": "0a32b6fd-6707-45f7-a729-36988c204664", "comment": "Malware payload", "value": "a34d0fdeea7adfbeac5dfb025c2ebf21b19c55d290c72f5705a7e3b331c41638", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689891989, "uuid": "dc817746-7543-469e-8f6f-c1f81e2c8a12", "comment": "Malware payload", "value": "084e04e5938e2034251f52e7c116de7138d29d27", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689891989, "uuid": "25e49f84-efd7-4d7a-aac0-23d8a4621c52", "comment": "Malware payload", "value": "e3340b3b50610b44bef68d064f2b7e130e2ab1e31201efe3e1129f3c6aca29f81d0462391255ec5b3cc2ba447cfef3e7", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689891989, "uuid": "22b519e6-4686-4787-83af-b49628be6efc", "value": "T1AD9533966EB09875F9708D30AF0AD985DFEB9C6415302D39B8EEEF1E2F77805028095D", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689891989, "uuid": "a6da4946-0dd3-4c1f-b128-5ce9c3279154", "value": "884310b1928934402ea6fec1dbd3cf5e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689891989, "uuid": "5c27e3ba-b022-49a2-b57d-ef9edce5bf40", "value": "49152:b2YLzyoZc14h8uEdeVLOOUbo6II0A1SBYjd5B6:yRCWYLobo6II0A1SBAd5B6", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689891989, "uuid": "68afe0b7-c112-4a40-9fcd-4956e6f6308f", "value": 1962389, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689891989, "uuid": "1352a055-4b86-4ab3-be2c-1a9f3653096e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689891989, "uuid": "4e5c05c4-7973-441b-92ed-0f553d7c6f4f", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ba65fddf-26ce-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1689837982, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689837982, "uuid": "40e4c638-02b4-47b1-bea3-d7a9e05ff444", "comment": "Malware payload (RedLineStealer)", "value": "6999c04c85850c5a81bfac616e6c874b", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689837982, "uuid": "49eaeb89-ae26-4a15-a3cd-25a37dfe97e8", "comment": "Malware payload (RedLineStealer)", "value": "a50afcf5e699ccfdbd8a3eb9c55be70d220f997b335c602141babe7fd4cf1281", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689837982, "uuid": "384d678e-d11a-4f38-84c7-8d7eb63a2f64", "comment": "Malware payload (RedLineStealer)", "value": "c1de10fbba2183f1e23fae38d7e39eb5d7aaecb8", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689837982, "uuid": "cb51bd0b-3275-49b0-8f28-a4ea85e815a1", "comment": "Malware payload (RedLineStealer)", "value": "7535136d17b3cdd25204f17d3db470448d313f5d2a885163b75c0ec962203bfcc66a556e6a9de296c28edbddcfd5c0db", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689837982, "uuid": "a49f568d-8918-4ad1-972f-929d359f8938", "value": "T102840202E7D8C033E8F11BB098FB07D31A3A7DA199B443AF27A568560C73688D576767", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689837982, "uuid": "714ddd34-e74f-4b02-9ee2-534a2a7e1763", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689837982, "uuid": "4a7f3407-02e4-4df7-bfc4-080fc8b9095a", "value": "12288:UMrby90oaLAi1eBxs+gPB9cHnl9CxPpS0Xg0o:fyDJxs+ZHyPgP", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689837982, "uuid": "4f0ddac7-3b07-43af-b52c-208c8fa8831d", "value": 399360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689837982, "uuid": "cd2a3d2e-2b71-463f-939f-bc2879b31d2a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689837982, "uuid": "5ce11d72-14cc-4d9f-8c11-b55e09dfd184", "value": "6999c04c85850c5a81bfac616e6c874b.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "62e4e755-26c8-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1689835258, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689835258, "uuid": "447da8d4-c356-4155-8264-8f2084c62678", "comment": "Malware payload (RedLineStealer)", "value": "5a29cf36bbbf96c36a37af9d6b33a690", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689835258, "uuid": "2b438e09-e705-4432-867d-857ac73981ae", "comment": "Malware payload (RedLineStealer)", "value": "a5380f2ddc7befc4f2c406955c9d605697efa510b339e2913b451b3c7883c74f", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689835258, "uuid": "2c6bc10f-d4ff-4714-adb7-5123527821f2", "comment": "Malware payload (RedLineStealer)", "value": "e06eee19f7c1593dd665b02f54edb52e3ef09a58", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689835258, "uuid": "63a66739-5a01-41ee-869f-f797a92f9c5e", "comment": "Malware payload (RedLineStealer)", "value": "230ba3b5f279f6694f571a1e4d4810352be3698415ab63912d082f073d4e25e06863478172e1b0f4372d55b8a0228927", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689835258, "uuid": "9e5a3287-b312-45e1-8bad-9c67a883ce41", "value": "T1CE840112AAE88073D9B617B05DF743C30A36BCE14979466B3395AC1E09726C0AA3577F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689835258, "uuid": "3bd965eb-2a3b-4a9d-8464-f85723e2c4b9", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689835258, "uuid": "02d77ff2-710e-40d2-b01b-a8565b5e6bae", "value": "6144:Kiy+bnr+up0yN90QEgdkNOaFXYkW8PZNUHyRG+bjmJ4aUlzwHO9tNACfawY0Q:aMrey90ok7VpmmP3Q", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689835258, "uuid": "64df2f34-65a5-4a8a-8e3a-4884d47d8369", "value": 399360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689835258, "uuid": "4a03fbeb-bec2-4d8c-8a04-c5bffd26ecb6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689835258, "uuid": "b405ca13-a4ce-4c58-84f3-a4e5f010a283", "value": "5a29cf36bbbf96c36a37af9d6b33a690.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "488b5853-26cd-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1689837362, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689837362, "uuid": "cf846889-b9f3-4e31-87bb-91aa530f18dc", "comment": "Malware payload (RedLineStealer)", "value": "002a8a537ec4c800d1b75d17385a21ed", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689837362, "uuid": "698424a4-4f7e-4de2-ba1e-68452fca81a5", "comment": "Malware payload (RedLineStealer)", "value": "a76200f76b0e54fbece5eaa741ec03685c3044f824286ae5dc0e3cbb7efc944f", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689837362, "uuid": "792b9c40-7075-4513-8adf-c6ececccc9fb", "comment": "Malware payload (RedLineStealer)", "value": "cc46fed1e1d89aed54b70fe8ac9ae6adbb46ae83", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689837362, "uuid": "c6da5858-e073-4669-90c2-b1305881cdeb", "comment": "Malware payload (RedLineStealer)", "value": "cb97e2e40ac8e01c8770b30f942981c10449dc7bd229fbeea1efdb275e80fa8112be59f7e5ced1242ef5d0c4a4f5b89a", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689837362, "uuid": "38788af3-de5c-4115-9405-fc01d1ab0bf2", "value": "T1F5840153A7E88033D8F51BB018F713831B36BDA15D74836B2395A81A0DB35D8A176B3B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689837362, "uuid": "c3e3c838-61bf-479d-81af-466d5b41c030", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689837362, "uuid": "55a7f25e-1c47-41fa-93e6-e6cdc3b25ef1", "value": "6144:K3y+bnr+Op0yN90QE634w+/L56WNjdLXsUI7mV0cCcHnlRH5ntTttASzq2Vt:BMrWy900Ib56Cjdg3dcHnl9xFsSW2j", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689837362, "uuid": "44b26a93-1a7a-4bc5-ba72-c747af83c746", "value": 399360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689837362, "uuid": "5307b7a5-e04b-4c62-b896-57c00cd7bd04", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689837362, "uuid": "dd92e57e-8c2a-4703-92e2-4426ff94622f", "value": "002a8a537ec4c800d1b75d17385a21ed.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9c640d2b-26f4-11ee-a6f9-42010a9c0055", "comment": "Malware payload (NetSupport)", "timestamp": 1689854253, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689854253, "uuid": "86d050fc-b0b3-4da2-874f-b64ffe4e4aba", "comment": "Malware payload (NetSupport)", "value": "71fd9f6ec20108039a3768ed5f1a9629", "object_relation": "md5", "Tag": [ { "name": "94-158-244-26--5051", "colour": "#39B647", "exportable": true, "hide_tag": false }, { "name": "config", "colour": "#747DBB", "exportable": true, "hide_tag": false }, { "name": "ini", "colour": "#995D98", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689854253, "uuid": "3150a99d-4b41-4abd-96d6-e01fe770bb7d", "comment": "Malware payload (NetSupport)", "value": "a7745866f247714b60d11a466ca9dfeeed141456e69b20e0a98bc84f60ac9f0d", "object_relation": "sha256", "Tag": [ { "name": "94-158-244-26--5051", "colour": "#39B647", "exportable": true, "hide_tag": false }, { "name": "config", "colour": "#747DBB", "exportable": true, "hide_tag": false }, { "name": "ini", "colour": "#995D98", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689854253, "uuid": "2fdf2875-de2c-423d-a9ec-e8cf7ce392f2", "comment": "Malware payload (NetSupport)", "value": "029e9d9e6d2fc67a8b8be392b7c432ca0266351f", "object_relation": "sha1", "Tag": [ { "name": "94-158-244-26--5051", "colour": "#39B647", "exportable": true, "hide_tag": false }, { "name": "config", "colour": "#747DBB", "exportable": true, "hide_tag": false }, { "name": "ini", "colour": "#995D98", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689854253, "uuid": "fea44594-6b82-4ae9-9fdc-21fa1fad33bd", "comment": "Malware payload (NetSupport)", "value": "8e826af48e3a27838b57fa43576ff399048598a40f47933e08532fc5ed017d2d3ea3908209280d400f125022fb6e9708", "object_relation": "sha3-384", "Tag": [ { "name": "94-158-244-26--5051", "colour": "#39B647", "exportable": true, "hide_tag": false }, { "name": "config", "colour": "#747DBB", "exportable": true, "hide_tag": false }, { "name": "ini", "colour": "#995D98", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689854253, "uuid": "be6da0b9-0ac3-4b5c-837e-9fbfac537896", "value": "T1520149020A4FFDAE159BF2D2BA7401D02BD38141E54939216A48585F5E72C1944DEC98", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689854253, "uuid": "87753e2f-2d22-44ec-9532-5fd6a3951ea3", "value": "12:pexS2hz7YU+Sj8ZGSGpbV4omlnxOZ7+DP981E7GXoKIDWss1CYnmSuogBoPH:peI2hzEPI8ZapalnxOoG1fXtIDvsPaO/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689854253, "uuid": "7eb2edef-890a-456e-9610-fef99a9d0186", "value": 663, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689854253, "uuid": "465177a9-4d28-474f-963f-3b776ae9effe", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689854253, "uuid": "6f152daf-99d6-42d4-ba12-534f8aa8d5c9", "value": "client32.ini", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "93e7fc84-26d1-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1689839206, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689839206, "uuid": "3b1b5647-794f-40ae-8cb0-611015fbe192", "comment": "Malware payload (RedLineStealer)", "value": "649bccba2e96f50e9397cc6f51b9c60c", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689839206, "uuid": "a619b071-1454-4f5a-800d-f662664300a8", "comment": "Malware payload (RedLineStealer)", "value": "a867b390916438e8c80ae05288eb116c53d490da0a691f7a851aa62a46f0aad7", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689839206, "uuid": "703db814-75aa-4d65-88db-e78cdea35994", "comment": "Malware payload (RedLineStealer)", "value": "b3d51fb9c6d2a0eebd56f79db147d73b0d8defd4", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689839206, "uuid": "073c1e34-36b2-494e-a89e-745735ef3651", "comment": "Malware payload (RedLineStealer)", "value": "ffff9ded6ffcf4eca7a27f4e8e70eb05028f437f1d99fc3e55061ea45672a4c25107a741ff65dd5f2be61a0d6440ce3a", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689839206, "uuid": "663f2216-4555-468e-b20c-1968937c65ec", "value": "T179840123ABE8C173D8B5137148F70683173ABDE1AD74836B3786589A0D73680A97177B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689839206, "uuid": "2da1ad0e-c4f8-411c-9eb7-62747ed8c490", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689839206, "uuid": "a8b221a0-c115-4c90-a697-47878f5cbf2a", "value": "6144:K7y+bnr+0p0yN90QEqw0LbmbF8ftu6/dh3LBz/CcHnlRHXuVNb2YMQ7D35P0yrs:xMrwy90JWmhyFFh3kcHnl9kxnMQ7Lbs", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689839206, "uuid": "c4ba6720-29db-4521-b457-c5c44fb5eb7f", "value": 399872, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689839206, "uuid": "5bbf6cf2-9b01-4967-8f9f-9d784eb63990", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689839206, "uuid": "87868059-1fbb-48d8-b509-9b234fc37d30", "value": "a867b390916438e8c80ae05288eb116c53d490da0a691.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c378fc5e-26dd-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1689844440, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689844440, "uuid": "b2262f3f-a1b2-4f14-8564-9175fc54a603", "comment": "Malware payload (Amadey)", "value": "6e8ba4f743ed300961a3c2bbfd2bd40a", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689844440, "uuid": "cefe54bc-e6fb-4392-950c-3bc13b0f4d63", "comment": "Malware payload (Amadey)", "value": "a87fb526c3d2ac8af69f3cdfc752ff502914cf27d640dab12aae05642691f04f", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689844440, "uuid": "a5db6ae2-25ae-4d04-9179-c71afddae93c", "comment": "Malware payload (Amadey)", "value": "110bbcdc1087427010cef8fe101ddc9d74941c01", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689844440, "uuid": "5e0c47e6-d175-4a54-b8cb-9a53b23e4f41", "comment": "Malware payload (Amadey)", "value": "f920339f17f8e16425073f3a8d63c61c69ded8fff66867e0b6f2cfdbe50dd4fdc408eb5c494cdf9d63d7d67684acae77", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689844440, "uuid": "1fadca83-1d4f-43a7-bdfb-12edd1da3707", "value": "T16F840252A6E98033CCB51BB058FA03D31B3ABCE55D34837B3385A89E1D7358155727AB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689844440, "uuid": "502a1bfc-b4d9-4b49-a59e-52cb36f251b0", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689844440, "uuid": "5ebfd687-6f3e-46da-b913-97807ff9c9e4", "value": "6144:Kdy+bnr+gp0yN90QERWGdN6jKPnqfR78NInKeKQV06TVLMCcHnlRHVZhXGOP7:TMr8y90vWGbnqJ7M/ecQtcHnl9VGOP7", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689844440, "uuid": "2defb8e7-6f37-4a75-bf9a-dc5edf3f1cef", "value": 399360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689844440, "uuid": "10038753-48c1-4a08-a1b8-5d8ce4a34ee4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689844440, "uuid": "dc6f7bb7-d3f2-48d0-849b-d6c99293f8c5", "value": "a87fb526c3d2ac8af69f3cdfc752ff502914cf27d640d.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5c5437b6-26fe-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689858440, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689858440, "uuid": "fc6dba4e-d08d-4885-be42-41fca2f8882e", "comment": "Malware payload", "value": "cea51eff9b40dcd5ee094abdf7c99455", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689858440, "uuid": "7af0e33b-7c85-4ecd-9cf7-ca0602c11bd9", "comment": "Malware payload", "value": "a8ff66917ce1b21d16c52fc65e8d5182ff5b1a4fcdc66da9a829463842bb26ea", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689858440, "uuid": "d09241a6-27ee-4208-8c4e-400e35f253c1", "comment": "Malware payload", "value": "0c9d79eec4797c78772986703e98ceb4f14c747e", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689858440, "uuid": "63c7ccba-720d-4ea7-9a52-0e1b20571936", "comment": "Malware payload", "value": "17eb241ba237cdcc1c7e57550ee3301b5c600d468759574223f31db853ca05535e77eecc4042e2182b0af64bed4b887a", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689858440, "uuid": "f9babe6e-3b07-4c91-b9b8-5f37dab7199f", "value": "T1D233C657EA5605A1D91DC4700EAE27B4426BFC29CF408BFF83C4FE9D6A33591AD2210E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689858440, "uuid": "3cc968c5-7251-4267-bf31-05e747d146ae", "value": "03ee86231ba6c6dcc8b1fa834b492246", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689858440, "uuid": "6957cfb2-adf0-4f37-a7cd-9c365e3d35a6", "value": "384:ktEEm16gtdUrrIgfwIQeGx6V6w5fcsA/VTljgmmIRKWyCbI7LHKD:e8QtrRwVD615fcsyVTlj7RJyCcv", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689858440, "uuid": "c01f97ba-0a6b-42e7-87f0-d45cb297b5e8", "value": 53248, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689858440, "uuid": "32b6a508-464a-4c6f-a22a-a573befbe3af", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689858440, "uuid": "30041839-de1a-4f09-ab2c-4e2d00aeff54", "value": "Wolf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4917a08c-273e-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689885896, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689885896, "uuid": "5bb836b2-5fa0-46ea-a152-4e2e8c3bddbe", "comment": "Malware payload", "value": "261122e77077d03c241cbc5e79dcb8ce", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689885896, "uuid": "0decf494-6b5c-4a89-8c74-bdd3385027c1", "comment": "Malware payload", "value": "a9165d122edc04cf9e6888dafbc08540603d5209f6474c54a1f0e1cf51a10963", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689885896, "uuid": "63bf14ca-f083-4430-8136-2fac14826074", "comment": "Malware payload", "value": "4d7871f6fc09ef01c816b0491e5bc590e8ceac44", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689885896, "uuid": "e54ba350-0166-43c2-ae33-0b25a83b2c8b", "comment": "Malware payload", "value": "ab190aefc8a7059693415ea466e4af4d36384d88491b69e3762cd03af7622cadcfb685e78f1e992b45cfedcfc71fc76e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689885896, "uuid": "d36c2c9b-ac73-4755-b08e-4ab1bc49ae3c", "value": "T1D1B4BEE150A0DD4BFB0B05F07434BC3966A76E17289AC30A2E97F5D5F5B36BA8225433", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689885896, "uuid": "db54a809-8bbe-48d7-9177-a06bc59f99d2", "value": "ced282d9b261d1462772017fe2f6972b", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689885896, "uuid": "9d608564-aeb8-4ad6-8eee-16b08b915175", "value": "12288:B0C000PjmU4QZNt1CzFDBAKNmHuyhXRFOo+P:z0x7O2Nt0Z6KQHueuo2", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689885896, "uuid": "971dc2fe-51b6-463b-8edd-cc7d4cb73406", "value": 530176, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689885896, "uuid": "02054929-7226-479f-9034-d2d740673487", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689885896, "uuid": "628a4aaa-fbcc-4694-85c3-e613ad4bbed9", "value": "RAIN FOREST WASTE MANAGEMENT SDN BHD_Pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "91fffaae-26f4-11ee-a6f9-42010a9c0055", "comment": "Malware payload (NetSupport)", "timestamp": 1689854235, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689854235, "uuid": "9b675c81-2836-4511-92c2-2d046bbe875a", "comment": "Malware payload (NetSupport)", "value": "551ac258839789fba7a1471c55b0a111", "object_relation": "md5", "Tag": [ { "name": "94-158-244-26--5051", "colour": "#39B647", "exportable": true, "hide_tag": false }, { "name": "config", "colour": "#747DBB", "exportable": true, "hide_tag": false }, { "name": "ini", "colour": "#995D98", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689854235, "uuid": "24699f90-868b-401e-a6cd-b81e0746ee85", "comment": "Malware payload (NetSupport)", "value": "a9fcdcdd5aadb5e927cbb1344339de589005cc73ee7d25aa6afc21ef9b824521", "object_relation": "sha256", "Tag": [ { "name": "94-158-244-26--5051", "colour": "#39B647", "exportable": true, "hide_tag": false }, { "name": "config", "colour": "#747DBB", "exportable": true, "hide_tag": false }, { "name": "ini", "colour": "#995D98", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689854235, "uuid": "cca3517c-c73f-45ec-8d90-99a0672b517a", "comment": "Malware payload (NetSupport)", "value": "3d885aae24bc1bb7f106645059bdd530402071e1", "object_relation": "sha1", "Tag": [ { "name": "94-158-244-26--5051", "colour": "#39B647", "exportable": true, "hide_tag": false }, { "name": "config", "colour": "#747DBB", "exportable": true, "hide_tag": false }, { "name": "ini", "colour": "#995D98", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689854235, "uuid": "5f279cb0-2a50-485c-9b14-38d936bf3116", "comment": "Malware payload (NetSupport)", "value": "179cabe10d46dd44306a9015c29012246a6f40b96dd703b5f859e24389bc646d2890f1b4d5309712a586601d2faf454b", "object_relation": "sha3-384", "Tag": [ { "name": "94-158-244-26--5051", "colour": "#39B647", "exportable": true, "hide_tag": false }, { "name": "config", "colour": "#747DBB", "exportable": true, "hide_tag": false }, { "name": "ini", "colour": "#995D98", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689854235, "uuid": "18702389-a245-4e29-a29f-aeea939f0e20", "value": "T19EA533034F729E84E423317F6CD57930BA6E9336BA627E6CC156CA8720D9DDAC96CC44", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689854235, "uuid": "41463750-f1fd-485a-9a4d-7096c300b8fd", "value": "49152:OcqtE+5PWZMB1qEzda5D/GatWTjvE/OOKncjznXa:OVtEgPdiERqpWvMOODPK", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689854235, "uuid": "84ec2142-4575-4300-8c13-7b702b4bf1a6", "value": 2168614, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689854235, "uuid": "9a1c5c02-b5c1-411f-b55f-fc8a65f20155", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689854235, "uuid": "0c8f3de2-5ddb-478e-aff2-8ca1ab09da30", "value": "ActiveGlucol.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1c628fa8-2746-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689889257, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689889257, "uuid": "9ae5aa40-592c-4726-ac74-f1ed658eb4e4", "comment": "Malware payload", "value": "d335c0fd96458200acaeae1d1b4e136e", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689889257, "uuid": "a8aa58df-9e08-4e2e-a87f-9865d28ee8c6", "comment": "Malware payload", "value": "aaebf0bf78046d2b05aaafd7687351d0fbf6231f522d7919f4c4a5880be5bd72", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689889257, "uuid": "452d3e9b-bb5f-49e5-8305-9ad6750dea2a", "comment": "Malware payload", "value": "ca3cd831c1b3a7eb150fd85720bce119a84fac45", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689889257, "uuid": "c85a0bbd-adda-4738-900d-270a8e34fc77", "comment": "Malware payload", "value": "c0d227966405a06fbdddf2e64edb73f27a32e7bad56cc39ed1b751f56181d0fca8f0af48a80400dd99378a2cf9641e7b", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689889257, "uuid": "646a785e-8028-49f4-8378-8632092b4ed0", "value": "T118168F137288A03AD1A72B3F597BA3006C3F7A7127019C6B7BF4498C4E396416E76B57", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689889257, "uuid": "c8f0e1a9-69b0-43ef-8f04-4e14301b6040", "value": "f4fef01511e59c41a79e6fcc686dc20d", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689889257, "uuid": "c7dc339a-f9e6-49c9-bc89-df4497701275", "value": "49152:4ptbaOdkNVTqUN6SONCXqlbPttWGm9yQat9TBAhkCiWfwVkmCiDPtrS:4psS3l5tWd9KMYVkIBS", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689889257, "uuid": "632d7d99-140f-470e-9d57-deb81ddae366", "value": 4373504, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689889257, "uuid": "f00b8e9c-3074-42ab-8313-7f49e5edc652", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689889257, "uuid": "1ec2af2b-97cd-4d74-888a-8e3961279436", "value": "d335c0fd96458200acaeae1d1b4e136e", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d32542a9-26ca-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689836306, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689836306, "uuid": "a8b5fba2-ddcd-4620-b93d-3355f765aa8a", "comment": "Malware payload", "value": "463145f8936c7e86a5d3345761bc6d65", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689836306, "uuid": "3149070f-f622-4d33-b7a2-acb6986aaa8e", "comment": "Malware payload", "value": "aaf6bf718709c45dda9fc1d5f0d1656702ff664b8c8b202b381db4044efa6455", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689836306, "uuid": "58403be5-df83-4e46-b7d5-97325bbf8dea", "comment": "Malware payload", "value": "bdc7af5cf562dda41a9286be4d3b1f12144d6daf", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689836306, "uuid": "ec51cb08-2ae2-4aa3-b096-160ac240d7c0", "comment": "Malware payload", "value": "ef80576561a6fc44c1fd23ba2db2ecba35955b470070067f1d20fc843c55c5b879347d54fbaffb23213af900249f0725", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689836306, "uuid": "260f600f-f641-422b-b1ff-5ff0895f7a10", "value": "T10566230139C0C076C6772032066AF3B29ABFF4751B2552DF67A41A7E6F306C19B3676A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689836306, "uuid": "9d56365a-f363-44f9-a9b3-072002bcd42a", "value": "ea2d297e3bd3b5b7def0556d0ff46651", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689836306, "uuid": "ff5b97c4-6a23-4521-ac17-af091bc89077", "value": "196608:At2jMGFaPKF6vRcWFPaH162uTql2iXq8gxcS:AUjw5+WFS162uTql2qvgxv", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689836306, "uuid": "e6240d40-8326-4330-a6b8-74c332e8e92d", "value": 6724096, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689836306, "uuid": "59632df7-d27a-446b-87bc-06af0589b15f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689836306, "uuid": "2242c60d-79c9-4fa6-931b-38bf9e91e853", "value": "463145f8936c7e86a5d3345761bc6d65.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "51147ef5-26d5-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1689840812, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689840812, "uuid": "795f06e8-7fb3-47f4-9d75-5d54eac6975a", "comment": "Malware payload (RedLineStealer)", "value": "9e0856c33ca8591efe3d6608e64c5645", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689840812, "uuid": "6076d08d-69ab-4e8f-b434-e1fcc7fd695a", "comment": "Malware payload (RedLineStealer)", "value": "ac1723d4d031a6188aa884546e0b5f5fb080aef2c1abc7c0b72a0a998fa74a2c", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689840812, "uuid": "08fb3f38-eff3-4b64-afd7-2c182cdf9040", "comment": "Malware payload (RedLineStealer)", "value": "fb1e83529bd530e65b7f3d7b41c4632a0940f3c1", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689840812, "uuid": "19892994-af54-4f78-b984-1808dce8d344", "comment": "Malware payload (RedLineStealer)", "value": "3623bf84974ea575137f15cb2211ddb916e49411ae3872a416112f34f5a14b77de7433eb22b00ea9b4db7432ffc2da20", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689840812, "uuid": "50ce0a32-2a24-4777-9d1e-f3259be95082", "value": "T144840113E7E44533E4B5677059F707D31B36BCA289388B6B2385A84A0CB37C4A53277A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689840812, "uuid": "8eedc7d1-22b5-4c46-88d7-2a3f9c9f1983", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689840812, "uuid": "e621db2f-7bb2-47f7-a58f-b4101ea488c1", "value": "6144:Kay+bnr+np0yN90QEzDEXoar8nTgGf26G9FNO3nfzwDr9OH8U/UtHbBy1Ul/:iMrPy90pEX6nHf6FYr1x/MyOl/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689840812, "uuid": "d1d4a990-35c5-40a3-b0bd-583bb7583d7b", "value": 398848, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689840812, "uuid": "860023b5-30cf-4df8-bf8e-0c602a46cd7b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689840812, "uuid": "0e6f37d7-5376-4a7a-b3ae-6298e7cbcb2a", "value": "9e0856c33ca8591efe3d6608e64c5645.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "82c18335-2748-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689890287, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689890287, "uuid": "d5710601-0524-4df5-8233-445cfb178592", "comment": "Malware payload (AgentTesla)", "value": "971c3a680b05325817ed1fc4522c9667", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689890287, "uuid": "430584f1-ea71-49b7-a2dc-2d2cfd72c977", "comment": "Malware payload (AgentTesla)", "value": "ac358d18315f1bc837b902417ec7dbcbdf7880fad906dd0b0d0a4163d8f9e7e7", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689890287, "uuid": "58f71caf-bbb6-4568-9ed6-996dc84bf6f5", "comment": "Malware payload (AgentTesla)", "value": "4e76729cbe78bcc33aae675a27cc08f66acafe9a", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689890287, "uuid": "17df0830-0e95-4915-98cd-c5770c2875b2", "comment": "Malware payload (AgentTesla)", "value": "4dd32d9bd66fecd3c9c2de6ff1cb303864838dc0eb56ce15f8d2d5e2ad2aa08ee38f3dd9ffa95aad1fe0e32d3ae10874", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689890287, "uuid": "068a8e68-3c79-41ea-9506-c603a42cdbbe", "value": "T1CCE45C9F31B8C786E56D72A074214639C9EE942F61DEE7486F24E0D806EA7EC1054FB3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689890287, "uuid": "6f9edf24-1ed1-4913-a186-33bb8df035c4", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689890287, "uuid": "d6fbab10-3aa6-45d9-988a-798479c31015", "value": "12288:keVHOYg/RQzbWm+9TJVyC2+U/+Im2TjtERZCCR:7G/azbr6JVyL+WmcOt", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689890287, "uuid": "a7791145-41ca-4f16-84fc-69e0162b2213", "value": 673792, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689890287, "uuid": "73243adf-c900-4b46-bebb-9102d2e31318", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689890287, "uuid": "6180030e-1ea4-4afc-98e3-9314041aa47f", "value": "MSC NBO Rate For AU&NZ 07.15-07.31.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "82470853-26cf-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1689838318, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838318, "uuid": "b7a61422-a21f-4770-aabf-cdedf35ce4dc", "comment": "Malware payload (Amadey)", "value": "3cdb56a6aa6390aeed8a2a2945c3fbfc", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838318, "uuid": "89fc275a-9cd6-47cc-b512-339486b5688b", "comment": "Malware payload (Amadey)", "value": "ac89b04723def18e81caa9824ef477c215c7c67db72993bc615b7607e00dc127", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838318, "uuid": "138d2f4f-fe4d-4b67-9283-e2a8b307ca91", "comment": "Malware payload (Amadey)", "value": "3cf0816ed200c6a555b571782867e0110f4f63a8", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838318, "uuid": "63600447-8368-4a70-8188-2ac9f4b47c0d", "comment": "Malware payload (Amadey)", "value": "3bac0720746cc22b8875c99a4a4efb1e4dc57d469eb9644ece89292094c5d95abd537d21eb0737263161eca6d532b293", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838318, "uuid": "c0b358a6-a5b0-4910-9e08-468c3752c7d1", "value": "T1E8840112A7EC9132DCB117B019F703931B3ABDA25AB083AF379198594D73588D67273B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838318, "uuid": "9247a964-d56e-4f39-bc22-e07368950b1f", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838318, "uuid": "ef3d15da-0145-41a7-b813-dd5be774eccb", "value": "6144:K5y+bnr+Up0yN90QEmfouXLTr2dXrlDfysrALXsDjAmV5aCcHnlRHwwUoM1QE8cU:zMrIy90LASJhfbrAQF7cHnl9NUXilL", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689838318, "uuid": "fccd4a19-7d4a-4815-a2c2-fb34fd0980bc", "value": 399360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689838318, "uuid": "3b3a4fbe-8cc2-4e9a-b95b-2a4cff71ee6c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838318, "uuid": "709f9b8f-ed0a-4bb6-8bcd-8bd9be922077", "value": "3cdb56a6aa6390aeed8a2a2945c3fbfc.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fedabba7-26a7-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1689821347, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689821347, "uuid": "92a6dd8a-4260-453e-ba02-f892da8d035c", "comment": "Malware payload (Mirai)", "value": "0e92e935e85d521aa08dd13a3ea0d130", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689821347, "uuid": "b6f1b1e3-7ffe-42f0-addf-1e498932f127", "comment": "Malware payload (Mirai)", "value": "adc734dd52c95cd881c212f70c722e687445240cc97e7e928bce322c3e2233b0", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689821347, "uuid": "cf5e80c0-6a1f-4fe5-9f8c-76a613c7a381", "comment": "Malware payload (Mirai)", "value": "c60128c3a6959134b12248b1b6ffb8e04aeffa38", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689821347, "uuid": "72669f1d-ee30-4934-bc0c-051b9a0472b0", "comment": "Malware payload (Mirai)", "value": "26f00a6848127306f77d82795e452cc1da40978643374540534557dd50bca743fdae9154168d6d119e61821617516cfc", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689821347, "uuid": "c7979528-a01d-4062-911f-4884f61ef86c", "value": "T12D632891BC815623C6D5127BF66E42CD372623E8D2DFB2079D225F2037C691B0E37A96", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689821347, "uuid": "4d627fe7-6c4f-4304-8318-af34a44584be", "value": "1536:PeCaOmX5HOH7IBMnvLLWHwb/yAIJ16QUeepIUy96O4vQWG:2C86KwGPgQUeeprWmQn", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689821347, "uuid": "69854975-cbb1-4115-a31e-7dd8bf1fa9d9", "value": 70972, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689821347, "uuid": "b2bf5476-ef01-42c8-a670-e9a391b09348", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689821347, "uuid": "564150d2-0f51-4633-b347-1a4c5f02e0e3", "value": "arm", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "73129c7d-26fe-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689858478, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689858478, "uuid": "268ebad6-e841-48cf-b665-73e7b9a98f35", "comment": "Malware payload", "value": "daea2dfc84744b4755e886e3d3ce1e51", "object_relation": "md5", "Tag": [ { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689858478, "uuid": "4c37cbeb-d50c-4d08-80cb-449fc32c1016", "comment": "Malware payload", "value": "aee7b522b428c380869d82b92d3aa4c565ba62cf7bba643c276da4883511ad0c", "object_relation": "sha256", "Tag": [ { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689858478, "uuid": "7033f687-337e-40e9-b62c-a379561e67d5", "comment": "Malware payload", "value": "8905e906b1490ab4d4406bd28af03b33f7c0afed", "object_relation": "sha1", "Tag": [ { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689858478, "uuid": "fbd60269-c3d2-40b3-bed9-f3885aa84946", "comment": "Malware payload", "value": "bec45f44cd44bfbd080d89701ea1b3e6c0d222fa0b38dbd133a674d63abb39d51d9dce7ad8a5c7ebc39fb5cc1293664e", "object_relation": "sha3-384", "Tag": [ { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689858478, "uuid": "b9290fbc-b256-4272-bdae-a7a3a8d197ea", "value": "T17EA63A6BB1A4812AD11DC13ED0B3DF40953374751F36C5EF9294126A0EAB9D8DE3EAB0", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689858478, "uuid": "0924cf83-f21e-40a2-8889-47d9efe272ef", "value": "49152:TTftejd93NQ9EWDZqTATFnYBP3Slqm0IH7zSj3d/jzTF3Kiglz7h01hvKwPvY3Jl:cd93JWblz4TKl2vPvWJv0", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689858478, "uuid": "2a559d3e-90e0-4a6d-bcf4-46323e0c2e36", "value": 10192384, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689858478, "uuid": "83272e4f-9b24-4edb-b577-eb67d55540d7", "value": "application/x-msi", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689858478, "uuid": "11db93a6-5dc3-451c-bc98-41953406f670", "value": "Copia_de_La_MismaMPHJTZDAKVdirgzAXVVRSIEYRqhtjm.msi", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ffc18668-26e0-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1689845830, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689845830, "uuid": "d82c164c-136d-4d0c-a314-447995b0da0e", "comment": "Malware payload (Amadey)", "value": "44a047cbd135116025f03d56a8ae6c2c", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689845830, "uuid": "f646edba-e1dd-45e8-b148-e4f1e983a7bb", "comment": "Malware payload (Amadey)", "value": "aeeb0e09949d47114dcfd44dc230f1522ad365b5935ab063b822e82928afad0e", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689845830, "uuid": "95b691a8-6a39-4638-bb25-2384579d5053", "comment": "Malware payload (Amadey)", "value": "66f506da3a2fece2b2c458a712245c49a9c1effe", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689845830, "uuid": "7db4701b-5fc9-46a1-b9b8-7a8e257557ad", "comment": "Malware payload (Amadey)", "value": "cd8e3450302d6556c650d4cd4e8816a84c8cdb6a80d0702151e166eeac7917271527416f47344490d87915857b0750b7", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689845830, "uuid": "e62c12c0-9b2f-4ffb-ad2f-71d9dc0b71cd", "value": "T104E2F10E1AA4A0DDE59651B280C39E77EA8433D314A673C8C173AFFDD787F81B591268", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689845830, "uuid": "9b28de0d-7326-4e03-ad5f-f266ce811b9f", "value": "384:K9VD6tee+qUOTd2opQTLAdz1SvNmhpdvOjT7PbA6HBiTSnjxZMdP05ldpRMaYIBI:k6Qe+qUv8zcqdvOXA6XkPslJvGaVW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689845830, "uuid": "e1b00bd3-545e-4d6d-b7df-5b530bb0b3ec", "value": 31314, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689845830, "uuid": "2e9fa052-7601-4952-b931-4b46381e636d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689845830, "uuid": "323d5fe3-cee2-4238-b3f7-f5aaa45d4dc4", "value": "44a047cbd135116025f03d56a8ae6c2c.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ae009aab-26e6-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1689848269, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689848269, "uuid": "47f6ccdd-aae5-4390-8a26-4362fd2d4e16", "comment": "Malware payload (RedLineStealer)", "value": "44f44dded8ad5ef66bd928d17f748923", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689848269, "uuid": "d1d651b4-f08b-4172-af6b-8a25eeed7207", "comment": "Malware payload (RedLineStealer)", "value": "b1ef8e8fc35cc8f9646a29e93322ce23de31a21825ef867ba9bf903a203d5efa", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689848269, "uuid": "3bec2802-623b-4800-8814-246e2262aa5c", "comment": "Malware payload (RedLineStealer)", "value": "68eabdb803cb5a7764364b7d30991b231de59690", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689848269, "uuid": "66dd6899-cba7-48a7-9f32-86d36bc84012", "comment": "Malware payload (RedLineStealer)", "value": "ba968efdd1efe525767d3f767ca0745e89abbcc6aae8ca1728039ec5fb351e4e113394011976b5f2d740e6a971335506", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689848269, "uuid": "6ea109fa-f5db-4b22-a972-8fa8c9717335", "value": "T16C840983C7A23D49E9278B769E2FC6E8764DF6508F4D377D62189A2F04B01B3D1A7610", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689848269, "uuid": "10cf44b3-b154-4f5d-8d72-caf45b05e53b", "value": "675e338c40bc907ae80a56e3e3f59843", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689848269, "uuid": "5ffe2024-3ace-46bb-b190-eda22f7a0184", "value": "6144:8t0LSNWG423ZcjxPqwh6JhzkqdZBMvbjEenmgJS:+0+NWG42JcjIwhS9kN5JS", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689848269, "uuid": "0c8e145f-853d-4fb3-b1a0-7c7735842982", "value": 378880, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689848269, "uuid": "0c8af5d2-2deb-421b-b012-f7cf19f7e6c4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689848269, "uuid": "6664bcdb-556d-48f5-9d6d-cf77043f4a26", "value": "44f44dded8ad5ef66bd928d17f748923.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6515357f-26c8-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1689835262, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689835262, "uuid": "f87e92e1-6bb7-4490-8978-d4af545e906b", "comment": "Malware payload (Amadey)", "value": "56d34cca840bb1840d959c7bfa71f175", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689835262, "uuid": "f621d3aa-8f36-404f-a776-28a545801be2", "comment": "Malware payload (Amadey)", "value": "b3b9cd87ed117eff25ebae286512425b6d778c82802a6b097ac45b68e438e159", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689835262, "uuid": "d12b9bad-b6f7-431d-bdc1-259ea7b68774", "comment": "Malware payload (Amadey)", "value": "14af65fb8f211962bd73452aacd0a7076bf49feb", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689835262, "uuid": "532efa1f-a3ac-4d32-8a11-a0a8b918c34b", "comment": "Malware payload (Amadey)", "value": "eb4593ad37f7227e638f992b04afd12aecdcf8ef290a62a384d25c8ebfaf5bc2ca173b960553402b41b868dd023d5846", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689835262, "uuid": "df3effb5-58ad-4924-83af-49f6cfc6924a", "value": "T16E840103E7EC8032DA7927B05CF703830A35BDE15D34976B2786695E1C72698A1727BB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689835262, "uuid": "91583642-f5e4-4ab8-997d-78174131b6f9", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689835262, "uuid": "9a172086-01dd-41a7-a265-05b655f75311", "value": "6144:KEy+bnr+Cp0yN90QEBM1UkWcnZNbS6AxEUfPvC+EWgDzyGsj6U:gMrqy90vMwnPqW/GzU", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689835262, "uuid": "357192ce-d36a-4dde-93df-f53f227dfa91", "value": 399360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689835262, "uuid": "4c5b62a9-e9cf-46c6-8dad-67a1365b8f54", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689835262, "uuid": "ac5cca17-480b-4930-b6bc-bd5999aea378", "value": "56d34cca840bb1840d959c7bfa71f175.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9cde5552-26e4-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689847382, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689847382, "uuid": "8004d849-3333-49dd-8c89-fadf21b40b0b", "comment": "Malware payload (AgentTesla)", "value": "ae2ec008bb91488f36ed12f424cfb866", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689847382, "uuid": "d752b57b-51c3-4844-b08e-149833006380", "comment": "Malware payload (AgentTesla)", "value": "b41cd8fea04340e41aefd4a9893dbeb87f66b4edf5ebfbcf952c38d78f43a165", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689847382, "uuid": "db5b6a70-1575-4930-bd7a-2612167eefe8", "comment": "Malware payload (AgentTesla)", "value": "9dc4d1e487564ee490647ae47872a65315d80b53", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689847382, "uuid": "63f5757d-0147-44d4-b861-9f2354032b06", "comment": "Malware payload (AgentTesla)", "value": "46900013cd174518ca1305413dc69dfdf19153b2d4b9ac758b5e20f7cc0d1cac1e80e75f6a7ef9a2f5d839880088f5da", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689847382, "uuid": "20655af1-113f-4f8e-9fa7-7b3d64073f40", "value": "T158F4021496FD8BAAC9731BF5EA24193C47BAAEA67032C35F9F1270C23951F03550276B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689847382, "uuid": "762a891b-3fc0-4d86-a0bb-2af14c8df3b7", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689847382, "uuid": "d9bda682-ba49-4270-ba94-f0c01d6d1e89", "value": "24576:LYJTdCjELG4+WCAQayWJeHqtuJ7KwgG6b:Lg5CALG4zCAS0wr6", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689847382, "uuid": "9f3abbf7-ff73-413d-aca6-ee8dd68085fc", "value": 793600, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689847382, "uuid": "cd4f9b5c-6c7a-4a21-940d-2e54f2f4c7e0", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689847382, "uuid": "ecf335f6-ef83-4467-b424-e32579a16590", "value": "New Order #60-2309584.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ea19d464-26cb-11ee-a6f9-42010a9c0055", "comment": "Malware payload (STRRAT)", "timestamp": 1689836774, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689836774, "uuid": "d1b2491c-1534-4ce3-9d11-4c88887303f4", "comment": "Malware payload (STRRAT)", "value": "a4fa790286b45af49eb5fcad50e2cd93", "object_relation": "md5", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false }, { "name": "STRRAT", "colour": "#DA76AC", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689836774, "uuid": "694e6679-1da8-4f3f-acdb-1d37e68f8ced", "comment": "Malware payload (STRRAT)", "value": "b422036434909b2570213225ab66b02472b6a8bac3e952b18f678e15f98169b3", "object_relation": "sha256", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false }, { "name": "STRRAT", "colour": "#DA76AC", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689836774, "uuid": "c4d0e7d5-1d3e-432b-83f3-57a9c84d59d2", "comment": "Malware payload (STRRAT)", "value": "9657618d7301857ead5667c797ba43095ad0af5b", "object_relation": "sha1", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false }, { "name": "STRRAT", "colour": "#DA76AC", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689836774, "uuid": "7fb5e8d9-a6c4-48ed-8385-bc62265e24be", "comment": "Malware payload (STRRAT)", "value": "9a2ec5bc23f3f504fa7cee38c1f51c8c1518dc4bd72b8b94df49b44d539a4ddc9b133c0ee20029131a146879dd133c28", "object_relation": "sha3-384", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false }, { "name": "STRRAT", "colour": "#DA76AC", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689836774, "uuid": "87e17a2f-06cc-4006-a78a-d6dcd3cccfc7", "value": "T1CC24015A7DC6D1E9D6178437131882339B6CD1A4F580527B79F8083A6DB9C2B0BC9BCE", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689836774, "uuid": "001e28f5-4432-496b-9ee3-17c812d8e172", "value": "6144:U7VLRmR8xKygk1gk1DL3vrfMgyGhHv7ezbxJ:U7hQ6x+k3DfM8R7WJ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689836774, "uuid": "12227dc3-9eb6-4f24-947c-56a9d0cd46ee", "value": 223895, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689836774, "uuid": "2a08418e-0612-42f7-8d41-36cd0304b1cc", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689836774, "uuid": "afad6ce9-3dc8-4861-95d5-7f6686ccf2f6", "value": "SPEC-HUAYU-005186-G003-23-0450-074.jar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f1b0254b-26e5-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1689847953, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689847953, "uuid": "c41cb5fb-9102-4c28-8bed-c51ce34f31dc", "comment": "Malware payload (RedLineStealer)", "value": "dfd80a70b1310b33ad6be4dcb1bc8dc0", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689847953, "uuid": "89d6acec-1981-43f5-b8d1-223db3061ba7", "comment": "Malware payload (RedLineStealer)", "value": "b5af2067aca0965204b2df89019af703c3e3d58f9f3bef8027823e9524ac7e36", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689847953, "uuid": "4845d8a5-3653-44e1-b25a-7a7aa8151a26", "comment": "Malware payload (RedLineStealer)", "value": "46b86c3af89a571eedb916c078bf863142883892", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689847953, "uuid": "dcabcf4a-382a-4250-8571-775ac7abe08e", "comment": "Malware payload (RedLineStealer)", "value": "589ce23cf6f363a57769e38521317c359c7e2e9fc14da01392821735cf8d2fad1c15b6de72332cc80933789dd783e49d", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689847953, "uuid": "088ce2cf-8aab-42d1-a559-949761c67646", "value": "T1F6841A83C7E23D89E9278B729E2FC6E8774DF2508E4D7B7D12199A2F04B1076C1A7614", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689847953, "uuid": "47a3267f-90e5-42b9-b1de-85ced208c359", "value": "675e338c40bc907ae80a56e3e3f59843", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689847953, "uuid": "15f3b4fb-5e58-4387-bcdc-f96a51ea06da", "value": "6144:jZzLVUx54pPzeXiSK0r0k9Vs7AuKcdQzMqS:1zBXPzvSB0kzy/qS", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689847953, "uuid": "16adcf0b-a4d4-4ed8-972a-4791e33e5b50", "value": 378880, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689847953, "uuid": "5b7c55f8-9acd-45d6-bfc8-a6be67ebcf04", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689847953, "uuid": "244379dd-c60f-4ec3-9be5-8ab80ae4af5a", "value": "dfd80a70b1310b33ad6be4dcb1bc8dc0.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6bb68b5c-26cf-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1689838280, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838280, "uuid": "7a568b80-d2ce-463c-a249-29e1a4997277", "comment": "Malware payload (RedLineStealer)", "value": "9258a9b47e2575ed283d0ce463202ce9", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838280, "uuid": "e0e0d545-d512-4e68-9227-7442fbd8aabe", "comment": "Malware payload (RedLineStealer)", "value": "b627345a302e92511edc0df46fbbd1478739d71ac6d89376f40e479afa1546f1", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838280, "uuid": "079b1e90-de1c-4210-8d1e-934debd03417", "comment": "Malware payload (RedLineStealer)", "value": "8fcfe1b55d9348e60dad18673f57bbac4d95103d", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838280, "uuid": "976a8b1a-4ad4-430f-9065-cc539854b9bf", "comment": "Malware payload (RedLineStealer)", "value": "e3a74929470a9da7365f821c5301fb7aa18d74d92478f9df4eaf3f1a12a866be0bc8868e09f9cb45bb361f650d344e88", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838280, "uuid": "f19671d2-3298-4b72-9977-5bf567b6fd26", "value": "T1D084F152FBD88023EDB4277048F702470A35FCA19DB453AB2785992F4C73AD0A9757AB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838280, "uuid": "9e991764-60ad-484c-90c3-169d0500ce2b", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838280, "uuid": "95b7f848-751f-40e0-b4f1-74be9d65156a", "value": "6144:KDy+bnr+Zp0yN90QET1OkQsrqTveyRpJKtXgomFtje7ua4R3S2zCjtKZJaSVU8/0:BMr9y90aOmqtE4/4Ri7j8eSi8O3r", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689838280, "uuid": "0f7b8025-05c3-4be0-b646-91315a3f87b4", "value": 398336, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689838280, "uuid": "349d61cc-36c0-42ed-8651-2635a245294a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838280, "uuid": "f696f580-75ca-4303-a5b9-a8912aa77a42", "value": "9258a9b47e2575ed283d0ce463202ce9.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0f484864-26ce-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1689837695, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689837695, "uuid": "b4d5e773-9742-4f41-af91-9cebc991ad4d", "comment": "Malware payload (RedLineStealer)", "value": "562ad8988aa8f5996f83f8d89bd60506", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689837695, "uuid": "c467027a-8fc2-44f4-99d0-b2fbd0c1978c", "comment": "Malware payload (RedLineStealer)", "value": "b64dac067da9a8b1834b0e7b76de4c89dc1b6dbc06e59492f1d4929a58fb22ba", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689837695, "uuid": "0521a3bd-211b-491a-92e7-b2f5d355cd7f", "comment": "Malware payload (RedLineStealer)", "value": "666813346c2ea69224d18780e577bf74d8c29ffd", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689837695, "uuid": "b7d23645-fd1f-4b5a-ad5a-afa09f172159", "comment": "Malware payload (RedLineStealer)", "value": "da997d9806deb994cdb5e59425e6b3e949bc1e289a67e401e6822e58afeb60510e427d63080c81344b1ced1d5424c00e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689837695, "uuid": "6785ff1d-f581-4a1c-80d1-619e969695a8", "value": "T1BA74E02236D0C076D167A9B01870D6A22A7ABCB1AB7161CB73583B7E3E307C15B35797", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689837695, "uuid": "a529f7bb-d02d-4ea8-82a8-ca9b9864bbe0", "value": "5dc16ea88b2eab7740fd105d5e24a675", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689837695, "uuid": "7dcbe22c-64a0-4915-9e54-e517bed2b769", "value": "6144:uxDL7YtCRc5VxqHu8aPkp1+8kog1xShotFYHf4s7BF4ltLMHf:ud3Y8G5V90ztko0ntFYgs9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689837695, "uuid": "16a335ec-c836-4ec4-98bf-62bb523926df", "value": 355328, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689837695, "uuid": "eddef523-fe05-475c-9442-b90e570309cf", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689837695, "uuid": "ca45f9c2-fff8-43ff-b259-c6ab210e4ac7", "value": "562ad8988aa8f5996f83f8d89bd60506.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "60da3559-26e9-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1689849428, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689849428, "uuid": "ca3d7a32-97f9-4952-bd3a-068d6f2e393d", "comment": "Malware payload (Formbook)", "value": "19d68ca85f31d1924e00a8a750a68cc1", "object_relation": "md5", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689849428, "uuid": "ec614081-4917-4a16-92a6-bb482afd0563", "comment": "Malware payload (Formbook)", "value": "b6a032aafd8e07de9459da5e5f6936791d59434a4e0c8ceb63ddcb2b9d3737b3", "object_relation": "sha256", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689849428, "uuid": "0b6368b4-e1c3-43fa-b02f-cb098fe95423", "comment": "Malware payload (Formbook)", "value": "0c7f0245a9c9f39707dd8ec1c17b40c5b34a6c31", "object_relation": "sha1", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689849428, "uuid": "916b58dd-ea09-4aa8-af54-2a804f2cb0f9", "comment": "Malware payload (Formbook)", "value": "039eb6ede2cfbd68844e9c9ec9276634927ba3ffcf5f3ebd0c6655245cfd0b80b6fd77668f25b306f909728f173e4ae3", "object_relation": "sha3-384", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689849428, "uuid": "c63551f0-98b8-4a8a-85b9-e4760740639c", "value": "T1F8442317335A86C63EB21C0574B7A763068958C589B4B91FF38C44BF2069329C5FA3EE", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689849428, "uuid": "e41754bb-b9a0-42cb-94ec-c663e6e65d0d", "value": "6144:hZmu0NyqNfV7ypqwem8l4fOYvFhEnSh29YSO4vC48xQO/oCyA:vmtjyw/m8Of7hIAcO4T8x3Px", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689849428, "uuid": "46b73ccb-4e0d-465a-ab35-b1e03ace11f2", "value": 262848, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689849428, "uuid": "0b89fbe9-4547-44ec-aab0-b618888fbbe6", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689849428, "uuid": "23e35580-043e-4bbc-bd43-f95247f6ac65", "value": "New order.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6192e350-26e3-11ee-a6f9-42010a9c0055", "comment": "Malware payload (CustomerLoader)", "timestamp": 1689846853, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689846853, "uuid": "39ef85c9-0e25-4a4c-a55f-fd2203e726d5", "comment": "Malware payload (CustomerLoader)", "value": "0752edd457a41363b5a593800c165189", "object_relation": "md5", "Tag": [ { "name": "CustomerLoader", "colour": "#57A5C4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689846853, "uuid": "b3b49891-a899-4de0-b29c-45d5d1e68a46", "comment": "Malware payload (CustomerLoader)", "value": "b746de15177b978b92885e6948bbf25a8877f13f1f510bde9d7b354efd7da682", "object_relation": "sha256", "Tag": [ { "name": "CustomerLoader", "colour": "#57A5C4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689846853, "uuid": "93ea41bb-a338-4d41-9df0-0e104e4fec26", "comment": "Malware payload (CustomerLoader)", "value": "7453632b948c985710eae6b714899b806e29ddef", "object_relation": "sha1", "Tag": [ { "name": "CustomerLoader", "colour": "#57A5C4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689846853, "uuid": "0504111d-0ce8-4ec8-af72-e166abd683a2", "comment": "Malware payload (CustomerLoader)", "value": "c5d64ef1529250f8977eccf6470ca14d37c5134b5a1808cf75c8561540e1219375807e470d263eac060209341ecb04eb", "object_relation": "sha3-384", "Tag": [ { "name": "CustomerLoader", "colour": "#57A5C4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689846853, "uuid": "877659be-67ce-4645-a761-684fae69406c", "value": "T15AE2E123334BDBE02E5F6816E984C0C442794AEBAE2E99ADCA5583FA09BD451914CC79", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689846853, "uuid": "e2add246-b564-4f33-b058-4d358c77a14e", "value": "768:wHNpELquKhzA+bthFRWXdANTfbX3KxdmoiitWOHZQh4:OSLquKhzAI3m+NTfLKbzHSh4", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689846853, "uuid": "4e65c26d-af5c-4d15-aba3-e00dbda26e45", "value": 31542, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689846853, "uuid": "e6b8d636-2186-48ae-bde1-12258a28ed71", "value": "application/x-7z-compressed", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689846853, "uuid": "9da65446-4ce6-4aa7-b9a8-35df7450491c", "value": "ORDINE N 1233_JUL7FIBA00541.z", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5589a9a4-26f6-11ee-a6f9-42010a9c0055", "comment": "Malware payload (ModiLoader)", "timestamp": 1689854993, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689854993, "uuid": "485e22b6-b0be-40d9-8b7a-c39e0935a4dd", "comment": "Malware payload (ModiLoader)", "value": "8c1e52ac9553fab121ee950749fe1d31", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "ModiLoader", "colour": "#54DCEC", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689854993, "uuid": "6413ffb5-b317-4de2-be1c-dc4beac24fdb", "comment": "Malware payload (ModiLoader)", "value": "b77daf934032129b309e2cb8b32fb54cffba2691768520d5c6190cb9ba15a059", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "ModiLoader", "colour": "#54DCEC", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689854993, "uuid": "b5dca6f2-d51c-4c0d-afc3-40cbc92bda9c", "comment": "Malware payload (ModiLoader)", "value": "88ec187133d7e63abf95bfd47005f16448be2fb7", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "ModiLoader", "colour": "#54DCEC", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689854993, "uuid": "80eac352-3727-4ec5-bc37-564cf150eba7", "comment": "Malware payload (ModiLoader)", "value": "dfd6817481dbc46b5547d288e555f5e2b01f9925fb92231717276392bf7aa854d50ef43d8c48572d5f84b6895fea945f", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "ModiLoader", "colour": "#54DCEC", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689854993, "uuid": "704b3f81-f9ea-4ff5-81b8-b52a1389a3c2", "value": "T128059E21F2B285B3E2627E748C2657A554797F602538140A6AD73DDCFFBB3926C281C3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689854993, "uuid": "6340ee21-084c-4317-9ba8-c9fd30a19114", "value": "da21ccc93f3893853ed8366aca50ca61", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689854993, "uuid": "35a61927-5c07-49b6-89b9-23370e6597ae", "value": "24576:rk/A25GoqxIJs7ks3XJrPz6cDCnvMhqv9:rKAKGj7ks35rPmaCnvMsv9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689854993, "uuid": "2ed5d6e2-d150-41dd-a90e-36a6151bf809", "value": 808448, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689854993, "uuid": "a57ac8c9-a0cc-402e-b0c0-c4689d419668", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689854993, "uuid": "118a7ac0-5193-41cb-b875-5c54ac7b8cb1", "value": "8c1e52ac9553fab121ee950749fe1d31", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9b96c3f2-26e6-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1689848238, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689848238, "uuid": "c0174cdb-1f6a-4371-90c2-6b33ebc5dee8", "comment": "Malware payload (Amadey)", "value": "c946efc09f042994b3fa0608f9ba35f6", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689848238, "uuid": "7f863c9a-3581-48ab-870d-842d20ca62dc", "comment": "Malware payload (Amadey)", "value": "b7f194fbd0b6a22905095a7ee70d54e3bc260e6c5d14c08d835df920720e26b1", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689848238, "uuid": "ca45f79d-8ed1-41c4-9972-04c6d3be89a2", "comment": "Malware payload (Amadey)", "value": "4bb31b0cb17d72c6ccd87aafde34054d6c302f32", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689848238, "uuid": "872582fb-0430-435b-a30d-f6f81948a8fc", "comment": "Malware payload (Amadey)", "value": "7d1a311a6249b746593d111c0c29e5b98d76011a18cbd73f11549a07d571e3d3023d8b3ac68be26ff73ada15255b333c", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689848238, "uuid": "d0818b00-3521-40da-bbff-9a6349ca3351", "value": "T15B840112ABE88472D9B5177018F703C30B3BBCA11D78832E3395988E5DB2589E5757BB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689848238, "uuid": "7aba6d3b-cd47-4100-8416-5624248bff69", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689848238, "uuid": "6c1a5070-77f4-47b7-98eb-f16c4bfe7c45", "value": "6144:Kqy+bnr+op0yN90QEe7deIdfkWMjZNeZ1LyXsnhcPo2dN2CcHnlRH+9AIyGrsgi:KMrsy90AeOF76PoUN3cHnl9wAOr5i", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689848238, "uuid": "6cf275bc-d690-4192-9364-548bb804b926", "value": 399872, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689848238, "uuid": "5bcf3822-2b74-4352-82f5-2988ca82381a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689848238, "uuid": "2511be86-d12d-40df-af06-e99e354e693d", "value": "c946efc09f042994b3fa0608f9ba35f6.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fea069cb-26e0-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1689845828, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689845828, "uuid": "cb831a0d-d41e-4035-8009-6b4934eedded", "comment": "Malware payload (Amadey)", "value": "2b1b7b6c06a8f60211331cffaa78a8d1", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689845828, "uuid": "974acb12-1f7d-4ecc-9a36-0376228b2821", "comment": "Malware payload (Amadey)", "value": "b90f802252d6dfaf25fcb579649ecb7013ec459eec96941ca6e835719d037ccb", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689845828, "uuid": "dae6ebfe-2ab3-432e-ba62-4355ecec3be7", "comment": "Malware payload (Amadey)", "value": "d1eba81dbdac3e30df2256bb4c929c41c24bd7c6", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689845828, "uuid": "b1a16659-9da5-48b6-9555-04c9cf481813", "comment": "Malware payload (Amadey)", "value": "92c5c22450116a3a641e4fb9d35a20baa2de731060b755abe37a88c6495233b702cfa5b817afdfa84f2bbf90ccb9261f", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689845828, "uuid": "54d6bc6b-61cc-4267-9bbd-140ebdacbf09", "value": "T14174F153E7E98073D8F11BB068F702C31A3ABD654C74931B3746A8AB1C726C5A97172B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689845828, "uuid": "ca0ea353-a3a8-4630-b408-1ee30a772858", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689845828, "uuid": "fda5ec30-cb58-4359-a34b-fe0379d9000a", "value": "6144:Kjy+bnr+2p0yN90QEos8XdDL1s/aso3eQwAV50vBWg/Lcrx/10zr0a/THAi:5Mr+y90U3dsseTG0vcAcrx/6zr0a/Tz", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689845828, "uuid": "6bf8bd17-054c-42c6-9283-199f6292eb25", "value": 367616, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689845828, "uuid": "88a29bd8-05be-4722-a7e3-e1c9c6c6352f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689845828, "uuid": "17519383-b395-43a4-aa45-b2908aac35cc", "value": "2b1b7b6c06a8f60211331cffaa78a8d1.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "28a98815-26d0-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1689838597, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838597, "uuid": "87661095-dbdc-404b-8eda-4160ce3d064b", "comment": "Malware payload (RedLineStealer)", "value": "d03c2c65fb5a6a69bfc0edeae4188190", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838597, "uuid": "d7cffc14-84a1-4b3d-b800-8262908c43c2", "comment": "Malware payload (RedLineStealer)", "value": "b9b9c3e5dd396f324ee17f09bcf33be015d51e66942c21e733882806e681d7f8", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838597, "uuid": "8dd9a356-f8af-4c16-bfdc-bd2344205299", "comment": "Malware payload (RedLineStealer)", "value": "5029d0b4d3bef47e6430dbbc50894ae0697e5dca", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838597, "uuid": "f9b62f52-7d05-4606-82bb-8e90d7b982c3", "comment": "Malware payload (RedLineStealer)", "value": "2db4e32f3422918eaacd07b46cb274b6fba661b9d85a29b729707db06240a87f81c3c8377d98927e6aa67b84dd4a5da7", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838597, "uuid": "ef000f7d-3480-4b5f-9097-2b999aa8a4b8", "value": "T1F184F152ABD8C073D9B1277019FA12831F397DE29D74C3AB2392945E1C73980A97277B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838597, "uuid": "c908c8e9-962b-4ee0-9b3a-6cda80faeaf1", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838597, "uuid": "7222185d-f942-4d8e-9601-1d45c3186303", "value": "12288:iMrEy90/UZd5Y9gGLcBPfMcHnl9GhxVUhR:KyZL5YfLcFHyhOR", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689838597, "uuid": "f135d93e-e8b6-45d8-a8f0-0c0ae20ed438", "value": 399872, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689838597, "uuid": "447782fa-587b-49d7-8dc6-f5ff3db087b9", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838597, "uuid": "0ec13390-7811-4bf3-a714-85a7aabf88e8", "value": "d03c2c65fb5a6a69bfc0edeae4188190.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8d34de72-26e4-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AveMariaRAT)", "timestamp": 1689847355, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689847355, "uuid": "2033df8f-5573-4557-89c4-84b55721a386", "comment": "Malware payload (AveMariaRAT)", "value": "cb80d61584fd320beef0b57a7d91a9ca", "object_relation": "md5", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689847355, "uuid": "df92cd1f-d131-46f3-a6e2-eaf973452d05", "comment": "Malware payload (AveMariaRAT)", "value": "ba1241e803f1dec684edbde8b3bc2d9c6ccf2daa413ffa49fb7a2eb64e58f870", "object_relation": "sha256", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689847355, "uuid": "5a2daa68-3c2d-43fd-81da-6572c7bf5628", "comment": "Malware payload (AveMariaRAT)", "value": "bc31a98889c60fa5de2b52378618d78da09fe3eb", "object_relation": "sha1", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689847355, "uuid": "16fea800-5a49-4b78-a2cc-e3d72c3d70b0", "comment": "Malware payload (AveMariaRAT)", "value": "d6d3da22038e007a4da10a7dc163663c3d5e34d8d6525dbe77b81347001b6c5e61d0c1c93b4142f67812cd182a0c3b66", "object_relation": "sha3-384", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689847355, "uuid": "962f17f3-4624-4a4d-ac33-6d31c11eb537", "value": "T1EF3422AAC5CEC24184036C6BDFF99FF6AA5FA0C8C8FD3CC7251AB106D641B45962494F", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689847355, "uuid": "2a054b89-ce80-4d12-8eef-2945e2e8afb4", "value": "6144:kDZj55/EyVPAo8Qtll6kpKhZ+/jTLXGpOc8deXtVx:k/ptMWDELOj2Ic8deXtj", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689847355, "uuid": "b21f9823-46de-4431-b144-c917c30f3ea9", "value": 237889, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689847355, "uuid": "3654a188-402c-4c19-99a1-e5dea9f3dfcc", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689847355, "uuid": "addd2d0f-07b7-49bc-a53e-12d26c4fd6f9", "value": "Adjusted Order ESCO-PO-Q10056286.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c880e890-26e3-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1689847025, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689847025, "uuid": "8e06316b-d91f-48a6-978b-8e86d6f62ef4", "comment": "Malware payload (RedLineStealer)", "value": "480464ed25c903a322544a7afb28e307", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689847025, "uuid": "9790b2b4-95d8-4618-ae44-889c4cb7ce5b", "comment": "Malware payload (RedLineStealer)", "value": "ba1d56acd44ef1a88536c300df4d3c1483532a00d06e34a8117ddb2266025053", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689847025, "uuid": "f408f279-f065-4b9a-bac2-478f961d2201", "comment": "Malware payload (RedLineStealer)", "value": "2da5cab5af463fa8404cef9f0025edd182e7eb8d", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689847025, "uuid": "192cdda5-63b9-44c0-b95b-f8d2b5bc4df5", "comment": "Malware payload (RedLineStealer)", "value": "b807f09538dc2a05d69b0f53de97a45b6edacf1226c2274a53a0285fe0fda186691da12470c65cd44eff1d8eb43d6949", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689847025, "uuid": "987f257f-aacf-4751-88fb-28ca82ae9424", "value": "T10284F122E7EC4022E8B5277098FB03C31A327DE19D74822F3745999F1D72694A53677B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689847025, "uuid": "1028d27d-40ac-4d63-83b0-9b2e1778db31", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689847025, "uuid": "576668d0-8bd1-4895-9305-bc74d23a0658", "value": "6144:Key+bnr+Xp0yN90QEVmgybR42bF8ftu6/iDmNWggJpfzU/BomDcq:+Mrny903vqR9hyFdsJpfzMJcq", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689847025, "uuid": "da7527df-622d-4e35-b7ee-130c00f1d477", "value": 399360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689847025, "uuid": "327cb36a-9ba8-49a4-9263-44bf8c46c386", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689847025, "uuid": "bd915a59-e0a1-47d8-be0b-cf2f53500b61", "value": "ba1d56acd44ef1a88536c300df4d3c1483532a00d06e3.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "29d575de-26aa-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Pony)", "timestamp": 1689822278, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689822278, "uuid": "f681469e-9cb9-411f-ab6d-a1ca84c8acd0", "comment": "Malware payload (Pony)", "value": "b4f8726cfa4a3cc8313f11d01d7f234f", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Fareit", "colour": "#F9D67F", "exportable": true, "hide_tag": false }, { "name": "Pony", "colour": "#E64094", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689822278, "uuid": "25cc8d93-572e-43cf-bcad-596c9045a50d", "comment": "Malware payload (Pony)", "value": "ba4c0ef0209abd10274480fc3ae8cd4ba74287625c18e01e67dee204b4ca7eb0", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Fareit", "colour": "#F9D67F", "exportable": true, "hide_tag": false }, { "name": "Pony", "colour": "#E64094", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689822278, "uuid": "c9702e54-2c55-444c-9b50-c58aded88c74", "comment": "Malware payload (Pony)", "value": "00e3193f0d3d9bc211fe80007400d7dfa967177f", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Fareit", "colour": "#F9D67F", "exportable": true, "hide_tag": false }, { "name": "Pony", "colour": "#E64094", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689822278, "uuid": "4e5c080e-1cbe-4ed1-9f7b-24909fb7f429", "comment": "Malware payload (Pony)", "value": "3db8afa243813f090edbf34b6826012d5129b75a09d55de4eaff279e6e7a93bf6498b18fed32dea4d9ce973ebd2ade57", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Fareit", "colour": "#F9D67F", "exportable": true, "hide_tag": false }, { "name": "Pony", "colour": "#E64094", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689822278, "uuid": "256b5099-d5cc-4fe1-a56c-1af75c0e2200", "value": "T101930903FA80E0F1C0A22A7137C15761E7FD9E797C3A8D4AEF9C49856DB22877B16152", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689822278, "uuid": "0747ac29-d4d6-4e83-bc38-53656552e023", "value": "09070e021d4505e6183701ac6e022a16", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689822278, "uuid": "a2b31fdd-7997-41f5-b8c6-5c997fc314c3", "value": "1536:onSncgyGqTDRXmGcwSCfZDalZNg9tvo0iO3AX4ApTvMEIkkzmt2l:CSnMuGc/CfZDap6COU45EIotm", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689822278, "uuid": "2f18d051-6e34-4512-be28-3f4313f1ba95", "value": 92672, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689822278, "uuid": "27adaefe-3318-4d90-8d3e-2d5d2510bc25", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689822278, "uuid": "0ed1706f-cb8d-4783-9692-3c3084987169", "value": "2e4a_dump.exe_", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2453ffd0-26b4-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1689826564, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689826564, "uuid": "72ab1fd9-1fad-4d78-94bc-60f360321153", "comment": "Malware payload (RedLineStealer)", "value": "05b44cf21b46b2eb4a99f0a30ce92bc6", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689826564, "uuid": "b5d5b708-f672-43e1-aa6f-f916d99edcfa", "comment": "Malware payload (RedLineStealer)", "value": "ba4e482497b5d2ac9d86cb9cc8bae37dc76d2720ed8eb7dc363a74e8d60711d6", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689826564, "uuid": "5661aaff-4c17-4371-bf97-20fc2e293147", "comment": "Malware payload (RedLineStealer)", "value": "45e54b565653032bd39a05001fe2478c20bab8f1", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689826564, "uuid": "68cdf51c-5826-4bb9-8079-4024e29d2563", "comment": "Malware payload (RedLineStealer)", "value": "2d33bf4807cd402a5c7115988ed904a3f78f347f1657e7cf81704f1bd53e1573b93235bc4817486f26f44810ba924d42", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689826564, "uuid": "ad6034d5-2d0c-4a69-849f-4e555e3341b7", "value": "T1B7D4128072EB8B6BD97B1F38587622F842384FC67825D7DB9E4BF1E6EE553060305252", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689826564, "uuid": "47f2ce69-4fb8-4431-819c-26e328abb2f1", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689826564, "uuid": "8b8aeead-5559-4a2f-838e-d28161c5aeda", "value": "12288:PS6ln+flo/XciMvYs3QeRghOORxB3tIOz+N35o:KTdCjEYs3QeRwOORxB9fz+N35o", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689826564, "uuid": "f42c80da-cde3-4622-8ed3-964ecfd0e99f", "value": 640512, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689826564, "uuid": "feaf5cac-e9f8-4ba3-a7d5-24e141b22a96", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689826564, "uuid": "e51a6224-bd6f-4fda-b347-b2cedba9b952", "value": "05b44cf21b46b2eb4a99f0a30ce92bc6", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3aeeff2c-26d0-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1689838627, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838627, "uuid": "e723a65e-1c3a-4a7e-a50d-db7d754d0ce3", "comment": "Malware payload (RedLineStealer)", "value": "f266d30dcddb16dad8a39b078b5a581a", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838627, "uuid": "30ba14c6-6c02-4fd1-a152-6797721cbe5f", "comment": "Malware payload (RedLineStealer)", "value": "ba8c58d697662fa7c7a7f8f13b232e1dbbb527bd1e73fc435f53e86c53994a1e", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838627, "uuid": "d0615f0a-0625-4fc0-9960-b782a8c7516d", "comment": "Malware payload (RedLineStealer)", "value": "79dec13b8a0f6f1e683cb667d52137274c2830c6", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838627, "uuid": "978185e4-2a48-48b8-b3d5-eec01a6492c7", "comment": "Malware payload (RedLineStealer)", "value": "a778f2200c34ff47026bb4a2fe335c669c3c9ffc2651b2ba17d907447c6c2de60d688981cf9ca07b60980ac979b9be30", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838627, "uuid": "87c954c0-1c4d-4d6f-a238-7ac50081a84d", "value": "T1EB840103ABD8C072DDB5277058F613C30B357CA25974A36F2795289E1CB2794A931BBB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838627, "uuid": "56818352-7f56-42c4-a7df-e2779a534dac", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838627, "uuid": "0e881832-9130-4326-998b-cfae4796c38f", "value": "6144:Kny+bnr+Op0yN90QEWVVaBsNThp+DRVD3WD2bnf2DTNJmxa35KW:VMrKy90wNtpmLLfM+apKW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689838627, "uuid": "2494c7e2-de8d-4e81-aa2b-35ac4db00f4f", "value": 398336, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689838627, "uuid": "f24c2776-8a17-432e-9dcf-bd79c1d632ee", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838627, "uuid": "7c98852a-29bf-4a42-8033-9dc5d1141190", "value": "f266d30dcddb16dad8a39b078b5a581a.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7c2380ce-26f3-11ee-a6f9-42010a9c0055", "comment": "Malware payload (NetSupport)", "timestamp": 1689853769, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689853769, "uuid": "3255cd34-99ee-4f6c-8ff8-5add65414403", "comment": "Malware payload (NetSupport)", "value": "7d89fee6e4533724bb9cca107266594c", "object_relation": "md5", "Tag": [ { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false }, { "name": "unclesrug31-com", "colour": "#81C2A9", "exportable": true, "hide_tag": false }, { "name": "unclesrug32-com", "colour": "#EA200E", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689853769, "uuid": "024f128c-cbed-4447-89da-62a166cacd86", "comment": "Malware payload (NetSupport)", "value": "bb47465a7fce534905ffcecd45e01439e75e2057f62b7026fc526cf3dd93899b", "object_relation": "sha256", "Tag": [ { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false }, { "name": "unclesrug31-com", "colour": "#81C2A9", "exportable": true, "hide_tag": false }, { "name": "unclesrug32-com", "colour": "#EA200E", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689853769, "uuid": "f1140e57-aa23-4583-90a7-f1681ba06207", "comment": "Malware payload (NetSupport)", "value": "3f3c711f5e0d8f83b192f1ac477663996244fc82", "object_relation": "sha1", "Tag": [ { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false }, { "name": "unclesrug31-com", "colour": "#81C2A9", "exportable": true, "hide_tag": false }, { "name": "unclesrug32-com", "colour": "#EA200E", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689853769, "uuid": "b9fd53d1-33c9-4d6f-9af8-d0cb8a448f88", "comment": "Malware payload (NetSupport)", "value": "cb24f4bb505f0a4fa2da34b1418d3eb98f77a3d27500ad2f2965563e8c8204594216bed8b29fd16973a837d9b646d34d", "object_relation": "sha3-384", "Tag": [ { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false }, { "name": "unclesrug31-com", "colour": "#81C2A9", "exportable": true, "hide_tag": false }, { "name": "unclesrug32-com", "colour": "#EA200E", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689853769, "uuid": "a62d0739-0e98-4a8c-8fbd-8db5fb813af4", "value": "T19DA53322BBA54323D12B623C1E5A74014D2C27E9F73511FDA1213AC4A86DA7FC7B6DC6", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689853769, "uuid": "038c3741-f677-4ecc-aca6-1f88b30ae4fd", "value": "49152:zadcHZ2vRMmi9+s9vVaQj17Q2bqfekSVpKAyWgpfZ4rEna3DQDdlVe5PWZ5FvcB+:+d4YvRDi9+sXbWmkSblaardDUdbAP+U+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689853769, "uuid": "d0b31f2a-fa0c-4830-927a-09ae0ba5a8d8", "value": 2233779, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689853769, "uuid": "41196e74-3413-4c6e-a6a8-55a09a4c6c81", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689853769, "uuid": "56d10d4f-83d2-4236-b712-c25ca113439f", "value": "1907.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fe8dfdf8-26d2-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1689839815, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689839815, "uuid": "95dd715d-0882-424c-8eeb-d443866c1056", "comment": "Malware payload (Amadey)", "value": "8a93f2fead052a76fbae72166ac8fb12", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689839815, "uuid": "8a4bfaac-2725-4c17-babc-d5d7b4f254ff", "comment": "Malware payload (Amadey)", "value": "bc1039ea1a02cf1e898c7cea2600cac8f44dbf43b2b49c31da3024ffd998a7c2", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689839815, "uuid": "4786ed45-9ca7-4d9f-9c8f-c4f6f3eb336d", "comment": "Malware payload (Amadey)", "value": "d3717ab4c59cc8ede584e2ce79bc768d62a03dc3", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689839815, "uuid": "ebeeeac4-8aae-4763-b640-ebd80725ae1b", "comment": "Malware payload (Amadey)", "value": "8a362e50d7ddcc2022dd85225b97be2155f427d31c0b59a983d64c92cf1eafc3c1676834ae9baa8bc36a62a23c06ecf7", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689839815, "uuid": "4743fe8b-7998-45b8-a819-8923f85591c1", "value": "T1E7840113BAE85872D9B557B018F603C30F367CD29D78436B2795A8AF0C72998983537B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689839815, "uuid": "f657bdb9-4143-41d1-a928-b39d559d13a2", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689839815, "uuid": "95e096a3-c56f-4e24-a26d-bd7d79bfed0f", "value": "6144:KZy+bnr+wp0yN90QE/Yd+B4GwMEbYWOYNdGGxPYuQX/ceXe:fMrIy90TFIYPixAuocj", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689839815, "uuid": "be9dc660-38f4-42ad-b19d-2f97e4bd8382", "value": 398848, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689839815, "uuid": "a28b0ae9-cbaf-4400-a945-104325667f48", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689839815, "uuid": "1797d30e-19ed-41e2-9527-e8e6fcf96ad8", "value": "8a93f2fead052a76fbae72166ac8fb12.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3447b9b8-26d5-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1689840764, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689840764, "uuid": "14706eed-c2bc-4862-adaf-95c684b5febf", "comment": "Malware payload (RedLineStealer)", "value": "d6d8eafc6615174a9f4f188d63fc87e6", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689840764, "uuid": "74487ea3-b2df-46ec-a931-3f2736dc6353", "comment": "Malware payload (RedLineStealer)", "value": "bcebd8ca05a4eaa8059ac6f676dd989c469e548df09c1ee72436a2d2b4d0fa38", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689840764, "uuid": "dce3cc6f-f14b-4730-a3b3-9e4855963458", "comment": "Malware payload (RedLineStealer)", "value": "60d813928392a482b1a257b35a167dbc9e2d84e9", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689840764, "uuid": "e6a47093-936a-4f27-91b3-339437ff8989", "comment": "Malware payload (RedLineStealer)", "value": "337c5db9fc40dc954e2b9d7de83ea6b3c753e6fbd32017694a2a6ce995e685ab5475c1c2fe9fc5171e0161261ddb1597", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689840764, "uuid": "229fc192-b092-487b-8356-4eddd6911d7c", "value": "T114840113A7E94033E9F5277059FB13831F3AFCA19D6482AB2785984E1CB3585A93173B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689840764, "uuid": "573ea2b6-027a-473d-b658-256fff551a25", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689840764, "uuid": "f4e9cb45-6df7-4fde-b46c-f8fd8b4bb928", "value": "12288:fMrLy904tL/AloPlx+SFlcHnl99iWSNeGsJq7m:cyVL2KlxyHBZSNehJh", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689840764, "uuid": "22638424-8751-4188-8887-67b518b3c460", "value": 399872, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689840764, "uuid": "c515d44e-7ac6-4652-b73e-d62121e20c8d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689840764, "uuid": "c652225f-cb3d-45d3-98f6-1e07bbd68084", "value": "bcebd8ca05a4eaa8059ac6f676dd989c469e548df09c1.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a06ffb5a-2692-11ee-a6f9-42010a9c0055", "comment": "Malware payload (DCRat)", "timestamp": 1689812169, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689812169, "uuid": "b453dfb0-fd01-43e0-b526-49211cafdd66", "comment": "Malware payload (DCRat)", "value": "e8934df9ec508ad4eab478d511060d90", "object_relation": "md5", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689812169, "uuid": "8130c286-a2c5-4c48-b7ed-b888b0f652a4", "comment": "Malware payload (DCRat)", "value": "bd13041dfdb44e77eb2bc5d19ef39c05a7820010d36d2fede24d1ad330ae6daa", "object_relation": "sha256", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689812169, "uuid": "b81f1b43-e922-45b5-b2aa-4a482a0dbff0", "comment": "Malware payload (DCRat)", "value": "31582857d61047166558c92c166a6a903a09bf83", "object_relation": "sha1", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689812169, "uuid": "516a9616-4e26-401b-9306-01b77e93c309", "comment": "Malware payload (DCRat)", "value": "3578985aee221a935c4b5baa9fee71e615934055db477ec056039cb7a2a240afc667b5d92c411cf0c1e4321f889a2a23", "object_relation": "sha3-384", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689812169, "uuid": "8a6a6e23-9b1d-43c0-8430-41ba033fc8b0", "value": "T15CD43A242AED5D19F0BF9B7DD5F069A29B7AB5633763DB0E049102CA0A13741DD80B3B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689812169, "uuid": "5c8f8a61-b898-476d-b744-28da80a4380b", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689812169, "uuid": "33d3ae46-25cf-43e3-8bce-2d1d40c3222f", "value": "12288:QqnOi180YXNIIGSWAXb0ztt841j3RS/8A9rcF:Q+Oi1qNJGSnXb0zDu", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689812169, "uuid": "c8bc189c-14c9-4f75-a452-b9a881e5c394", "value": 623104, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689812169, "uuid": "6d25f002-7a71-4fc8-91be-c74a068de586", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689812169, "uuid": "448e4279-1a95-4e1c-a53a-30b86df2489d", "value": "HEUR-Trojan-Spy.MSIL.Stealer.gen-bd13041dfdb4.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2ff2a8f5-26cf-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Loki)", "timestamp": 1689838179, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838179, "uuid": "89efe787-d1d7-4663-9b07-4de5ec42fcf3", "comment": "Malware payload (Loki)", "value": "e96ec153a057e316705a5ac7c432636b", "object_relation": "md5", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838179, "uuid": "d259f7a5-8618-4d69-92d9-453449e4d321", "comment": "Malware payload (Loki)", "value": "bd32a9cbb3ed1a616bf91d7121386a78cf6bb2b8c904088d1daa3982edb4fb8b", "object_relation": "sha256", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838179, "uuid": "c91a7bab-7329-424d-9954-3169cfd61699", "comment": "Malware payload (Loki)", "value": "858e826c3d6c8ef66b0713d84353572606a59d87", "object_relation": "sha1", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838179, "uuid": "24d4112e-0764-4bba-bbc4-bc9d4a43180c", "comment": "Malware payload (Loki)", "value": "eb395317f841be51e46f86fd20284944a3a36a8f27c35d0c2c9283cda8b428c26a8feaad18c1278d1afd3e6183a0e325", "object_relation": "sha3-384", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838179, "uuid": "17319766-eaa2-4f74-825f-655b5baf2079", "value": "T16333A05AE39E0269CF511277131B0A899ABDB33EF35151A1786C833433EDC3E46666BC", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838179, "uuid": "36e157b2-e789-4793-9646-98c87f31f2a0", "value": "768:aFx0XaIsnPRIa4fwJM50mW/gDQiL/yr4e0ltoNobkuL7+JCVwNKJl4kM1P:af0Xvx3EMGmW/gDBLsUtoNoQ476K4T", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689838179, "uuid": "51716965-f95d-4780-b93d-7815a7f5df49", "value": 50301, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689838179, "uuid": "bbdd6d87-7fe9-461b-9338-77a7faf9fa84", "value": "text/rtf", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838179, "uuid": "e65746b8-dbee-4f74-9185-e258d58abc47", "value": "SecuriteInfo.com.Trojan.GenericKDZ.94403.18167.10076", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a795d0a4-26e6-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1689848259, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689848259, "uuid": "5c24e959-2071-4111-b928-391e09a4ee63", "comment": "Malware payload (RedLineStealer)", "value": "e31f109271001847c6ee48bda02a7d5f", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689848259, "uuid": "13764ac2-54e8-4f30-8432-84c6fe1673a9", "comment": "Malware payload (RedLineStealer)", "value": "bdf58e71f2e621272cea74e7e95a6be6a0bd16c50489d2fec951225d764b300e", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689848259, "uuid": "f2a6d500-e5c2-45dd-a6e1-bed32fc568e3", "comment": "Malware payload (RedLineStealer)", "value": "2e1184d9a83085bbba42d3ab4242c6c14a00e608", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689848259, "uuid": "2a7d1872-618e-43d4-9f9b-aaa3e26a0ee2", "comment": "Malware payload (RedLineStealer)", "value": "8cdbeacaa1d0618d3fcd32204986e8c7c333f448072a18320031ed5f8856c0cf3489f4b4c54535cdccf6fb1a3fdbf52c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689848259, "uuid": "3bfa6009-6682-45df-8724-b283edf16c18", "value": "T1BEB40202A3D98472D9B467B0ACF703830A357D629DB9475B27987D5A0CB37D4A83237B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689848259, "uuid": "5ee77686-58f3-459d-a0c8-afde517821b8", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689848259, "uuid": "916c0a48-07e0-4140-889e-7332f743769d", "value": "12288:mMrjy9086aIt8JJCRO4wXa7QLx7JMCDWZZFx9:FyN7IGJJC3wXa7Q96aWVX", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689848259, "uuid": "e95d9eca-f3f8-4f53-b747-077678ae9fef", "value": 527360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689848259, "uuid": "5f615b55-6236-4e38-a03c-c997c4ce7a44", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689848259, "uuid": "41e43405-a282-460d-ae73-998364cc5a63", "value": "e31f109271001847c6ee48bda02a7d5f.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ab04dbd3-26e4-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689847405, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689847405, "uuid": "eb290e8a-cfe7-4394-b286-5f97d5538307", "comment": "Malware payload (AgentTesla)", "value": "f81e96adb465e653be72095e8a6b1adf", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689847405, "uuid": "2dc8fa24-1016-4e57-b8c5-cf991704c4b9", "comment": "Malware payload (AgentTesla)", "value": "be44d1f382a9bcc9e3e03e84c85f36f1a6897bd3b27e5b078816e98c16e57a83", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689847405, "uuid": "b7c1b5b6-a528-474f-9447-05045328ba8c", "comment": "Malware payload (AgentTesla)", "value": "80de69dd99423f65650b9351cbdeb55f9945b348", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689847405, "uuid": "ef46d25a-7ee1-4749-9642-e2e92f3398af", "comment": "Malware payload (AgentTesla)", "value": "8e244f4e647f2dce4ea1ea1176e4f8fcb96a4f6ce1bf3a121a64e8d5faa6e302b0d8b6eada6620f02ff4c98ec3a032ad", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689847405, "uuid": "2925d31a-63dd-4dcb-ba59-039b7b8649a7", "value": "T1A66412146AC4CE63FDAB9771AABE13279A76560218D6831F63748E187817760CB4F730", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689847405, "uuid": "e3029d56-1c9f-40a6-9e1a-a2bb4f4cd80d", "value": "61259b55b8912888e90f516ca08dc514", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689847405, "uuid": "6c09a6ad-eb58-42a9-b4c7-4d3fe6a1c872", "value": "6144:/Ya6dETd9lrWefI6Fk9vN63Qt45TNwJs0CpAyLM1JwXWuMudyacr:/YfEYef/MN6eiNOhCpAyL6KJzdyaU", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689847405, "uuid": "74c6e12d-ca71-4946-93be-8f559219e8f6", "value": 318595, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689847405, "uuid": "836e912d-c291-43cc-ac91-71f4e3bc81b0", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689847405, "uuid": "5ab6b637-e47d-42c9-8059-06fa4086934d", "value": "GLV12567196618420067.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "34897e4b-26de-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1689844630, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689844630, "uuid": "3198c941-70c6-468b-a57f-9f4d752b3f6e", "comment": "Malware payload (Amadey)", "value": "39ec62cb102980d97f91ca0cbc661e75", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689844630, "uuid": "5bff928d-d201-417e-9c98-f03a3f215492", "comment": "Malware payload (Amadey)", "value": "bee3495d86b6d519b5f9806ccbaa8796a7e43dffd24177435e6ab843c0347764", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689844630, "uuid": "ebc42d20-b93d-4eff-bcc8-72fc6969deb4", "comment": "Malware payload (Amadey)", "value": "8dec646096e03f0bf65f33eb96e48a729d355323", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689844630, "uuid": "95a22791-3ad5-4561-9197-30128bb72078", "comment": "Malware payload (Amadey)", "value": "ab98eefba76dc3071bf3708c676cba14748d6e1e1cd026b593d0df0584636a18465d20d686db2334375b05fc7d387f96", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689844630, "uuid": "f3094b64-8757-44b3-abf2-0ffe57e6a730", "value": "T1A2E2F10E1AA4A0DDE59651B280C39E77EA8433D314A673C8C173AFFDD787F81B591268", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689844630, "uuid": "7236d9d9-990a-454f-83f8-c7139498baa0", "value": "384:K9VD6tee+qUOTd2opQTLAdz1SvNmhpdvOjT7PbA6HBiTSnjxZMdP05ldpRMaYIBI:k6Qe+qUv8zcqdvOXA6XkPslJvGaVW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689844630, "uuid": "4459ae7e-8162-48ca-8353-0a02f2abc978", "value": 31327, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689844630, "uuid": "846d2178-0fcc-4355-9461-821877ee3048", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689844630, "uuid": "4ed014d1-7566-4de2-84ff-ecffdf1e656d", "value": "39ec62cb102980d97f91ca0cbc661e75.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "31e7b707-2732-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689880703, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689880703, "uuid": "4486fb46-37b1-45c7-89c3-f98c6cb36b0c", "comment": "Malware payload", "value": "e9c03a23df0b027c2f2605184a891508", "object_relation": "md5", "Tag": [ { "name": "PowerShellDiscordKeyLogger", "colour": "#8F67D2", "exportable": true, "hide_tag": false }, { "name": "webshell", "colour": "#DEA34F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689880703, "uuid": "7e67babf-b67a-4e38-9ca7-4b3d8fd6f536", "comment": "Malware payload", "value": "bf0572b9c8846ea51dd19e1eac3d52f5aede4b42f94a033f10d1210e57d61c3a", "object_relation": "sha256", "Tag": [ { "name": "PowerShellDiscordKeyLogger", "colour": "#8F67D2", "exportable": true, "hide_tag": false }, { "name": "webshell", "colour": "#DEA34F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689880703, "uuid": "7b47735d-dbfe-4ba1-88d4-4f8b26594f9f", "comment": "Malware payload", "value": "45683730ded98791b9173f34da34656a202c149a", "object_relation": "sha1", "Tag": [ { "name": "PowerShellDiscordKeyLogger", "colour": "#8F67D2", "exportable": true, "hide_tag": false }, { "name": "webshell", "colour": "#DEA34F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689880703, "uuid": "11edee61-e43b-4627-b50e-b23b200ce4a4", "comment": "Malware payload", "value": "fd97299fd27758694d50e2b1d06c5b7d296777097ce7096054110e7d19617122ed0a8ac2d31e49a427b07ad817aa2818", "object_relation": "sha3-384", "Tag": [ { "name": "PowerShellDiscordKeyLogger", "colour": "#8F67D2", "exportable": true, "hide_tag": false }, { "name": "webshell", "colour": "#DEA34F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689880703, "uuid": "2767b651-19c8-4c3f-94a5-ac11c437788c", "value": "T1B411DDF66B1E5012C9F2CB421D4B924ECF6481A194C00601B8FE0E60DF39127A39EACD", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689880703, "uuid": "b934400c-f76e-4e30-a399-c969ac9ed11c", "value": "12:IaOFjtRQVsZQVFida5Lc50kMj8Y/iUJzMe5hQkPe9e5hQkPJpdGxe5hQkPIee5hT:DOVtyCiGsFTxnswvpdPNuR71q2z8JAh/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689880703, "uuid": "47a7fb93-2082-4200-b1aa-a2653ab0d123", "value": 1065, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689880703, "uuid": "838f1fc0-5a95-4342-8f53-63f2be58cd1c", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689880703, "uuid": "bb837dbe-e168-486e-9014-e2cae3162ae2", "value": "egLyL1pH.posh", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "83a64edf-26cf-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1689838320, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838320, "uuid": "4ea6c8e7-d459-4514-8523-481ce7899e12", "comment": "Malware payload (Amadey)", "value": "c68716aede08c8d723bb091cf406858e", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838320, "uuid": "f84e89c4-718b-4c35-b1b8-1b7b12254f7a", "comment": "Malware payload (Amadey)", "value": "bf6d992c884f443add4f09aacc822c26cbdd1fabce8fe256b27bd4b946328a73", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838320, "uuid": "20037fb9-9b3d-45e6-aff2-be50a5330441", "comment": "Malware payload (Amadey)", "value": "78786d399401f7c4c5adeac2c17ae61bb86a8319", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838320, "uuid": "1e24d027-7797-4250-a461-13d92432abd2", "comment": "Malware payload (Amadey)", "value": "9c9e96526bf8f14392eb3eaf4121629296f0cc93ba23fffb4541ec907b2c266a68a00a0ad923dcc30ed535854b860ee4", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838320, "uuid": "57033827-ab49-4b57-9dfc-dd1a5f8be684", "value": "T16984F103E6E8C433C8B12BB058F617831B39BDA16D7483AB3395980A4DB3599E53573B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838320, "uuid": "6daecb74-d6fb-4f22-b3cd-e7ca34d9d756", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838320, "uuid": "9b09d572-c6c0-4d4b-b2f0-d3506081ad67", "value": "6144:Kpy+bnr+0p0yN90QEhDI3kzX6jKPnqfRi86MKcxnPLXs32JmVfCcHnlRHK3YSSZK:jMr0y90w3ynqJiMKgnP5JcHnl9nbDZ4", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689838320, "uuid": "bbaa157a-2b5d-460d-84e2-025ca56e0c60", "value": 399360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689838320, "uuid": "95ec4e0b-0cb7-4bad-afca-81d631458aa1", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838320, "uuid": "2a11ff25-de02-45f7-b97f-c7055aebbe80", "value": "c68716aede08c8d723bb091cf406858e.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cd639fd3-26fc-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689857771, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689857771, "uuid": "ce8f47e0-fe15-49b1-84e6-18b074ff0ced", "comment": "Malware payload (AgentTesla)", "value": "2a1c0317b1185d8752a3584c342d36ee", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689857771, "uuid": "62527a8f-16c9-4af0-a60b-b50ff4729be6", "comment": "Malware payload (AgentTesla)", "value": "bfca52e3070ec4b733a9741468d2baee578493b5ef3bfc92e1b5a4452bc8c38c", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689857771, "uuid": "ba7eeb67-a351-4eb0-85d4-34085e566541", "comment": "Malware payload (AgentTesla)", "value": "f89eeceb9504cc5002ab240caf268e8e44eefbfa", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689857771, "uuid": "e4d95955-3265-4b01-bd06-b2866f660861", "comment": "Malware payload (AgentTesla)", "value": "b97b971045e34ef0d0570bb44d2a111d24e4ea9f6208dfdaa8f124208ce228d6835ffebd0515448d241866b6ccd8159e", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689857771, "uuid": "33f560ea-21f5-45c0-b919-b1cc7347ba18", "value": "T136C4CF39503C87AFEB83DBB6E434155222F013A66AF293DCCC7A645F3D79238A1546B1", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689857771, "uuid": "931e47b3-3f13-4239-b05d-af5fa788bc5c", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689857771, "uuid": "730e6f28-ed87-4c16-a966-60d84a478f83", "value": "12288:BqTrQaSejL8ZDctkdpcEbIeAEtL8UCbYWmVv5yIVJW46zfWwNIxkERUp/d:BqTrQaSejL8ZfdppbxJCd7cxeHIBRUp", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689857771, "uuid": "c8b567ae-7cdc-4f0e-8d0e-7af922fd0b06", "value": 546816, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689857771, "uuid": "c1428bed-b8d9-4ad2-8c62-c472631ac324", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689857771, "uuid": "d86f2361-9ef7-4fd7-9497-57862d5e06f0", "value": "Additional Iformation.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "45cddb79-273c-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689885031, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689885031, "uuid": "8c6c5c82-8463-4fcb-bd3b-4ca83cd4b111", "comment": "Malware payload (AgentTesla)", "value": "ef60156618f28126ff1bec1f5e03e8f0", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689885031, "uuid": "4af073ca-92b3-4cf6-8408-d457035f1ead", "comment": "Malware payload (AgentTesla)", "value": "bfde4e4d95b159f2567c39229e702fc4bba9c53dbd579855ce487794a6759aa0", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689885031, "uuid": "7b9ef902-236a-484e-b9c5-a6e5e2f87d60", "comment": "Malware payload (AgentTesla)", "value": "fa107f67f4fc84687cc0f69cc17b542b099f6de4", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689885031, "uuid": "32599555-3616-4d31-99d3-d3e9be871d99", "comment": "Malware payload (AgentTesla)", "value": "0f30ddaae8eb6e80da4927f2e59d942a991c1b065425f5b6342e672b97d932459e18246d2d2f350f57522c947fb4a9af", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689885031, "uuid": "0cfbb65e-0280-463a-9345-3365092e1b2e", "value": "T1A9F42242B3689D37E56DEFF208B1A1940370A26432C7C3CE5CB226DA1CA67D16965FC7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689885031, "uuid": "fe7881b2-d498-42a3-83b4-3b52b1310820", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689885031, "uuid": "92edd964-1d2a-499d-85f5-6c56cdf426c4", "value": "12288:gWc/bUYIsYolnp93jgcwRx1kHuG0/KVkFu/GqHpSp+fiZfGRVh32+:7iXrYo5UkHuG0/KV1/HBked2", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689885031, "uuid": "fe27eb2e-48fc-444b-a2ce-ffa7a60ab913", "value": 755712, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689885031, "uuid": "4ac74bb9-4598-4e41-b6ed-bfddee0d2743", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689885031, "uuid": "b4018ce6-53e4-4f96-9a05-684bd3486eae", "value": "SecuriteInfo.com.Win32.PWSX-gen.4961.30065", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2528b641-26d0-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1689838591, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838591, "uuid": "2b4efd3d-5817-4372-a31e-b4132981327d", "comment": "Malware payload (RedLineStealer)", "value": "ae2d4b5bcc1803e22f6551aeacbc63df", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838591, "uuid": "59647600-2616-4c78-a512-0eeb95087c9e", "comment": "Malware payload (RedLineStealer)", "value": "bffc4603157d06d9b2251c28555cebcadbe7b56618446dde6d3c1dc73caa32f9", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838591, "uuid": "52ac35f1-3bfc-4d7d-b1c5-b8010e892e01", "comment": "Malware payload (RedLineStealer)", "value": "224513c6f3f0f05f999d26178dffb9ab97266722", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838591, "uuid": "f942de38-4d8c-4a0b-8a74-3c92858bb045", "comment": "Malware payload (RedLineStealer)", "value": "4d030c9b858404bc3e704db77e62b53f4b7a538c1d6bbd3bbec9137ba4e5df9e689affc71d77778561af7efc2f9c6d82", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838591, "uuid": "f0607b04-b8c2-473d-b348-43321b795fe0", "value": "T130840247E7E98033EC7827B058FA03830F35BCA15DB9536F2752564B1DB2A84A53277A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838591, "uuid": "869bab1c-f5b9-4f53-9d2f-899f226dfba9", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838591, "uuid": "51ed5e4d-8b69-4ef4-bd1b-e8b7a159a69d", "value": "6144:Kjy+bnr+rp0yN90QEc7v1zJ8X9UUpvCYuNdQpupP/53E4xZ9/HdbmXVcFENOFel:ZMrby90ij8X2F7bpmLgI5l", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689838591, "uuid": "cd173d54-8da5-49c0-8c1f-b17764caaf2e", "value": 398336, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689838591, "uuid": "47ef57d0-2eb6-432f-a5a9-d8cb02963e5c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838591, "uuid": "74d7dd70-2278-4d92-8ed1-7b0a4f82d2d8", "value": "ae2d4b5bcc1803e22f6551aeacbc63df.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "29d61e0b-26d0-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1689838599, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838599, "uuid": "aa453b1d-82be-46b6-9bbd-76884d4478c6", "comment": "Malware payload (Amadey)", "value": "dd9ffcfb90389aae3d2796b1f9453c59", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838599, "uuid": "56a590b4-7393-45cb-b90e-9c2a968c34aa", "comment": "Malware payload (Amadey)", "value": "c0230830cd567852d8c730d5ac32eede930baaa12e1e4065bfacbbdaa793092c", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838599, "uuid": "1ee4ae95-7f75-4c41-aef6-67a2f1b9fa50", "comment": "Malware payload (Amadey)", "value": "9aeb2c23c2ed6ba6598d9689ab18443b83a61f14", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838599, "uuid": "85bb9d71-b2ec-4279-8737-d1f5a83e03b9", "comment": "Malware payload (Amadey)", "value": "65da64a405d547361a8a906c0185ec751d2943ad40ccefac5bd7e944c7d15befd24132467130ac2818bcd6d8e06c098e", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838599, "uuid": "8c447b4b-4d87-42c0-ab3f-260eddd615b8", "value": "T143840101FBEC9073DDB6177068FA13831B397DA25D74936B6789988A0CB24D4A53273B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838599, "uuid": "54d22af9-dd24-437c-8b5d-0b68ebb7c77c", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838599, "uuid": "c6eec91e-448b-4c25-b34e-d829014a4e5b", "value": "6144:Kiy+bnr+ip0yN90QETKB1Ymb46L6hGl64wzcxPgs5OllCcHnlRHxkNeOx:eMrGy90szMiwISXlocHnl9Ax", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689838599, "uuid": "0f5f9e50-561c-4dc5-95be-957573126b8e", "value": 399872, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689838599, "uuid": "d73837e9-24bd-4a69-94e5-bdb2fd6bc685", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838599, "uuid": "a6378300-8ca1-435d-b37e-12c06d16cbfc", "value": "dd9ffcfb90389aae3d2796b1f9453c59.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1d1a0d7b-2740-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689886681, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689886681, "uuid": "39424ce7-acf6-4428-bcba-9a4b5d5a9ebf", "comment": "Malware payload", "value": "634feb970363887d3a1d27fb66bca03b", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689886681, "uuid": "68a72cdc-0a07-4205-aeff-eeb4ff1a69f3", "comment": "Malware payload", "value": "c0461ea88b71d10f2b2017fb3ecf1b5b49803d5d175e3cb604fcd44f24e61883", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689886681, "uuid": "c351c8dc-920f-41ec-898d-cdb4fc84be28", "comment": "Malware payload", "value": "1f75f28e1b2cff0bc4b8e6b328e6c09d025ccaf8", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689886681, "uuid": "0c724b4d-7561-4371-b626-aab46159e118", "comment": "Malware payload", "value": "c41f1ea360b5c99b9357cd64d2c391b5050685244e007602f8f6e30cefd4d64224af13c917ff2ebe29989c263fff75d8", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689886681, "uuid": "f50b00d5-5c46-499b-9464-934ebdc2218d", "value": "T13454D82392A13D54E9268B72DE1FC2E8770EF6508F7977A532199A1F04B12B3D273B11", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689886681, "uuid": "b9640809-a2b8-46d7-83d3-ebee05afef30", "value": "9de2ee79b7674f53e928d4abe630aabb", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689886681, "uuid": "16008899-5f55-4d8b-a1a6-e1ab28496143", "value": "3072:bLD2biML9Xm4G9MznJt0HnHds6MKJyT2g+Y0fNhq5GhJll:L2/L9RznJtMnH+6MKUTmY09rl", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689886681, "uuid": "ac02f7e0-8f80-4e38-97df-831f3baa2aca", "value": 296448, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689886681, "uuid": "1a3d9aae-d2f6-46a9-8daa-8cc1534df5bb", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689886681, "uuid": "339efef8-2563-47dc-9c2d-cd0595fd73b9", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "dbd4460f-26e3-11ee-a6f9-42010a9c0055", "comment": "Malware payload (DarkCloud)", "timestamp": 1689847058, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689847058, "uuid": "46723ff0-031f-4120-b4e6-49532f00d3c1", "comment": "Malware payload (DarkCloud)", "value": "45bdd49d71f18e1fbe45a0e4ab3e023d", "object_relation": "md5", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689847058, "uuid": "c3e05806-6044-494c-9b5a-5e087c5f5de7", "comment": "Malware payload (DarkCloud)", "value": "c05fbef6ef68934b1381cf48a956981ea7e1bc4969ca97c8d9851c0309e4538f", "object_relation": "sha256", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689847058, "uuid": "205fdce9-2ab5-4d6f-9a98-d251aa369c91", "comment": "Malware payload (DarkCloud)", "value": "9b614d6d1cdd98ec483014d767a4a15160313437", "object_relation": "sha1", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689847058, "uuid": "18a5b78c-75bd-4725-b7f0-d2388c72404f", "comment": "Malware payload (DarkCloud)", "value": "c64a6761dc0954bb46fb757b5715b6838875fcd96776be0fad3c62c5c85fada330f1f7278894b6b5182ffde61cec1fca", "object_relation": "sha3-384", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689847058, "uuid": "c03ba3a1-2577-480d-826e-26a1e789fb50", "value": "T19A152314262A8F3BD29B0F725A88F1B9022CDDED7D33C64FAE1FF17D8E4A6494251548", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689847058, "uuid": "60464ec4-714a-4771-b9dd-0c002e6f9a5a", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689847058, "uuid": "e83c7cb8-e1b7-47d5-8798-88aa0e651bf0", "value": "24576:OTdCjE5asQ59ZH4iKcxS1IQGMsclrxOc:O5CAIsQ59OMxS1vi8Q", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689847058, "uuid": "aff3d628-ecff-4ce4-a8b6-c423eb6b2e62", "value": 913408, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689847058, "uuid": "2fa62750-1c20-4a24-a94a-8d6492309158", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689847058, "uuid": "30ec4d9c-bd7b-4e2f-ab8e-680137645434", "value": "PO-2320.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6409aefa-26fa-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Hydra)", "timestamp": 1689856735, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689856735, "uuid": "a99ce340-3703-4e51-b031-0d7811bc0005", "comment": "Malware payload (Hydra)", "value": "cd36a045167b2cebc77f7b28b00309f1", "object_relation": "md5", "Tag": [ { "name": "android_hydra", "colour": "#626579", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "Hydra", "colour": "#1B8975", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689856735, "uuid": "224445bc-9a14-4ea9-916f-ced02c21a3d7", "comment": "Malware payload (Hydra)", "value": "c0e391e254b74359896d287069883652a4b8bfd9ce2fd20a3cd7b441e1cbd600", "object_relation": "sha256", "Tag": [ { "name": "android_hydra", "colour": "#626579", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "Hydra", "colour": "#1B8975", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689856735, "uuid": "f5810c87-5029-41b6-83ae-ec6952bd422e", "comment": "Malware payload (Hydra)", "value": "b7388ff67adeedc64cea4a6592e69aef474e21b8", "object_relation": "sha1", "Tag": [ { "name": "android_hydra", "colour": "#626579", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "Hydra", "colour": "#1B8975", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689856735, "uuid": "8ebf55b2-3127-421b-9e58-4e3a638b10a1", "comment": "Malware payload (Hydra)", "value": "e04a8b75cda8eec9fbb6a8d5b1383c68d53157657f101deda460a8bafd908097dc25b43d5f4850e8224c2fa28e554535", "object_relation": "sha3-384", "Tag": [ { "name": "android_hydra", "colour": "#626579", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "Hydra", "colour": "#1B8975", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689856735, "uuid": "7e3d880a-dc40-42cc-969f-49eb073f9195", "value": "T1C93533DA3406F643CEF8D7BE7892D53AA1172E518515AA1435C472AE6CFBEC80FA01C7", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689856735, "uuid": "4fd754b1-02cb-4c21-88c9-e0a36466b277", "value": "24576:v6MQbH1tTcl/3lLqU3jhV5ZpjLdsmxaire/3OB77FARDEjGiv:CM+H7Tcl/3YUzhVpjBdxJrsOMVEj5v", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689856735, "uuid": "7f74c2ee-7432-46d3-89ae-2366dc62ad9a", "value": 1074122, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689856735, "uuid": "47751c05-b50f-4d82-8103-2dabc29e45ce", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689856735, "uuid": "c7e1836b-559b-4ba3-a15b-b38ab0b5ea80", "value": "CommerzbankSecurity.apk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "82455e0f-26e5-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689847767, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689847767, "uuid": "7eeac8f1-cf00-4f92-8fc1-20e5b2fb1b56", "comment": "Malware payload", "value": "3804a454b737e8e8a537f76bc757cfd5", "object_relation": "md5", "Tag": [ { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689847767, "uuid": "e9a8e54d-0a7e-428f-ab05-ef9e5077adf1", "comment": "Malware payload", "value": "c1758ef6789c7fd7f69f6a0b637a8e33c131616d60eb56d1269dfce81a04e97e", "object_relation": "sha256", "Tag": [ { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689847767, "uuid": "53dd77b6-55b6-4975-bd77-6a315ed479c6", "comment": "Malware payload", "value": "64106a7e7f66b24cc95b65347cff58ad7cc88f1c", "object_relation": "sha1", "Tag": [ { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689847767, "uuid": "8105575c-1472-4cae-a932-e66654d49086", "comment": "Malware payload", "value": "a7fa83af79a41530340375e81d8d42e92327a74d279012ff52688c811efecf59476d5be7b2763d04e2fdddf8ea17b78e", "object_relation": "sha3-384", "Tag": [ { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689847767, "uuid": "47ea58d6-505e-4e1d-8109-e2830a71d0d3", "value": "T1D9D16F76B6E41524CF85F177C45D0C63548AA685887D2817F4F0F7AE60A3FD0762C299", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689847767, "uuid": "6261fec4-ea07-4088-b909-e2955f30d675", "value": "192:KSncztcR4cievArsmoVtnN8ECXxJCBUPwl5Quq2:VvUrrKtnGXx0ZlXt", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689847767, "uuid": "7060624e-f7ac-4d54-83d4-9f44102bacf6", "value": 6592, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689847767, "uuid": "1c1c6de1-042c-4d66-b131-2cb4f7d4b062", "value": "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689847767, "uuid": "e135cad9-0575-409f-9330-09e6f588902b", "value": "Braemar MTM Report.xlsx", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "65531eef-26fe-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689858455, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689858455, "uuid": "18e32f9e-7079-4713-b8e7-e2f52c52c463", "comment": "Malware payload", "value": "af3c1b446ebf307ee8560c048c283300", "object_relation": "md5", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689858455, "uuid": "d028c1a3-20c4-4548-bd5d-82c3a6f6259a", "comment": "Malware payload", "value": "c206d04240cdf4d56fe110222e25e93d564f76784bc41614ec88100d7f4e644a", "object_relation": "sha256", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689858455, "uuid": "5b16ed09-1be9-4810-9539-61dffa691d41", "comment": "Malware payload", "value": "1b7cf9ab28439730973f7076cb3b5702a67148b9", "object_relation": "sha1", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689858455, "uuid": "48964278-2dd6-49a3-b053-07a2b42f2851", "comment": "Malware payload", "value": "4b86b99a9ba2c9a4177d0549d77a2d372242c6ef315d91d61b2d5f741a76b28e5dd5a8000b5f96de1c3df06b5f6ca9e5", "object_relation": "sha3-384", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689858455, "uuid": "0ad9a6a6-6e90-4fc0-b75d-1c5b5c953fed", "value": "T1E2E5338433AB752DDB403A02A5A4D9C9743F35224BF9D629D6C17FCE8A49C0A5FF1893", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689858455, "uuid": "43922d93-ff55-4cb5-affe-bd98b4e694d2", "value": "49152:9oKa3HCwxJt81KW6Up8NOWFmUn4bV9Buh0oJQXMFiIfU8UiC0EB8StbM6QtMzaiy:987RTWtWLM9AkMFil0EBQPtCa2vIByW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689858455, "uuid": "b3a2ae96-edb3-4c12-889f-c7427a87ac75", "value": 3306470, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689858455, "uuid": "1092e643-fad4-4cf2-a757-c77cf285c2b6", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689858455, "uuid": "3710d1fe-822d-49be-a33f-c82aff61e377", "value": "Arc_Digital62225AYALM72953-GJHIF85166VCCNCatqdg.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9510cfe7-26ed-11ee-a6f9-42010a9c0055", "comment": "Malware payload (CustomerLoader)", "timestamp": 1689851234, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689851234, "uuid": "059ee8b4-a0c1-4c2b-b22d-8ecef36b1eb9", "comment": "Malware payload (CustomerLoader)", "value": "d6a2fe42c4b65a84325aa486d87b698e", "object_relation": "md5", "Tag": [ { "name": "CustomerLoader", "colour": "#57A5C4", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689851234, "uuid": "797fa244-a846-4803-8cc4-c10305f487aa", "comment": "Malware payload (CustomerLoader)", "value": "c24ab1c89e1f391f8c0393bd26701946a6636dff772df867aff644159764e278", "object_relation": "sha256", "Tag": [ { "name": "CustomerLoader", "colour": "#57A5C4", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689851234, "uuid": "b8f2d57d-48f4-4e05-a9fd-03e2a4dbea62", "comment": "Malware payload (CustomerLoader)", "value": "030dd854073de331986143bdd908afa6c00a3766", "object_relation": "sha1", "Tag": [ { "name": "CustomerLoader", "colour": "#57A5C4", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689851234, "uuid": "e379d571-eac1-41ed-af5b-dffc17faac93", "comment": "Malware payload (CustomerLoader)", "value": "8ffc693d4a3f4ae450fef86c28f0d8f38d77be1df03c803244cf4cbfd1d4c1e36ed88fa2f5b25ba26fa0e4e4b74b6fae", "object_relation": "sha3-384", "Tag": [ { "name": "CustomerLoader", "colour": "#57A5C4", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689851234, "uuid": "8dc6fb3b-d490-49c0-b3fa-313c2c1c4284", "value": "T1B8F2D10057ED1278C6AB067DECF103021B79AF9BD45BCB8FAA8C554A5C4333576226F1", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689851234, "uuid": "9c723f35-bb45-4852-8c9a-077893c536a6", "value": "768:fJUUE5Zuq5Tllmu24Ra2DovIieNhIPVQPa9EB8B1:eUE5fTll92m7ov0oW6E81", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689851234, "uuid": "7d4a19a0-2c5e-4f3f-8f90-ce47e77000bc", "value": 37376, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689851234, "uuid": "39470fc2-4153-48ed-ad98-541546debb41", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689851234, "uuid": "c552460a-2bd9-4425-af55-b2c95e7eb1ce", "value": "RIDDHH0J.EXE", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6242c2a9-26cb-11ee-a6f9-42010a9c0055", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1689836546, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689836546, "uuid": "fdf3c86f-d524-4cba-8d86-c2e7668ed770", "comment": "Malware payload (SnakeKeylogger)", "value": "0b737638ee17ddf3c0ecf0c07d69618f", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689836546, "uuid": "d9d22882-8ca1-4dd9-b7f2-580fe3e98c49", "comment": "Malware payload (SnakeKeylogger)", "value": "c26acaed8f3af9114db0aef3c6446531f65209789b4c423d18e4d40312bb633d", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689836546, "uuid": "34070c41-e767-4243-9776-a9ca4177298f", "comment": "Malware payload (SnakeKeylogger)", "value": "e5fe8deadae200f69ead7de852ae3b56160adceb", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689836546, "uuid": "a16c48ef-7d14-4643-b6d4-d0fe320b01a2", "comment": "Malware payload (SnakeKeylogger)", "value": "6e38dc85f1b8cff74fa07962672808a16ad060299095a025320c7d8f905afc666292cad7b5e2e3ce14395cfb1d3e7cee", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689836546, "uuid": "647f1760-885d-487b-a490-40248f988a08", "value": "T1CAE4F11096ED8B9EC9731BF5F924193D47B66AAAB435D32F4E12B0CA3991F030502B77", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689836546, "uuid": "85160a63-203e-4e92-8214-d31379ad50ba", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689836546, "uuid": "5be81d70-bf24-450a-a252-db189fbb2fd7", "value": "12288:9oKS6ln+flo/XciMvtrlU8lIUip0d1JZ9bTJ0/zaCqQY7:9ofTdCjEtrXGCdzZ936zG7", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689836546, "uuid": "e3444be0-875f-4596-b79e-87e00e0909a8", "value": 660480, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689836546, "uuid": "44a9a3cd-3181-45a4-b3f1-2e6da3ac6f0a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689836546, "uuid": "90e7ca0a-f983-4815-be26-110db304ed7d", "value": "confirm order.pdf.z.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5da38682-26ad-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689823653, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689823653, "uuid": "32ce8a8e-93d7-48b9-8ba5-f3b40640694c", "comment": "Malware payload", "value": "1b80c2782dc27007a2fc98e0efabc083", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689823653, "uuid": "fca47c02-87ac-4099-a3d9-e965ea5e0b0b", "comment": "Malware payload", "value": "c35761290ef72e7957a05b6c9f188070fac993fcb5d50eeb83f1041c3141ea7a", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689823653, "uuid": "2ea19de3-76f7-4042-ba7d-2d56bb39b09f", "comment": "Malware payload", "value": "9548e820135c51bd262db528d9bb2152e41abd16", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689823653, "uuid": "1b782ba4-e79a-4b16-869f-216cffa3c425", "comment": "Malware payload", "value": "e166f7073186676d7b21bf7aa2d3de6280a8c0846a8f7b93e7af6c5a2579bc03f8eee0bcbca8f1b199f2022c9b7ab140", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689823653, "uuid": "6ef628cb-9956-4516-8369-839fcb959b5b", "value": "T1E933AE10B400C0B3C52B253D6429D6619B6E79211BF955833FBB0BAE9F316E1B73E34A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689823653, "uuid": "f824785b-03c7-4a24-944b-0708e8eb23f2", "value": "9fb005de05885508ee358053ad39fca9", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689823653, "uuid": "dd7468b1-f756-4924-996e-638a020b76bc", "value": "1536:DEAFpj73Ebvdz0jmtCHAQNK4IMRfTteRqQc1a:DEAf+iKhMR7ZB", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689823653, "uuid": "f272abc1-df60-483c-878b-bfb5091231ab", "value": 51712, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689823653, "uuid": "fdd0d571-7fd6-462c-8d50-bc43a243efbe", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689823653, "uuid": "ab101464-966f-4bd3-84ec-e4960b2193c6", "value": "SecuriteInfo.com.Win32.PWSX-gen.19592.25859", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c87159fc-26ce-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1689838006, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838006, "uuid": "8948afd3-b7eb-4170-996d-d8aa05ddd336", "comment": "Malware payload (RedLineStealer)", "value": "9375b539dffd646a7b234c4073acb45c", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838006, "uuid": "31bedeb5-26d0-454e-bb63-d31aa8bd3f40", "comment": "Malware payload (RedLineStealer)", "value": "c38da32b4fe5c95b10504a0c95ad7ac4f657bca8aa4bc9ab56f06477557ab139", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838006, "uuid": "3fa04a3c-846f-40e2-9831-518cf669a9de", "comment": "Malware payload (RedLineStealer)", "value": "089863547a0d91e794163218ccb09c0d6aec17de", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838006, "uuid": "b6e74d95-534d-44d3-822d-e52cb3e02141", "comment": "Malware payload (RedLineStealer)", "value": "96be64cd9d7c71627bc55ad60a06084ee90205a4441220e37d83d11de5ee48ec335a3bd545e39de9f2dc9551847584f6", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838006, "uuid": "1cf8e11c-f7ff-4cf3-ad11-d71c6459f14e", "value": "T16C840212A6E88873E9B527B058F702D31F3ABDA24C38436B2355785E0D725D0E4767BB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838006, "uuid": "2a41cad6-bbdf-4b37-ad21-5e36b9859833", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838006, "uuid": "806b9e7f-7dc1-475c-ac3b-c41c8ba18b8e", "value": "6144:Koy+bnr+Gp0yN90QEaEK94kWcnZNbQR5w8bEu+9A+Qk8WT35kYxqzPNLbExy5zPy:0Mrqy90cvqEu+y+G435kYxUFLA4zPy", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689838006, "uuid": "7ebdb4eb-debe-4037-922f-741da062fdfc", "value": 398336, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689838006, "uuid": "68924cbd-5d0d-46b1-9387-47191f60f708", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838006, "uuid": "a497ac20-d5f9-4f07-8d10-7f7bac3d132d", "value": "9375b539dffd646a7b234c4073acb45c.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "28cfba50-270c-11ee-a6f9-42010a9c0055", "comment": "Malware payload (MysticStealer)", "timestamp": 1689864367, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689864367, "uuid": "8b2c1dee-78f8-466c-9ccf-fe372c9855c3", "comment": "Malware payload (MysticStealer)", "value": "590a5282dc6d3b2782d79ff2380a6f7a", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MysticStealer", "colour": "#803A9C", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689864367, "uuid": "1a4c24ce-0c1f-42aa-b8d1-0ce3b7322da9", "comment": "Malware payload (MysticStealer)", "value": "c5d94ebbb93873b30d30b837844a4749ebe9a901f55b833d0c7dc041f140e8a1", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MysticStealer", "colour": "#803A9C", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689864367, "uuid": "805cddb6-79a1-4efe-9c0c-601d1523af4d", "comment": "Malware payload (MysticStealer)", "value": "36617a785666bb5526f35da049bb279ace7b7455", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MysticStealer", "colour": "#803A9C", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689864367, "uuid": "26b42652-9e3b-4dab-9f05-ac4c580849ff", "comment": "Malware payload (MysticStealer)", "value": "6dce73b96741dbc18e9caffa879f4e16d8f09a12ededa76182f44eb0c0abfa3472101646f68030209ca1b6e6175f97ea", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MysticStealer", "colour": "#803A9C", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689864367, "uuid": "4c702955-fb98-4b9d-81a9-c94d9f275121", "value": "T14435C0E7BB9AAA95D850163A4417857C5ED8F522BEBB853F0D0353E5F53DCA02B0083B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689864367, "uuid": "ac516764-6289-424d-a73c-51453c141e31", "value": "da31105089a03ba80334eee13355d2ba", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689864367, "uuid": "64565192-23e0-4068-bd1d-d262294943ef", "value": "24576:ds8kPvbJQvWI3CDYRyJm/yrpyYwMo2wczt2HJ2kX3uf2B88g:dRkXbJQvWI3C+yJm/yrpyYwpQzt2HokO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689864367, "uuid": "52a19474-0c75-4359-bfef-c4501297f452", "value": 1145008, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689864367, "uuid": "79d909bb-c70d-4397-bd9f-85f65af3b93c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689864367, "uuid": "c0138ae4-d9b8-4af3-a5e3-196dedc70f41", "value": "590a5282dc6d3b2782d79ff2380a6f7a.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "60a37a6f-26c8-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1689835255, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689835255, "uuid": "d107b106-c734-457b-9e69-e3082c20818d", "comment": "Malware payload (Amadey)", "value": "7d7d33850f01a172965d4ab3500f15ff", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689835255, "uuid": "ccee3a14-a042-4a4a-b84e-ba54000fbb11", "comment": "Malware payload (Amadey)", "value": "c606fbb70c63714189a35096faef884c4cdff3a5f6572cd036c768cf51a7f67c", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689835255, "uuid": "3e5cfbaf-2c47-4590-8a3d-b33d81cd0f97", "comment": "Malware payload (Amadey)", "value": "6c3f6d557ce913e1b4e76c3325e21fdc9f8e1616", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689835255, "uuid": "c9d6b955-c3fb-4c1f-8898-ccef738939fc", "comment": "Malware payload (Amadey)", "value": "42a6d810a1bc12a56f3d5b0ab5aad665ebdbbeb9e343a907dc59b6b88de6c8f6a75555c746b33e6f27849b12f528ff6d", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689835255, "uuid": "26f68321-6d58-4e05-b8dd-55551585a8d5", "value": "T123B41203FBDC9423C8F61B7014F506D31E357DA19E6883AB6685689A2CB26D0B973737", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689835255, "uuid": "32506db7-0308-4f1c-a2d3-ce2c165ad990", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689835255, "uuid": "8857eea2-dc57-4e0d-9542-4b980c6373ab", "value": "12288:nMr7y90vbJ4/tt88tW+bsUlC1U/miz9LjHJWH:wy0m/tptW+YB+djpWH", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689835255, "uuid": "8da98a49-c2fd-4f28-97cb-e2c32fa9702f", "value": 526848, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689835255, "uuid": "fd0c8e56-84ae-41e9-a014-7ddf177000de", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689835255, "uuid": "d72de484-4fa9-4b8c-9e2b-590bc07fa63d", "value": "7d7d33850f01a172965d4ab3500f15ff.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2f4067c2-26ec-11ee-a6f9-42010a9c0055", "comment": "Malware payload (GuLoader)", "timestamp": 1689850634, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689850634, "uuid": "02faa59f-7a0d-4578-9766-c0507f578e84", "comment": "Malware payload (GuLoader)", "value": "081a2409904d53b9dde4a0d97b60cca0", "object_relation": "md5", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "img", "colour": "#F0AECC", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689850634, "uuid": "bd36d398-828d-4626-ab04-073046f691e9", "comment": "Malware payload (GuLoader)", "value": "c62ef3e0aa728252f793f550de30ef13e42a837f30845b09e25a766c314dd7c9", "object_relation": "sha256", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "img", "colour": "#F0AECC", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689850634, "uuid": "66650553-7f9f-44b9-b0b9-01a2490ebce8", "comment": "Malware payload (GuLoader)", "value": "ec5896c126710b34d66ab1e634d16d82092468d8", "object_relation": "sha1", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "img", "colour": "#F0AECC", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689850634, "uuid": "0c03322b-a6ca-4dd7-8f62-f1717ebac0ee", "comment": "Malware payload (GuLoader)", "value": "34bea684598410697bb49deafe31f19399c7f70abe46add8f496e833d7cdb7dbad90bcccfa410d99093dc5f772a2f3cd", "object_relation": "sha3-384", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "img", "colour": "#F0AECC", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689850634, "uuid": "d10934df-57f0-4e6d-9121-d1ad656a7987", "value": "T12F45120193A194BAFCB68470287B1B5ACBF6F93555102F06374C6B123F451A1BB7EAB2", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689850634, "uuid": "6d6e639a-0a81-471e-87cb-44f4dcb175ad", "value": "6144:7pkXchIk4kfn0v6JE7HRVhjKwn9sHfYs6TXF07ZiFfi1M2lQ/tEpBgk2iQRgz:2Jk4kv0iJ4HPncYs6Tu1DlQCpqzRw", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689850634, "uuid": "ac99bc4f-73b7-49a3-8a15-7a1e5f05f4a0", "value": 1245184, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689850634, "uuid": "ea3c4c34-0784-43e7-868e-002f2563cf80", "value": "application/x-iso9660-image", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689850634, "uuid": "9b9a2e9f-6c47-42ab-9873-a5275ac598a9", "value": "Quote.img", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a361d195-26e6-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1689848252, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689848252, "uuid": "521be28e-5fb3-44cf-9b8a-5b93798aa166", "comment": "Malware payload (RedLineStealer)", "value": "51a00e94bd4c8f2a1602f172ec1dd5f2", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689848252, "uuid": "56a1efad-60d0-4feb-b0db-231fbdc12666", "comment": "Malware payload (RedLineStealer)", "value": "c6394ca08e9da0fe0c0ea5c7f26e8e7f2e95e3ab53059d297516c432d2aee544", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689848252, "uuid": "5d85af9d-dd18-4c5a-a236-14ae08708cbb", "comment": "Malware payload (RedLineStealer)", "value": "8840fb97b97a3650891ab03838835b076d6ac7d6", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689848252, "uuid": "a139197a-1c67-4619-b7ae-588f99d8d73f", "comment": "Malware payload (RedLineStealer)", "value": "2cd4fca04dca8b71daf412d7c200ded02dd273b8c0823adb27288f436619f880b15150985c878bd2add90bdbed8c6f4e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689848252, "uuid": "7699fcdc-0d73-45bf-883e-8434c339c906", "value": "T1C2B41223E3EC4472C8B51BB52DF513D30B367DA6483487AB3295981B4C726C8A9B176F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689848252, "uuid": "b152fc94-99f3-4659-8e55-7c0bb6663675", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689848252, "uuid": "e1cecf5e-9c9d-4d8f-9022-1624fed240a2", "value": "12288:7Mr9y90agOeWJww7mbMASedV8/xYSCng9H6kddwaQye9nrk:SymsJwPMADaxYw9H6kjwaQzlrk", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689848252, "uuid": "3f20d7fc-999f-42d7-98fb-987e7a71f208", "value": 527360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689848252, "uuid": "25c19dcb-ee32-4c22-aeda-2c849457a1ac", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689848252, "uuid": "ef18d38a-6d5b-469a-8fd7-6762803e0e76", "value": "51a00e94bd4c8f2a1602f172ec1dd5f2.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "81f51755-272b-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689877831, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689877831, "uuid": "d9e2d915-e241-4780-b67e-1e1fa7bafc3a", "comment": "Malware payload", "value": "f310a8dada69a381ce92100f47ad9dab", "object_relation": "md5", "Tag": [ { "name": "PowerShellDropboxStealer", "colour": "#D66F21", "exportable": true, "hide_tag": false }, { "name": "webshell", "colour": "#DEA34F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689877831, "uuid": "925c5d37-5f45-4b49-998d-abb83d816558", "comment": "Malware payload", "value": "c7466649f0ad008ffa1bb8fe5d555cd7d776d0dd63c7eccffa1de470d0265cbc", "object_relation": "sha256", "Tag": [ { "name": "PowerShellDropboxStealer", "colour": "#D66F21", "exportable": true, "hide_tag": false }, { "name": "webshell", "colour": "#DEA34F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689877831, "uuid": "1febe883-a654-4a95-b1da-86f9b95e7176", "comment": "Malware payload", "value": "497b3b36566b49b4f94a5b7f5f66a18c2171a5d1", "object_relation": "sha1", "Tag": [ { "name": "PowerShellDropboxStealer", "colour": "#D66F21", "exportable": true, "hide_tag": false }, { "name": "webshell", "colour": "#DEA34F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689877831, "uuid": "40d1fe23-da4e-456b-a585-c8833b1276e6", "comment": "Malware payload", "value": "530582274df82b96b867a1a13842887df59b8ac375edcc623b381723542be57497bfca49258a0e76b7311b2f1d875f92", "object_relation": "sha3-384", "Tag": [ { "name": "PowerShellDropboxStealer", "colour": "#D66F21", "exportable": true, "hide_tag": false }, { "name": "webshell", "colour": "#DEA34F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689877831, "uuid": "908e4282-fb2a-42c7-b335-8964ad3eb70f", "value": "T1C34197BB5242355993F30299AB817043F6D2A1DF8C0B3D08BA8CA547BFE461C4263F11", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689877831, "uuid": "4e8048c6-d2a6-4a2e-985c-bf20043e8873", "value": "48:ruHGCc479Zb2OXY2CQpScox+JwpQikSE0yZOt:rBC1JN2OXfScI+mpQhL0yZOt", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689877831, "uuid": "66c06749-045c-4dd0-9826-cc8800cb1d55", "value": 2415, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689877831, "uuid": "75982aaa-c17f-4f12-a00e-89d1f1171a16", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689877831, "uuid": "7f053065-7ebc-4ae6-b011-0406a7c0b5b9", "value": "AH1iXVgs.posh", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9cae0cdc-26e6-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1689848240, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689848240, "uuid": "2fedd569-9038-4c8c-867f-f78e21074b89", "comment": "Malware payload (RedLineStealer)", "value": "c5a54417f509b769774a241e0b9eef27", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689848240, "uuid": "94a54f91-fb4d-4f3a-98bf-34c202cc645b", "comment": "Malware payload (RedLineStealer)", "value": "c775d7a0e6bcc64dc13b1e357e17420ce1cd173b3ecb63e0a3fb86059924656c", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689848240, "uuid": "84b6623a-ea55-466b-bde1-6637d4732481", "comment": "Malware payload (RedLineStealer)", "value": "1e53824e281201001d30f3a498a49b024b315b7d", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689848240, "uuid": "83f8798a-f672-4679-acdf-ce6f68215bf5", "comment": "Malware payload (RedLineStealer)", "value": "2e887e452dc3901e2c7f5f714b917d014e28362ab11d444eb1621909ab84318486274c5859b062ea15fadb0ce3a5585b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689848240, "uuid": "8ea3007c-9b0d-4716-917f-99340580e765", "value": "T1ADB40213E7E88533DDB9177018FB06C31B7A7CE09D7893AA3685A95E1CB2690647133B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689848240, "uuid": "820666b8-e655-4237-af28-92d43e51e745", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689848240, "uuid": "130d9e31-07cf-41da-b1e3-42f69b650504", "value": "12288:IMrJy909SQr8way8SlCJYDz/ioA8ipiuPc1Gc:xyySM8zMlCJYXXbsizEc", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689848240, "uuid": "c359699f-5b22-4498-a6a0-a50e893cf69e", "value": 526848, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689848240, "uuid": "aef88652-7d2f-48b9-a6d0-934085df7360", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689848240, "uuid": "027b6bda-7179-4553-9a92-b42277e463b3", "value": "c5a54417f509b769774a241e0b9eef27.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d28cf89e-26e3-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Arechclient2)", "timestamp": 1689847042, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689847042, "uuid": "38ade842-8fa7-4c3b-84c5-4a90eb486885", "comment": "Malware payload (Arechclient2)", "value": "489fa400791fe53a3554d9d7b24699ab", "object_relation": "md5", "Tag": [ { "name": "Arechclient2", "colour": "#FEBA91", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689847042, "uuid": "b0e3616c-6957-42b8-8998-170fac399fda", "comment": "Malware payload (Arechclient2)", "value": "c7fb6ed40e705854d8122133998fd11f1792759a5697e032e940bdbde2984569", "object_relation": "sha256", "Tag": [ { "name": "Arechclient2", "colour": "#FEBA91", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689847042, "uuid": "e1d840ec-5762-4139-8545-0c191c2267dc", "comment": "Malware payload (Arechclient2)", "value": "6733fcc921ab92d84878fac415cb312df544d447", "object_relation": "sha1", "Tag": [ { "name": "Arechclient2", "colour": "#FEBA91", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689847042, "uuid": "46a5871e-90a0-4ede-bef4-bcc6f94d242e", "comment": "Malware payload (Arechclient2)", "value": "4cf2fd59926658bd96c3a63e49dd874487ff085d512260cfcfc7d18857aaba1b56f88727be5c5b6849bedf68cfa9859e", "object_relation": "sha3-384", "Tag": [ { "name": "Arechclient2", "colour": "#FEBA91", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689847042, "uuid": "f56d27e8-357d-4b2a-8758-5b68718baeb4", "value": "T138A4382D73179536DAD9BF7880FF0F2C94A7425386996A4F0B8CC8C07F8539E9709A85", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689847042, "uuid": "0a8be63c-7839-4db1-a8dd-9ef078004759", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689847042, "uuid": "e12eac60-0f5a-411b-9593-553891d23654", "value": "6144:tlBYO4yjEb17TcMz5/hQluj0oGWA9HowGD9kh0vIOnP05Xlz34n3eA69tZTOaoWh:vaO4Xb1740ZDw+vIcs5XlzME9tF", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689847042, "uuid": "5c162c47-26b7-4ddb-99f5-109b3b7c0586", "value": 485376, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689847042, "uuid": "3b63a9c6-3b8a-40ac-83c2-3d4265b6cbc3", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689847042, "uuid": "f5b25706-dcc5-426e-bca9-5b92af3bc856", "value": "489fa400791fe53a3554d9d7b24699ab.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "eafba7f3-26e5-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1689847942, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689847942, "uuid": "be1641d9-782b-430c-aac6-cca72876f431", "comment": "Malware payload (Amadey)", "value": "78e143d53832462f94df54b039a2500f", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689847942, "uuid": "d8780136-8acd-4ee5-96a3-893120df9866", "comment": "Malware payload (Amadey)", "value": "c84d7a88c396b7e327907984474a5b186f4adf86792a273b4ded750f4b893ca4", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689847942, "uuid": "493c6b18-e94f-41ec-83eb-2e80161d6e23", "comment": "Malware payload (Amadey)", "value": "3166b93218a704270ad88cdcf933f8e7e27ae047", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689847942, "uuid": "7f32378f-fc96-4e32-8434-dfdbc9db2f5d", "comment": "Malware payload (Amadey)", "value": "733adb8d5ea5adec2be82e0d0eba50b9d8707df5cb838cb41c191d0e1bd5d68a559104801719f8f0b42b13953650aeeb", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689847942, "uuid": "1a168f0c-35d8-4546-a886-bb75aa7774b7", "value": "T15984F142ABE88032D9B51BB05CF613C70B35BDA59D38437F2752A85E0CB3694A93177B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689847942, "uuid": "866a4468-79c4-40a4-8079-a3fb4d8f83cf", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689847942, "uuid": "3f02f691-6107-48f5-a334-6e4e0104621e", "value": "6144:K+y+bnr+Qp0yN90QEsFSlPN+PytrbyJHrPkPGyPLtWc9uNNvHmPRa0xw:GMroy90TxseG+Wc9unmPRX2", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689847942, "uuid": "2a18a64d-a7ed-4379-ac74-952e172aefbc", "value": 399360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689847942, "uuid": "dc3c1b56-ed86-4229-8e0a-9cb312a5606a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689847942, "uuid": "0957ee89-58c5-4e85-ae77-b7297a53f599", "value": "78e143d53832462f94df54b039a2500f.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5451d386-26e4-11ee-a6f9-42010a9c0055", "comment": "Malware payload (DarkCloud)", "timestamp": 1689847260, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689847260, "uuid": "6a092ef7-4747-445f-aced-1d543c72ec5b", "comment": "Malware payload (DarkCloud)", "value": "0ebcaa089dd5f0c9ee4c628badfd8f7b", "object_relation": "md5", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689847260, "uuid": "a5f937fc-8f80-4d78-8223-d27eb6c0ffd8", "comment": "Malware payload (DarkCloud)", "value": "c8bbb6208a9ca69f2baebf0b426af881e58cca8f3fb2b76359a459b6b3df2e83", "object_relation": "sha256", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689847260, "uuid": "2805f5d2-51ba-44fa-b190-d8de6624e1e2", "comment": "Malware payload (DarkCloud)", "value": "9c675efec7954a6780004294084f78b2a06675ee", "object_relation": "sha1", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689847260, "uuid": "cbf06202-904a-40a5-a322-54ded27f5dac", "comment": "Malware payload (DarkCloud)", "value": "676a2e0b85d285d34694d1ffbbb2fbfc0c63bba1257bb0d8b3a53de52996fc056efacdd8da180389f8fd7bb20cd4d79c", "object_relation": "sha3-384", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689847260, "uuid": "19423f6e-f5fc-4150-b6d7-c27ce1aa449a", "value": "T10974124076F1C022F49617312EBEEEBB49EF6826183D83076F98671D79A7A40CA0F755", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689847260, "uuid": "ca66a176-f4b6-49df-babe-2088a337fa82", "value": "61259b55b8912888e90f516ca08dc514", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689847260, "uuid": "2a8de772-f3ee-4690-958e-f765861b2158", "value": "6144:/Ya6AWuGwNYK0GTMKh6+KZvZu7sb08ZDONDTbxzhp7d2fdxCmEQnKVYhXaa1wrbr:/YmI3NKo+uvZjb08Nsrxz52fdEmEQnDq", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689847260, "uuid": "5b4fd8b8-1798-4c3f-867f-aefe82587d44", "value": 352194, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689847260, "uuid": "6d418d2f-8b63-4ef9-970d-6fce0b472469", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689847260, "uuid": "7725f5f8-6046-4c50-847b-ac5acd5aec44", "value": "DBNote - CRNote _ DRAFT MBL HBL KGNSA2212999 ETD SHIPPING DOCS.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6ce82fd5-26cf-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1689838282, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838282, "uuid": "4fcd4056-c5d8-4bae-aa8b-6711faf77133", "comment": "Malware payload (Amadey)", "value": "a60141991bc94e54873cc32250e00c48", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838282, "uuid": "befb9c6c-7c42-4c89-ba91-22e1c92d8947", "comment": "Malware payload (Amadey)", "value": "c9a050e01ef0997b8aaccee38113498ee713d0aa4c0a218afa62e78ff41b1e8a", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838282, "uuid": "05a78aa5-f8ef-4cd9-9ff2-67c707fc6961", "comment": "Malware payload (Amadey)", "value": "e756ec7e4c5d3a42e0ba4d10e3a737a9cfe1fef5", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838282, "uuid": "dc68b105-6aaf-4922-8d9c-8d1d1cd8e3b8", "comment": "Malware payload (Amadey)", "value": "79991feda551f4df699e042454b67ccec4474cdbfea8270d278f9abd43012bcf04e14283402316ce41dcdb47a043e963", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838282, "uuid": "1540cc6a-f6b7-4294-9adb-aca74fe6a5ec", "value": "T18784F103EBE88077D9B1177018FB13831B35BDE26D64835B27D6A84A1CB2AD4A57173B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838282, "uuid": "36b72f57-b98e-411b-adbf-776a0f66ac30", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838282, "uuid": "b72c30c0-bc3f-4296-99d6-4db5df8137e0", "value": "6144:Kry+bnr+Jp0yN90QEa5ePRjlmiVqlBOLRp/KEGHGCcHnlRHr44lUC4B:dMrly908ElDciRp/KBHncHnl9FkB", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689838282, "uuid": "a28f6387-9112-433e-b08c-9cce63563c2e", "value": 399872, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689838282, "uuid": "34e33ec7-d6d7-4ba6-a599-a7113963ff42", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838282, "uuid": "117e3b60-28d4-40d2-8bdc-cd319fff69b9", "value": "a60141991bc94e54873cc32250e00c48.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b8fba103-26d3-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1689840127, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689840127, "uuid": "695d1e60-aca2-4c2c-aad5-de8bf3db07aa", "comment": "Malware payload (RedLineStealer)", "value": "0db4e42b90e053483424dbdc4228f336", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689840127, "uuid": "b2210a42-cb70-408f-986c-dccd8a671e6b", "comment": "Malware payload (RedLineStealer)", "value": "ca2d2d784989b96a8c6b704f7586553c5d73fc10fdc60d493647e9cd50d7ce7a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689840127, "uuid": "1ce4776b-35a0-4203-81a5-f92f41975fa9", "comment": "Malware payload (RedLineStealer)", "value": "7bccdc13e42e08a14a94a22eaf68d530318e589b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689840127, "uuid": "19ea1498-303b-4efa-beca-4ee5ebfe1b09", "comment": "Malware payload (RedLineStealer)", "value": "49d6fab85409643a11007079d95fb4d5c0b786ed3e7c0899bf8b4fceadd8699b2f9aee88be5352876be67cda5960a54e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689840127, "uuid": "a32f5816-6a3b-4b07-bf1f-83af01febfbb", "value": "T183B40242F7DC4472EDBA17B098F706A30B39BDA15D7842AF2345781A0C736D1A5393AB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689840127, "uuid": "5136788e-7828-4aab-8336-f136a6adf0c1", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689840127, "uuid": "a121ed6f-f3e1-4f11-ab08-216a2e540548", "value": "12288:kMrjy90EDh76jTu+7wySE9MZ0KfI5yFpZrWYyzrpZurz3/91iSyyFsRo:Xy1h7eu1NE9g0KfEy/k9ZurT/91tyss6", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689840127, "uuid": "7c55c1f0-834b-48bf-9d4a-b2082cef2458", "value": 527360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689840127, "uuid": "bb9a1f74-ea9f-4176-a48f-226ce8318d20", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689840127, "uuid": "0b3de513-0017-4c12-9b1d-2bb6ceaf1214", "value": "0db4e42b90e053483424dbdc4228f336.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6a5b6ca6-26fe-11ee-a6f9-42010a9c0055", "comment": "Malware payload (NanoCore)", "timestamp": 1689858464, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689858464, "uuid": "bb700ac1-4243-4aa6-8a7a-9f8877490311", "comment": "Malware payload (NanoCore)", "value": "9a083caab4b531408806edec5feb8eb8", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689858464, "uuid": "81c47ee1-0325-48f1-911a-0cd2b546cf28", "comment": "Malware payload (NanoCore)", "value": "cb5d2b29667d5d10ef927ecbd99657a4790f86bcd60ca92b3fe2d9601dced902", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689858464, "uuid": "d9da70dd-f2d2-4d79-aea6-beea8885e1f2", "comment": "Malware payload (NanoCore)", "value": "7ec48a3a933269f525db5fdfa156d36332ecff49", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689858464, "uuid": "3a50f90d-d2e2-45a1-a43d-f8110ad10bbe", "comment": "Malware payload (NanoCore)", "value": "cfed18d313a660d3a337e472aebeeefca135605fea5b8ccabdda0800a021e2c5078099e87f7b88904dc17ead7036bffe", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689858464, "uuid": "abd90031-1459-4689-be21-208c9f2029c6", "value": "T160E4228807ED4533CBE95BBC4AE1332593F09FC6542ADA492F96ECDAB2CF3105245672", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689858464, "uuid": "d1052374-76ce-42d5-a8e1-26810eceb179", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689858464, "uuid": "e4ca7b4a-5777-419b-8ae7-5ae83711bd9d", "value": "12288:2PYPfY7BZWQqtomNscef/NhMnxVWPRWa6mTTkSTR13cMedwjl9lJZbRvqanZniu0:2PYPg1YQ+omNgOxcpWMTLR2fdSlJZbx+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689858464, "uuid": "a5d11bb2-a2b0-4b19-95b4-09db5f871c69", "value": 684032, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689858464, "uuid": "59f066c7-43aa-4294-9ee6-723b0ddf1482", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689858464, "uuid": "ed4437b8-5b06-44ca-84ed-6f698acda373", "value": "g1baMumGaOtXOBR.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5753250f-26f8-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689855855, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689855855, "uuid": "ba2e1402-147f-46be-a3fb-09067e4dc491", "comment": "Malware payload (AgentTesla)", "value": "600d4bcc8871e6d7ba1f87eb7a4e0991", "object_relation": "md5", "Tag": [ { "name": "001", "colour": "#036B4B", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689855855, "uuid": "b208d291-6c25-4a1f-b2aa-e11fef558942", "comment": "Malware payload (AgentTesla)", "value": "cba4781a1fe8c164adfba0f33e58f66007d0db707a7af558f03083e412cd4fbc", "object_relation": "sha256", "Tag": [ { "name": "001", "colour": "#036B4B", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689855855, "uuid": "9d81bd4f-4eb6-47be-a491-f22e0ae1a386", "comment": "Malware payload (AgentTesla)", "value": "43f0e7e8d24da05012542ab12265060c7854ccdd", "object_relation": "sha1", "Tag": [ { "name": "001", "colour": "#036B4B", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689855855, "uuid": "3a43fb49-74ff-4088-8337-a900e3f86857", "comment": "Malware payload (AgentTesla)", "value": "dd6d020f232225ca6c693cd13fbc4db70de2bea07e895a4f3efceb42363167d7e9c5bc8388f32c2e5376135edcf86a74", "object_relation": "sha3-384", "Tag": [ { "name": "001", "colour": "#036B4B", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689855855, "uuid": "339065b9-786d-4c10-828c-3dbed8745ec1", "value": "T17C9423930F7F5291624204F92B1BAC16B75F0D7104788F8ADAE91D5F8AE421B7E0D273", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689855855, "uuid": "a6131d79-bafb-4d3c-924b-9523a659d451", "value": "12288:dZoS75k9eJVyCr+U/7ImBTPtERZCr7hzIWaY:dZTFvJVyA+zmNquIVY", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689855855, "uuid": "668ffe0d-977f-4b4c-b828-5f2e901fbca5", "value": 438230, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689855855, "uuid": "27f245ca-43ba-4836-a2cd-a996a647f21b", "value": "application/x-7z-compressed", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689855855, "uuid": "1a5c4c5a-863f-4f21-b1d1-78790e16d345", "value": "MSC NBO Rate For AU&NZ 07.15-07.31.7z.001", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "614544db-26fe-11ee-a6f9-42010a9c0055", "comment": "Malware payload (NanoCore)", "timestamp": 1689858449, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689858449, "uuid": "6a98de5f-42fe-4b03-bf49-23ceda9493b9", "comment": "Malware payload (NanoCore)", "value": "39d6b6d7b9410a80e8b775a66a61cb8a", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689858449, "uuid": "304ef4eb-d67a-4130-ad59-4a3e2fc79687", "comment": "Malware payload (NanoCore)", "value": "cbbaf4bd6ffb1aa1ba0babe5049127206fe54fdf547bd0f91436a047ea656745", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689858449, "uuid": "8e05b070-073d-421f-ae60-7ce879994b74", "comment": "Malware payload (NanoCore)", "value": "fed3c2842712c8ad14f5780892aa89bcf071ee78", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689858449, "uuid": "c5040e0c-64ab-46d4-b813-d8b8b59c1eac", "comment": "Malware payload (NanoCore)", "value": "ab43624850a64b3f8d305c0777540a2db8df953d90336f0408c43548324e8f5bf85287682738183d674b3c79199a52b3", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689858449, "uuid": "24aeed66-b01d-4a02-91bc-a1ac2de17912", "value": "T1C8E4239497AC4727C4D413B81B72B36113F08BCA042AFB986F9BFED9F81976061945B3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689858449, "uuid": "5b11d126-2b4c-411a-9a7e-c4c65bdf2386", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689858449, "uuid": "51929009-48cb-4dd6-ab26-5a87ee1261fb", "value": "12288:fPYPfY7xo+hHTnW1leTjuEiPdZUxC1K24M1sVn5gHKG1Zlu:fPYPgF9hzWy3slIH2argqG1Zg", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689858449, "uuid": "7bf86f61-d7fd-46b4-913c-a37320ed9562", "value": 683520, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689858449, "uuid": "68a94e79-49fe-42a3-9fa2-9d20048d8f65", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689858449, "uuid": "dbda9948-8d54-4f34-a4f0-ed98743bb20e", "value": "WL2wZqZXkbPCZdC.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7557a162-26cf-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1689838296, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838296, "uuid": "faf0171d-5332-4e09-b346-c36d2011dca8", "comment": "Malware payload (RedLineStealer)", "value": "9b26fc7deb38039cb0e7ea3146535e7e", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838296, "uuid": "0ddca60a-da83-44f9-a5af-6cadc2370bd4", "comment": "Malware payload (RedLineStealer)", "value": "cbf8a83ba7f72a47f6e47380215dda9d8e92b313978217e57151638c940a8ff9", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838296, "uuid": "e37b593a-a36e-4656-808f-654c68ae3172", "comment": "Malware payload (RedLineStealer)", "value": "62318d3141f9177581c7826f8c028cb95e4fe990", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838296, "uuid": "0950c81b-2b11-448d-9716-7752759fa3e5", "comment": "Malware payload (RedLineStealer)", "value": "68704fa70a6ca7f5b07ac5389c20444cb069600c146a10eabbfa7be18b5af2b262d216c47c98d9aa7885f9a66ba500ce", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838296, "uuid": "7507c098-d2e7-4169-b89d-ebbb17a71dd7", "value": "T184B41217B7D89473D4B2233459FA03A70B35BCB149B8939A23D9685F08B3780697637B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838296, "uuid": "a7e94b60-5f7d-4931-941c-39543fbd96e3", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838296, "uuid": "5773d126-ab39-4c83-9e29-45d4ca9e59bc", "value": "12288:rMr9y90eFwZcolWmm0WGELqXBriQdrhexzTV3R1ETABJ2:ayRFv0WbqXliQVhIPBR1gAX2", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689838296, "uuid": "e6c6f4a4-e9fd-4506-8c59-a23cca3ba0b7", "value": 527360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689838296, "uuid": "755373aa-7508-48dc-bdc8-90ba2f37283d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838296, "uuid": "49b16f83-11c9-46a9-9810-4856f0f4b40b", "value": "9b26fc7deb38039cb0e7ea3146535e7e.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "03347891-26ce-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1689837675, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689837675, "uuid": "cc0893b4-b89c-49c0-9c57-d8f591d8d534", "comment": "Malware payload (Amadey)", "value": "2eeefdf643f78c415d5773e6839837b2", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689837675, "uuid": "067b423c-5267-4263-a185-d69bfce0f606", "comment": "Malware payload (Amadey)", "value": "ccc5c313f416465ffc57b4343c6e512d0568f618620aaa7b258b5d5721aaf394", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689837675, "uuid": "18a91ef8-886d-49a0-939b-2eab61d5db76", "comment": "Malware payload (Amadey)", "value": "797a0d8433f1b575915a9cb2952795535fb3546d", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689837675, "uuid": "78e30b26-553e-4a9c-95e0-33a39811d3bc", "comment": "Malware payload (Amadey)", "value": "1043c03c629b0ae12fc965263abb4c337ef9e90a8d362d7b4e1fb7c859f84ef9c8c79052cd2a242e80ed57f5f72b86c6", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689837675, "uuid": "0bbc5a6f-91ee-4e37-8374-fd96892ce157", "value": "T1BB840103A7E89073E9791B7148F703930A3E7CA26938535F2759994A0CB36E4E53973B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689837675, "uuid": "1aa2131e-a64e-4c93-8ac1-c4097d7fcb12", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689837675, "uuid": "38f515af-1e2f-4274-859f-c428f5c56aa9", "value": "6144:K8y+bnr+9p0yN90QEA748JHJlPx2r5z3HVK9ehKCCB2GTNXeD3zsvHclk:QMrty90mM8VJluVSaKCCEUXau", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689837675, "uuid": "699345ea-d94c-4a59-86a9-3c1eedba0382", "value": 398336, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689837675, "uuid": "a01138c3-7fdb-495b-b2b7-2c857fd4bba4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689837675, "uuid": "d1afb551-885b-466a-8e13-3ff9393ff9de", "value": "2eeefdf643f78c415d5773e6839837b2.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4e62f9db-273e-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689885905, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689885905, "uuid": "17cc3b71-cb5e-46d1-baa0-8be15cc1b867", "comment": "Malware payload", "value": "386c37e848115b7a4187e88538cc9577", "object_relation": "md5", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689885905, "uuid": "231fb976-f559-4e7e-ab77-1beee1c69282", "comment": "Malware payload", "value": "cd8df681ecfb0f0bb885ba21b033cf06af0c23434aa7ee5c7aa048a608020f90", "object_relation": "sha256", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689885905, "uuid": "bc1c32d4-9b76-40a7-839c-5620425b7a96", "comment": "Malware payload", "value": "9df89d6bbc391bfc838b898e6fc73e0b4afd1874", "object_relation": "sha1", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689885905, "uuid": "8de6ac4b-1a5c-4452-8b75-187efef379e1", "comment": "Malware payload", "value": "c0f771333496ad524ca0303ed598fa4862083a3362626a5721dea6b0071c57f93db389c03130a004396b47af648f8f2b", "object_relation": "sha3-384", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689885905, "uuid": "d0446efd-df1b-4a69-88e9-6f8df02f9a6f", "value": "T165D43327BFFB0695A984405B90488B84D35F9D97897CFFA05B8D5B140BC3F01AA497CE", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689885905, "uuid": "ad443a4d-bd32-44a1-9b80-184ad834f1b2", "value": "12288:Vxsp4Ay5zBOlaSpOGrMXXDmnrDKeciMcglwvmbnsM8LYipYRCCu7wLX+bT+6B/vk:VxkAMYSpOGrMy3Keci3moL8us6B3k", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689885905, "uuid": "7899feda-3179-4270-a46f-c7b6f01dcae9", "value": 647021, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689885905, "uuid": "534b6465-7c40-4871-9e4c-5975420d6b5f", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689885905, "uuid": "07adaf8d-d2b5-4e99-9522-1f4e8387857e", "value": "4unz27.tbz.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b07abb6f-2724-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1689874902, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689874902, "uuid": "32da7517-20b1-4b98-9215-34e767669cb6", "comment": "Malware payload (RedLineStealer)", "value": "413f6518e54b384d06d4d76740b66702", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689874902, "uuid": "28d6483f-6e5e-49ae-8e96-4f207729bf5a", "comment": "Malware payload (RedLineStealer)", "value": "cdbfb15564317948c800599bf4e4ae31ca937d89a716dc1bf52752e10fa7980a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689874902, "uuid": "64a784e2-be65-40c9-91e9-c4805b71e330", "comment": "Malware payload (RedLineStealer)", "value": "a3e91e443fc618f0dc20dbedbaab32c0b7234be9", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689874902, "uuid": "0b63f8a5-fcd3-41b8-b53b-fdf93c3283c7", "comment": "Malware payload (RedLineStealer)", "value": "9fd8c09f1fb092832fba410a41e09d2245610d61112b20e50af9bff5412645b85ad26b712b162ef7fdda6e7e59372c3b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689874902, "uuid": "607abbbb-11a8-4b0a-9b1b-f8cdfd4ca1a6", "value": "T12484092393E13D44E9258B729F1FC6E8761EFA508F497BA52219BB2F04B1277D163B10", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689874902, "uuid": "663036e5-f895-463b-bbfa-443ae4acea1a", "value": "685fa3a7200aa618e17fa5e3208c5c70", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689874902, "uuid": "f2d0dc78-013a-43dc-ba59-696fdc8a1a0c", "value": "6144:DsZLSapG94HsVkWgpMOXatr2a1z2pN9QvDLH9:4Z+apPHsVkWgpMPtqa5MfQ39", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689874902, "uuid": "f67a0d13-7ce8-4f0d-8d61-6a834b24cce3", "value": 406528, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689874902, "uuid": "b04b97b7-91e8-456e-9f34-0a6f8243ec5c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689874902, "uuid": "066d5c53-3e87-436c-9b0e-fc293bb80b72", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e9782611-26e4-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RemcosRAT)", "timestamp": 1689847510, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689847510, "uuid": "64618e49-e7c5-43e7-b806-a9e4428bdd17", "comment": "Malware payload (RemcosRAT)", "value": "6782bf2eda86c004929ff3f314b493df", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689847510, "uuid": "8de10853-1a8b-44ed-b211-86a43cd94db3", "comment": "Malware payload (RemcosRAT)", "value": "cebbb9cdcba45e87c8dda8f1a980e217cad492cb3dcd610e3938f7767f35f7f1", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689847510, "uuid": "bd7a2eb1-581b-4af4-a954-bbc88cbc7d90", "comment": "Malware payload (RemcosRAT)", "value": "b46912fd87ba7d729c123bee3fec29546e67ec3c", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689847510, "uuid": "74280442-9046-4594-96e0-afca371e5afe", "comment": "Malware payload (RemcosRAT)", "value": "1181bfa70a56cb775afc161e11ae4e0c1302ee87b50b5a4a5b860e7d3422c96cbb93f150e84585eb9ccf67994e5b8e80", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689847510, "uuid": "6264c205-eb30-4e7b-8095-a5455296d1ec", "value": "T18CA4127313C87930DD2D0B73ACA9D880717313D67A23DB7EA9AB61989F0295C16A7724", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689847510, "uuid": "7f275225-800b-40a6-9c9b-2ae2c1b942a3", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689847510, "uuid": "063ea0b6-3915-4a2e-b8fc-843131f5eb30", "value": "6144:1iUstTxpWOIpAx220omKT5dfEaV6GHEcbfz5OgtiMK:cUGDypLy5PnEshiM", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689847510, "uuid": "44257562-40d2-4dbd-918d-2b5a7a6303aa", "value": 481792, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689847510, "uuid": "387d7c3a-e24a-4954-937b-b5e5ac38ca7d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689847510, "uuid": "9f9f067a-e910-4342-b764-582b50e668e1", "value": "ahffka.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bac35563-2692-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1689812213, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689812213, "uuid": "64d4ed01-bbbb-4ea5-b6e7-ee6c21d206da", "comment": "Malware payload (Amadey)", "value": "a646e1a2f329febeb26fc5a53836315a", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689812213, "uuid": "fb8dc4fd-6f2f-4e18-83f9-59e4f3ba4c80", "comment": "Malware payload (Amadey)", "value": "cecf8ebd44dc313d6e15a7671a39deb7e70ba1791454e8f9abaa363a90f0b09c", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689812213, "uuid": "c34e4faf-1904-4130-a630-a54cdc57563d", "comment": "Malware payload (Amadey)", "value": "c2f99e86c922a9596f847154900ddee3a7bbf9fc", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689812213, "uuid": "09fb33c6-876d-4f7d-9911-a01d74d6d9ee", "comment": "Malware payload (Amadey)", "value": "f23b22de21743117536efe6db5730f43984b993ed3fe79245aac1e0ee9a0cda69035b78a70a5c53ea1a4528f2d14c2dd", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689812213, "uuid": "0b1c6f31-719e-4b6a-a3ec-8b2cdc4895a6", "value": "T11DB41213DBF89433D9F55BB058F602D30B367CA52E349257235AA94A2CB3380E53676B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689812213, "uuid": "e37eda39-201a-4817-b31a-c4e2b159f748", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689812213, "uuid": "e7d6bb01-d086-424f-8650-7f9a9cd96651", "value": "12288:4MrNy90PWjSf+7xarQ5C4Yf7ECEKeC8D84YO9:FyGf+7g85C4YDECEKNW8W9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689812213, "uuid": "5ad758b4-4f00-4b7a-b772-3db1e407e7d0", "value": 526848, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689812213, "uuid": "b9b1ef64-3f67-4d3f-90a5-193b1a282f84", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689812213, "uuid": "473cdabd-a53e-4370-ac82-4684f746a9b7", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e632ade8-2737-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689883153, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689883153, "uuid": "93b40925-0a1e-4e8e-b48d-ff3ba68b0443", "comment": "Malware payload", "value": "6fbb1f40f32b2313106c88fe4261078e", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689883153, "uuid": "f8d6ea16-edc6-4d82-966d-9699f2af5953", "comment": "Malware payload", "value": "cf3f15f534ea069f36096b144e3fa527952ec4e37d73fadd505954e5941714f6", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689883153, "uuid": "9158e3a9-e30d-4ce1-9956-85cd7fdda645", "comment": "Malware payload", "value": "c2bcaf749f1bf16b60b5d0df9180be5ebd580494", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689883153, "uuid": "97fb2d34-ed39-46be-9166-d4db9beaf2e4", "comment": "Malware payload", "value": "25b00a9d4fce4972322baa46742a34e9423ff415997ba60d9ea9db675b71b43d31308c821a5c861c319106ec7e9cbff1", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689883153, "uuid": "146fc513-56ce-4e8c-9bfb-5dc7ef1fe59f", "value": "T105B58D1536424D92CE8D01F1D35E47296F50C9222725FA9B2BB65BCEB30D2E3B94D2CB", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689883153, "uuid": "4b072b9b-7719-4e6a-aa4e-e98b2b5f5d63", "value": "49152:T7HLIw1++GxydJ1KFguAe1YJm8Dapz6vnVUu:Tb0w1+vyLPe1om87Uu", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689883153, "uuid": "3ce51ea0-ec05-4e0e-9aeb-8e0a9b0e2d64", "value": 2357760, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689883153, "uuid": "79a258c1-5f2e-4b9b-8cb6-18b0f725d208", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689883153, "uuid": "72a96d2a-a3e9-4435-95d0-3125a87e9c06", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "11e15718-270c-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689864328, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689864328, "uuid": "e9bfe9b0-124b-493f-b120-2354dce73e17", "comment": "Malware payload", "value": "f4f147d270e98a7598f02362ddd2f927", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689864328, "uuid": "3f395c16-8fcf-4c21-a1a7-dc87917f629d", "comment": "Malware payload", "value": "d0130399fd404226ae5b90897e8e3affe29b7d34081ee1bf11ecb3750ca342c5", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689864328, "uuid": "03f32ef3-b4f1-41ad-918e-6afb188da909", "comment": "Malware payload", "value": "c79df640b839d8fb01ede7d91c397212a3e1da0c", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689864328, "uuid": "a508f5d3-55fb-4951-984a-d68c189a92a8", "comment": "Malware payload", "value": "03836cc78d4ec0eb5e768d5b5071340513ce77d22292f11321e24721fa436ebf98d10690c3c039a7abba245d1e338407", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689864328, "uuid": "c511cc66-76d8-4117-8122-f0f43b9090f2", "value": "T131E53307B4845E6BCA648C7388CD90CC56ACFBCDE04D6BD49380EA67E622BDD195D7E0", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689864328, "uuid": "0948828b-fd53-41ea-8f3e-a116a276f193", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689864328, "uuid": "6a3e8139-cc8f-424c-b518-3287622bbdcf", "value": "98304:FRyJKKbIFlOLLN3z71neq1VKj7J2tB5pu:FkwKbqeJ171Yj7Ep", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689864328, "uuid": "b1aa6207-ce3c-4bc9-9af8-a8fa83ca5e83", "value": 3256832, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689864328, "uuid": "368f75ef-3178-47a3-96f8-5f76214f05d2", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689864328, "uuid": "f0d9016d-1cef-4b47-960e-d57e7e6401bb", "value": "f4f147d270e98a7598f02362ddd2f927.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "27dcc128-270a-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689863506, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689863506, "uuid": "b50b3e23-0252-4ab6-adb6-77eb16084d43", "comment": "Malware payload", "value": "bb3e49f4f8eae71e756ba49386a7f00e", "object_relation": "md5", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689863506, "uuid": "a8cfb6a8-b69d-4046-b5c4-3611c5b8a22c", "comment": "Malware payload", "value": "d04b4aee3b062e68e9c35402495cf1d40ded53c7dadcdb35590640342932170c", "object_relation": "sha256", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689863506, "uuid": "c298fbd7-4e99-425a-8755-7fd02de7f3a8", "comment": "Malware payload", "value": "785f2640df61cce7a437c8c1a4eabb80a634b68f", "object_relation": "sha1", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689863506, "uuid": "252af178-c0c9-4bbf-bb0f-1ebfcfdd8422", "comment": "Malware payload", "value": "dc6aa0707dbb1bcdb3caf98124a6c0a5c5a8040c5e5d7b6e1807aeb86a21cbdccaf9441de492f6d973098b2797e73761", "object_relation": "sha3-384", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689863506, "uuid": "252e5c8f-f157-4a44-be1f-d358da119a78", "value": "T124F2905AE79F02A9CF9102B3171B0A89A6BDB33EB3515461346C833433DDC3D466A6BD", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689863506, "uuid": "0019db4e-922d-4577-b134-c4d57e897b4f", "value": "768:9Fx0XaIsnPRIa4fwJMtrkW08FQcXgZct2iOf:9f0Xvx3EMOsv2X", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689863506, "uuid": "c55c468d-0971-482a-a6a1-ef01e9a03153", "value": 35483, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689863506, "uuid": "e1cfc5fd-9856-4c28-ae5a-1a7a00276ce6", "value": "text/rtf", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689863506, "uuid": "fab65b62-03c1-4081-a789-6e6945d12fe4", "value": "SecuriteInfo.com.Trojan.GenericKDZ.93675.6459.4832", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6d091fec-26f1-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1689852885, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689852885, "uuid": "c00975ae-927d-4f0b-863b-dbb2ab156f52", "comment": "Malware payload (Formbook)", "value": "dcde6d2a4ff44c0e6ee36138d425872c", "object_relation": "md5", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689852885, "uuid": "bc62f34b-6480-4235-8ff9-71e91c00a7a9", "comment": "Malware payload (Formbook)", "value": "d063b230cad32eeae9aa8ffb4ac13fa81b97ff330b71c4941f43e72213a8bc78", "object_relation": "sha256", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689852885, "uuid": "8fc826a8-b0a7-4b7a-8eb0-759b4b05cba7", "comment": "Malware payload (Formbook)", "value": "3869447ee16beb11c815e8d2ea6d279380bc46c3", "object_relation": "sha1", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689852885, "uuid": "b8684714-c8a7-4564-ba9f-2b83134e471c", "comment": "Malware payload (Formbook)", "value": "827d9532e5ea900fd7bb068add9f280a1d92ccbb0709db85093662dbf7f11cba4dc56daacd68248f5576b721fda1cb25", "object_relation": "sha3-384", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689852885, "uuid": "7f817f70-c6b5-4d82-8895-3572d9424ddf", "value": "T11C4423E82CD2A6E5C30973BE4DF8B24978BD0287A013691E2F95DB5D71057CEED80693", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689852885, "uuid": "de2d1516-5200-4aa1-9214-e8af5a10822c", "value": "6144:5m0+H2tYplD2MQczkVqftadvA0IqmBgTZNF:U062tYppbgglkvA1qSgTZD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689852885, "uuid": "5b2b3e67-bd1e-4ec8-ac52-120ff667aaac", "value": 259988, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689852885, "uuid": "1a089df4-646d-4a27-a63f-8dcaf15de246", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689852885, "uuid": "4921a692-b963-44f6-ae95-2c276dbad82b", "value": "Updated Price Order.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e0b95f69-26cb-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1689836758, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689836758, "uuid": "a240862f-3a97-4a05-a91b-ac98df933d78", "comment": "Malware payload (Amadey)", "value": "7f2c00bbadc73ad53e903c94a20db4e5", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689836758, "uuid": "c3274e7c-640c-493e-9849-1c77b4404c4f", "comment": "Malware payload (Amadey)", "value": "d0ab8687e34a8f0343980bddd26689960bc998ce3537a995751d70b47f6b24e2", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689836758, "uuid": "48eb5a80-24aa-4a3d-b330-928967c3b13a", "comment": "Malware payload (Amadey)", "value": "9270d43f9bebdd6380fac9c6d6340fee4b28aaa6", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689836758, "uuid": "1187219c-057d-4ebb-93b5-1cfcff2524ce", "comment": "Malware payload (Amadey)", "value": "1985248124bd7442344805ccbbd1038261c0fafae200db6926c48e12f388563accaddd283e36a69c5377e6481dfa8956", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689836758, "uuid": "9b335763-d975-48fd-859e-21f25a6da5ce", "value": "T1C0840113E7EC8172D8B5237018FB03D31B3A7DA19D38866B2746985A1C727D4A93277B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689836758, "uuid": "e0d06e80-af41-4d1a-ad58-7ad0f538b8c6", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689836758, "uuid": "4d1ec951-abb1-4885-952d-366b8425ab17", "value": "6144:K/y+bnr+ep0yN90QEOcfek0pdG7xF25AE3ABmsEQX0mHhWjdbrfm5:FMrOy909eYxFKAEwBDjBWjJrfm5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689836758, "uuid": "9174b102-b8bf-4271-a5a6-0c1b6060126c", "value": 399360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689836758, "uuid": "2471e4c2-4de0-4009-878f-604d983e9dbf", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689836758, "uuid": "db642d32-fd82-4651-9dbd-ea16b7d9dbea", "value": "7f2c00bbadc73ad53e903c94a20db4e5.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "84ff0172-26cf-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1689838322, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838322, "uuid": "287bf1f2-8224-43bc-b89a-509f2076c931", "comment": "Malware payload (Amadey)", "value": "bf0e136ebd9b922aad2aa43f47e10fe9", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838322, "uuid": "dbc719b4-4e85-4150-85e8-a7542de21151", "comment": "Malware payload (Amadey)", "value": "d0e11c0b8b5b45495b802fe644233d1d0c4fd59c79b4e658d33dd676753b946d", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838322, "uuid": "497260bb-2dd9-4699-b676-59bc3795742e", "comment": "Malware payload (Amadey)", "value": "b9aa2e793d8b99e000e811dc1358550b612ab38e", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838322, "uuid": "6bcd975d-d780-43ec-86dd-6e88cefaf6fd", "comment": "Malware payload (Amadey)", "value": "78cb40928ae9c130ed4207c32a61e386baa0af7b90a6c21d2be1b1eb3c3e278fca72a727ad4320e4b5dd092bbd0cbb62", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838322, "uuid": "11ecf60b-7aaf-4065-a949-a702dd22e7e5", "value": "T1AD84F203BBEC8422D9F52BB058F603D31B35BDA1DD38862B2795684A0CB3694653677F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838322, "uuid": "3f9c8dad-4311-4ffc-9e38-05654087ce77", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838322, "uuid": "810974af-1f29-4b32-b0da-4fcad5c69182", "value": "6144:KYy+bnr+6p0yN90QECtASb46LOhUJdCsnKSh6M35YVSWRUL6BhBd:8Mr6y90cZIyHN61nWod", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689838322, "uuid": "9c17323d-6a79-4570-a011-856d99fdf54b", "value": 399360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689838322, "uuid": "77775cf0-4f9a-45cf-b365-1de90c033dc0", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838322, "uuid": "6bfb0082-b79c-4ea5-9867-3d00f17fbad8", "value": "bf0e136ebd9b922aad2aa43f47e10fe9.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bd8cf254-26d3-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1689840135, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689840135, "uuid": "2e446381-d06a-48ae-a567-5d8457fe351b", "comment": "Malware payload (RedLineStealer)", "value": "5a7e39392ca38935d5ead6a603950b4e", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689840135, "uuid": "e2e03572-4d99-463e-aa76-75b7d51db0cb", "comment": "Malware payload (RedLineStealer)", "value": "d165e7e14757471b0d7b9310e86dc7e0494b0704bebc20154a5395f2f73a74fe", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689840135, "uuid": "dec0b1ec-37ff-4d03-bc62-29ba4aebe66f", "comment": "Malware payload (RedLineStealer)", "value": "fdc8f736880a5eddae1deeb230be0231c3a1c112", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689840135, "uuid": "9d845365-4b6f-404d-97d2-c195b29e554d", "comment": "Malware payload (RedLineStealer)", "value": "00682a1184c510542367a4a012876ccc3d42b50da49617fa06bb352375d4814514e677fc029e4c4e3932cd90c5cb468c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689840135, "uuid": "68c905f2-5836-4188-87c6-ca3fa958d9c2", "value": "T12F840206BBE49073DCB517704CF707E31B36BCA15E78539B274199A95CB3290A8723AB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689840135, "uuid": "a44c533a-93b5-4469-881a-97ce0968b0e1", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689840135, "uuid": "3d1ee50a-017c-4092-8627-83b2207f1769", "value": "12288:9Mr7y90F4WYgxPcy4QbafAvTtDn0fLFPiy:6y7u40WmALFj", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689840135, "uuid": "1af8337d-e071-4697-bb5d-b6a65363e1c1", "value": 398336, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689840135, "uuid": "0ff335cb-3943-4745-bc6a-d99fface54a4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689840135, "uuid": "e7b9aa41-3eb4-4250-9f0f-e189156005d7", "value": "5a7e39392ca38935d5ead6a603950b4e.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e4bb4df3-26e5-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1689847932, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689847932, "uuid": "b1099269-fff6-4cc1-a384-8a516c3f38fc", "comment": "Malware payload (RedLineStealer)", "value": "06da8d84aa5ae358540d202530fc8162", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689847932, "uuid": "3ae74950-b92f-4894-9fe7-5f64ddbc53a7", "comment": "Malware payload (RedLineStealer)", "value": "d190f812cea6bbf37a5c27a5819cf4459c2ba5b05502966842d790a822b5add1", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689847932, "uuid": "20e3711e-9337-40e4-b1ab-330621d6dc78", "comment": "Malware payload (RedLineStealer)", "value": "11f4658c42801bc5a7347ee4ee08ff89c5b5bf5d", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689847932, "uuid": "c24ae7c6-7d92-4184-b355-515e33316bdf", "comment": "Malware payload (RedLineStealer)", "value": "efb7ee0957ffc79d2273e61f4974726a9a32a86f80508f57f17ae6ec69ffa08c095c6c32523640e5fb8db4a63562eee6", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689847932, "uuid": "8a14ddf1-307d-47c8-9c50-db477b00acfa", "value": "T138840243FBD88136E9F51B7004FA02930A31BCB1497C976B6742ED690DB3690A57277B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689847932, "uuid": "ed2e950e-a49d-41d5-81a0-90fb2a5e14a2", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689847932, "uuid": "d5372acf-1147-46dd-bba4-40adfbb8fe42", "value": "12288:KMrpy90wRtN9uFzfd07kF2ydr2IX+ps+4SFwS:DyDX3QzH2q2Hr4SWS", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689847932, "uuid": "ff7f0337-5491-4a29-9580-e5fef1739e71", "value": 398848, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689847932, "uuid": "0bcf19db-7975-424d-a47d-d068233cbdad", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689847932, "uuid": "2a6fcb9d-74fc-4791-92b5-0838ed7c8810", "value": "06da8d84aa5ae358540d202530fc8162.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4a844aa0-26e0-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1689845525, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689845525, "uuid": "e668bf94-357e-4256-b164-b818d90d3e6c", "comment": "Malware payload (RedLineStealer)", "value": "fc8a749534902b784a021ba891b2de71", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689845525, "uuid": "fe320059-3a00-48c9-a708-a8866b8f0231", "comment": "Malware payload (RedLineStealer)", "value": "d191282ff466919a5feb6c8682f696332eded6dd8747d336fe16593c6ea96f7a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689845525, "uuid": "6a55eb55-f6b7-43c7-aea8-20f60208cf48", "comment": "Malware payload (RedLineStealer)", "value": "824c3750ef168c3eab90a5761864157f47ec971c", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689845525, "uuid": "fb6a59ed-417d-4497-8405-484a4f8506a4", "comment": "Malware payload (RedLineStealer)", "value": "439d6779358f79e9cfcb3b216631f3cd11b8a6aac1bb1c18cf1c058648a6c81b23cb198ba0a7f9c29f5c0bbcf60a9b55", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689845525, "uuid": "22b0d029-971c-40d4-a677-57a90caba600", "value": "T113840152AAD88473E8B5277018F613C30B3ABC915D78836B2384985D1CB3AD9F57177B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689845525, "uuid": "a496150a-ca04-43eb-bc45-ffe6660cbb01", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689845525, "uuid": "b708c573-c9d5-4cc4-a97e-63ddbeda9f79", "value": "6144:K7y+bnr+7p0yN90QE++Xq2qkWcnZNbQR5mbZvdLFhJauS7BfbCcHnlRHGb4kXyGA:hMrry907a2RdL3AuWOcHnl9z0+Ei", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689845525, "uuid": "5dacd611-1d0a-4cab-b510-8888aef78b88", "value": 399872, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689845525, "uuid": "366ff027-f7b5-4c70-870d-843384bb4e53", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689845525, "uuid": "5c6225c0-1d1e-4dde-a95c-2d44c4df0d0a", "value": "d191282ff466919a5feb6c8682f696332eded6dd8747d.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c2b35069-26ce-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1689837996, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689837996, "uuid": "008d8d02-3187-494c-a057-f376bdf0b0c4", "comment": "Malware payload (RedLineStealer)", "value": "457aa4d60b6b18f27b133a95580fcc75", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689837996, "uuid": "e4b260fc-fbe2-4a34-a41c-82dd5f482e61", "comment": "Malware payload (RedLineStealer)", "value": "d1e44d1d7cedd6501d104ea426b5dc89d19f51837651b45476e285d27e52b2a4", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689837996, "uuid": "3024dda3-2232-43d9-a4dc-f6158c74432c", "comment": "Malware payload (RedLineStealer)", "value": "6eb60a00eb61e8af90f1e04879580cb51c99f62e", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689837996, "uuid": "3035e637-a846-4f0e-9af0-a01dd4726569", "comment": "Malware payload (RedLineStealer)", "value": "da833cd7bd3d1c2b77381934e8aa0ff4c9c51a1f0d9c604b5aae8da48513f7c0c78859ae4a3ab54a5a7e2002785471b4", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689837996, "uuid": "f0a426a1-b5f7-4f47-a16e-c059eddec145", "value": "T1C0840102E6E89033C8B11BB018FA17831B35BEA25D74836F3391AD4A4CB3599D57677B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689837996, "uuid": "1b654213-9709-44cd-9619-47d0023ecaeb", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689837996, "uuid": "a98e5f4f-5ed7-4276-8215-e0400a9cf5c9", "value": "12288:qMrwy90aNjYErquXxI7P5r9cHnl9XbWa:2ylYH4I8HnWa", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689837996, "uuid": "5a1bb292-49e9-4064-b879-c56fa5b596de", "value": 399360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689837996, "uuid": "7080241d-3880-4eaa-84fa-e75951b8c9e9", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689837996, "uuid": "b27794a2-1e4d-4465-baea-42523641e8a6", "value": "457aa4d60b6b18f27b133a95580fcc75.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3bd388e4-2691-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1689811571, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689811571, "uuid": "54933f1b-21e9-4978-a3f7-7e0553f1e7a5", "comment": "Malware payload (RedLineStealer)", "value": "a1d80795d69bcf1e78b62ae3b0ed4bc6", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689811571, "uuid": "1a5549ca-aeb6-43ec-b41f-eb7544865e06", "comment": "Malware payload (RedLineStealer)", "value": "d3b95985bbdac941180a93d4e2ce29a9fae660f79b2f740eea472d306cb2a062", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689811571, "uuid": "4ea4b787-ce6b-4903-8125-e1f1dfff7669", "comment": "Malware payload (RedLineStealer)", "value": "e42098543a886087d33e68bbd95bf103a95ea656", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689811571, "uuid": "03bef969-7ef6-41ea-9571-2104ab167007", "comment": "Malware payload (RedLineStealer)", "value": "8c18eba3a45c2a6339216e0b4ba25b5d9e42cb56a1e092704c3ce481bd0560cd5af81853a6458db321cad3ea9d618c1e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689811571, "uuid": "4b7ffe8a-68e8-4de7-b44e-e33db2c303db", "value": "T1A674E02176E0C072D5675A3049718A915E7ABCF2AFB540CB23583A3E2E707D05FBA787", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689811571, "uuid": "16f6efe9-9c11-40ea-92e8-e7173f81a7b5", "value": "02f23a44e70611470e4c2107da6d7f64", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689811571, "uuid": "aa821364-42bb-47b6-b9d1-6dc3eff56288", "value": "6144:fmpQEO0H0QR38D7hJbTsxGjHrRhH5zqxrEiw0dF:XEOHMMDFJfdjRSM0", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689811571, "uuid": "ad83d368-0c11-4c8a-98ba-7812c027c5bf", "value": 353280, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689811571, "uuid": "0ee5ae51-b5c3-4c68-aea0-0762d49375f7", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689811571, "uuid": "27c058f5-8d55-4ace-811c-97023acda62d", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "94bfff4c-26e8-11ee-a6f9-42010a9c0055", "comment": "Malware payload (DarkCloud)", "timestamp": 1689849086, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689849086, "uuid": "673ac8dd-932e-4fdd-9eba-642066ca740b", "comment": "Malware payload (DarkCloud)", "value": "27de92ea28f11ed9a1b327f6df81deab", "object_relation": "md5", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689849086, "uuid": "f0c629fa-5c91-4a9f-a2b2-29c7757cf899", "comment": "Malware payload (DarkCloud)", "value": "d46f7e127f48d7fc3d018fd53e2c7d473c6c54d1f3e2cabec145becbd247a717", "object_relation": "sha256", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689849086, "uuid": "00786db8-f6b7-41a2-8fc4-2c64f3552060", "comment": "Malware payload (DarkCloud)", "value": "5e4bd89351040e293aa47a65c83c4705a92ed0fb", "object_relation": "sha1", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689849086, "uuid": "df1508db-a2e6-45a9-aca3-60a78406ff21", "comment": "Malware payload (DarkCloud)", "value": "6e2ea79bcb04692178eea6d3c9596cf756e03b7ad58c5670277c1aa3fb89cb28952042776c954f783518964fac8cd38f", "object_relation": "sha3-384", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689849086, "uuid": "2405d76a-8e66-4c5a-a219-f39e84941691", "value": "T1F974120A3A66C9BFFE732B312F168B2A5F7D940520B4424A3730A71979772816D4E3F1", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689849086, "uuid": "244a4a9a-8aaf-44a8-bef0-e5521257e830", "value": "61259b55b8912888e90f516ca08dc514", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689849086, "uuid": "b44710c2-8ffd-47a8-a299-169e3e328179", "value": "6144:PYa6usXhrARAhY41lUkwS5mr4Qy9LKjVdluSBXgStypbqK1AonEBDOES0VYOu:PY4q4AhYmUkbQyJKjfl/mOqAjKOu", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689849086, "uuid": "559e4dda-6e16-4320-a1ef-cf89fd68a836", "value": 346157, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689849086, "uuid": "43e0eba8-3f55-4591-b9b4-df1cb3805237", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689849086, "uuid": "f046f9c8-9cf0-4501-9b90-7f847b605e3b", "value": "PI YW-201123.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5edbf1a9-26fe-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689858445, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689858445, "uuid": "2ff048d6-dd6d-4b19-9ea7-c34bec2c74bd", "comment": "Malware payload", "value": "bcc343d6cf0098ceffe6605da90f7050", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689858445, "uuid": "02f49d21-e9f6-4103-9d5c-68ee7b9e981b", "comment": "Malware payload", "value": "d49817fca3b05484d9518c7301ef69e347966d508507ca60955c7014221814d4", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689858445, "uuid": "dc4b2509-5b16-4910-b483-921dab4cddef", "comment": "Malware payload", "value": "52bec74ed2eb9d28113b0f716797c28e404d4ee7", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689858445, "uuid": "da1e1bad-3782-42db-a36c-978747a81d1b", "comment": "Malware payload", "value": "0f61cf8c8d441c79de1d30cf7cc003165cb9619dd51eb7b182278099f84949d41396f50f98b9328b90d20ad81b786caa", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689858445, "uuid": "d3604f81-bbbd-4087-9e27-b37224e4ffa9", "value": "T133752302BEC189B2D0631E325A32AB11657CB9302FF58ADF63944D6D9E716C0DB31BD6", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689858445, "uuid": "57f38f64-63f2-4854-bbc3-6ae0d013c01b", "value": "12e12319f1029ec4f8fcbed7e82df162", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689858445, "uuid": "4a4ded3d-a607-4fff-bd56-caeee485f851", "value": "24576:MTbBv5rUDkdwJJj43PCp49ot5A8xsTAWaKyZ1ieBWlVM+sCB+x+hj01xZPKrQi:OB/uKQYw6V7aZieBWlVM+sC8Q01xwrj", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689858445, "uuid": "f3e4a448-33d0-40ad-95a9-93b8c99c1361", "value": 1607838, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689858445, "uuid": "63b2fce5-cb74-43a9-b958-f379aa86546f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689858445, "uuid": "ea32fc26-6293-439a-855f-c0c3278fd38f", "value": "TT COPY $67,000.scr", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2f474038-26cf-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AveMariaRAT)", "timestamp": 1689838178, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838178, "uuid": "032ef19d-73e7-46c6-a118-68f2a6c67095", "comment": "Malware payload (AveMariaRAT)", "value": "03274c16513f53c198ae42a1fba66bad", "object_relation": "md5", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838178, "uuid": "d1de0549-4534-48a0-9c89-1bfb36952b81", "comment": "Malware payload (AveMariaRAT)", "value": "d5582d466104e3130d5bc56df57d67d89036793dd979038b5dabd82b13736e43", "object_relation": "sha256", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838178, "uuid": "288b17bc-72b7-4ad1-800f-9b2d7a1a27cc", "comment": "Malware payload (AveMariaRAT)", "value": "609117d7bb8720184b4b075b81e29d9690398fa4", "object_relation": "sha1", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838178, "uuid": "2bbe9262-60b6-4a7a-922e-329535b2d5d7", "comment": "Malware payload (AveMariaRAT)", "value": "5d0f594eb0556eb2cfe8829d29e6d0e55e0b73d61e42ae25b1e9655c804b4b043a30500692817d7589f2d81f9079cfda", "object_relation": "sha3-384", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838178, "uuid": "ac4bbb1e-2cb4-4069-9d80-9cb74f0eec77", "value": "T16203D00057ED41B9C66B0A7DECB202420B396F97D467DF8FAE8C594B1C472396A21BF1", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838178, "uuid": "4b97d6e6-54cc-434d-b5b2-51465e299791", "value": "768:dJoQWT526nq5Tllmu24Ra2DovIieNhIPVQPa9c8V8a:1WT5dQTll92m7ov0oW6c8V8a", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689838178, "uuid": "ca106e99-bdf5-4a7d-a814-e4e4c423a954", "value": 37888, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689838178, "uuid": "532ea2f5-a8e0-4d77-81c9-1b23983535f8", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838178, "uuid": "5aa16bf2-5066-4577-9a66-667383ac6a2e", "value": "SecuriteInfo.com.Win64.RATX-gen.7109.31928", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "34b8383c-26d0-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1689838617, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838617, "uuid": "ccad9745-c730-4b23-8c23-d9a33e419b18", "comment": "Malware payload (RedLineStealer)", "value": "03e5bda34bf1f1416df08c8f22f86c44", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838617, "uuid": "0ba5e6a7-8575-4b7a-84ce-9600520ba671", "comment": "Malware payload (RedLineStealer)", "value": "d57352b17144065c6fd05a0807532115ba9622e99b096ac4432dd312359b06d0", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838617, "uuid": "c8079d66-068c-4927-9c4f-cef4760cf165", "comment": "Malware payload (RedLineStealer)", "value": "4da55b7cb2b7746156333ca9bcfb6b3884c95316", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838617, "uuid": "5d913a0c-af54-40a7-9d4d-9909bd92d6dc", "comment": "Malware payload (RedLineStealer)", "value": "8ec318472dfe07d91f4a919742f252d64743e99b614c2e23a66c463127b2f1125ecc686c5201df21131099aa6776bea2", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838617, "uuid": "7f0aca8b-b7ea-4b2d-a55b-f03676f53dd3", "value": "T1E9840212ABDC4132D9B427B05CFA03831E36BCE15E78831B2786AD5E18B36C4A57577B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838617, "uuid": "06124add-b4f8-41dd-a512-eb16bef9552e", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838617, "uuid": "803b1ff9-bb1b-42f9-8a2c-5b2cf2162581", "value": "6144:K5y+bnr+Wp0yN90QEl2m2A34vRS5KRP5sp1BkXYijeIA3c5rtLIRva6:DMruy90734c6P2nMjeIA3cliRvf", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689838617, "uuid": "9e6c6e16-369f-4e8e-aeb0-7055b8c87519", "value": 399360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689838617, "uuid": "b191bd5f-015b-4db7-8609-ef32bba8c0a9", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838617, "uuid": "abb55233-0cfc-4a77-92c3-ebdffc460ec4", "value": "d57352b17144065c6fd05a0807532115ba9622e99b096.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "dbdfd026-26d5-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1689841045, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689841045, "uuid": "96c83502-c50b-49ec-88ba-597b484d276f", "comment": "Malware payload (Amadey)", "value": "f708309544a443683c430107bf136d38", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689841045, "uuid": "a3db5daf-ce5a-4815-9242-0e7c7610002e", "comment": "Malware payload (Amadey)", "value": "d791cf9ca63ba1203d212e87de974148508732eb74c3cd8dfb2aab4c745ebeb9", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689841045, "uuid": "77e449c1-2b5f-475f-bfc3-2a9fe3414d62", "comment": "Malware payload (Amadey)", "value": "556f16f2a84bfa10f6e4f4f5dfe5401ce1446c31", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689841045, "uuid": "01dc3670-3250-44c5-841d-60d19ec91373", "comment": "Malware payload (Amadey)", "value": "270461d9386e3a01c670701f80a47797777cbf24ea1b260e39a269b204353b48e246b2a108a38b40ceaed525743eb50d", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689841045, "uuid": "964c8abf-7d59-4b78-84cb-7e5e6d3f32ec", "value": "T18F840212AAD88073D9B5237059F203D31B36BDA15DB4936B3386581D0DB3AC9E4727BB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689841045, "uuid": "5b7d4871-1d58-4781-8d2c-6b88d6034cd6", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689841045, "uuid": "51102aa7-07cc-469f-a371-b54416a62be9", "value": "6144:Kfy+bnr+ep0yN90QEjLuqMFkW2nZN+As6zcBi7HfdCcHnlRH4J2ZBuyRnhF:dMrWy90IhisRB8YcHnl9tZznhF", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689841045, "uuid": "95401ce9-67ec-4faf-807c-119ee04c2282", "value": 399872, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689841045, "uuid": "ee329576-4b3f-47f5-9974-531da59d681a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689841045, "uuid": "bf1a1833-ef5c-4e0d-970e-da996974d10c", "value": "d791cf9ca63ba1203d212e87de974148508732eb74c3c.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fd31da1a-26f4-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Rhadamanthys)", "timestamp": 1689854415, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689854415, "uuid": "47cf1fca-2e31-4fc5-8d49-fb9573c1b48c", "comment": "Malware payload (Rhadamanthys)", "value": "8fdbcd880b2db4f3a06f95a4baf5b098", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Rhadamanthys", "colour": "#3D95F5", "exportable": true, "hide_tag": false }, { "name": "stealer", "colour": "#CABE3B", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689854415, "uuid": "3364409f-0732-40fc-beff-1a04cb159b95", "comment": "Malware payload (Rhadamanthys)", "value": "d7924c336a4c338816dcc7c6d4492ed49f21b75dc7b20425a623656fd28b678a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Rhadamanthys", "colour": "#3D95F5", "exportable": true, "hide_tag": false }, { "name": "stealer", "colour": "#CABE3B", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689854415, "uuid": "c3d4d881-ef94-4a17-ad84-adb6ceb5496a", "comment": "Malware payload (Rhadamanthys)", "value": "9fcf5d2c36a70736285b936d2f95e67c73ace350", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Rhadamanthys", "colour": "#3D95F5", "exportable": true, "hide_tag": false }, { "name": "stealer", "colour": "#CABE3B", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689854415, "uuid": "dd5271ab-945e-4f9c-88cb-6ff452826daf", "comment": "Malware payload (Rhadamanthys)", "value": "0999651e52952f6b1ed0ef804e5b3066a93fb091e7fff66c4a631e6fe7022d5bbbdb25db5d6dfbf8b3b6ea085b381cee", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Rhadamanthys", "colour": "#3D95F5", "exportable": true, "hide_tag": false }, { "name": "stealer", "colour": "#CABE3B", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689854415, "uuid": "235285fe-8b4e-4cc8-aace-ec463a1f4163", "value": "T1A8E5E04522D942E4DB37B234B64C3AC5E972F8D54E64875B0FF086D60BF76A11BEA304", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689854415, "uuid": "be692881-00a1-4f38-abbe-52060190ca9c", "value": "4bac5f1aa5d59044c6bd9ee6b4a263c1", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689854415, "uuid": "499b44d4-9509-43bd-97d3-fcac88446ced", "value": "49152:djUMm9gAd29FB0AVSxQlGZLs5GVkmmmmp3hLpM4tlBM6Lpe67iMio8it:in9g68tSxQl15Hh9NML657iML8it", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689854415, "uuid": "cddf887b-41a3-498d-afa5-d5eaa9d64d6a", "value": 3146888, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689854415, "uuid": "f23f7063-5f03-4b01-9921-e8c639d2a242", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689854415, "uuid": "e9a07443-69eb-486c-a694-d1eb7e6a2207", "value": "a456.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4bd2c575-273c-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689885041, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689885041, "uuid": "658b5e72-a83d-4204-82ef-458f09c7bb03", "comment": "Malware payload", "value": "d2dd3a4e60d5e423b74b33e8bc412530", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689885041, "uuid": "591199b6-9e41-4592-ab14-76feca983ceb", "comment": "Malware payload", "value": "d9ecc5a2ba9b7dd4b369bd809c0082084c0f521edef44e9b7f1bce888af71ece", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689885041, "uuid": "ded94675-e20f-4537-9ab5-6f432d8ada9d", "comment": "Malware payload", "value": "c4e841b1047a9f9922ad39037995a6a1af8776bb", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689885041, "uuid": "20b0c85a-57e7-4afc-8de2-64e6608a6ace", "comment": "Malware payload", "value": "abce5b9f6742f8ae7d0e8cde4016fa8f1f48a5f8dd398b248ce312ec73d9768c6a3901a0e4e8f2d033f71195c2c657e6", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689885041, "uuid": "2acba40a-2e9e-4bce-9888-fca22f941f5e", "value": "T17C96086BB1A4812AD15DC53ED0B3DF40953370751B36C5EF9294026A0E9BADCDE3EAB0", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689885041, "uuid": "139a7df3-607c-44d3-a91b-2996c4fa2931", "value": "5d1b57992eb01e9a84723f1cf593c843", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689885041, "uuid": "14eb4a94-8ab0-45fc-9323-8dcf164cdfd2", "value": "49152:393NQ9EWDZqTATFnYBP3Slqm0IH7zSj3d/jzTF3Kiglz7h01CvjwPvY3JKNp:393JWblz4TKl2ZPvWJ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689885041, "uuid": "1db40327-ee9a-4cb3-a6f5-233373680ea7", "value": 9049088, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689885041, "uuid": "04fb771b-faf9-4b64-8577-3ee62ae113d4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689885041, "uuid": "22a6753b-592f-4e1a-aa3a-e7eae788eeb6", "value": "SecuriteInfo.com.Variant.Barys.434263.26247.6791", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e8e02e74-26e5-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1689847939, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689847939, "uuid": "34501f93-0812-4d1e-87f8-10950162787c", "comment": "Malware payload (Amadey)", "value": "52f20123ad124cb3e94dc1bdb7f5c14c", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689847939, "uuid": "7f3394b0-af02-4a58-896f-21a20af6b126", "comment": "Malware payload (Amadey)", "value": "dbc75d942b6483f882f5538e248c4148ffad7dbae017d1036e686fa5110eff66", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689847939, "uuid": "84a3446d-8e6a-4c39-9ca1-31935c5dabc6", "comment": "Malware payload (Amadey)", "value": "de5fd8fe5d7190a9d4f00ae04d7a390289ed59af", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689847939, "uuid": "a77e9b3c-9235-4d22-b199-56af25f75d5f", "comment": "Malware payload (Amadey)", "value": "32ecf82156b877bd1f074d81f2829fdf83f6ca0a161633d5f6a3b4c5b08e98b341b069acc13243824866ff00b51e3dc7", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689847939, "uuid": "3547c1ec-cb20-4016-af42-6ebef706164a", "value": "T13684F212ABED8032D9B92B7068F603830B327DA15DB4876B37456C9E0C736D0A57676F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689847939, "uuid": "b99ad06b-cd1e-4a65-a830-7adec98f470d", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689847939, "uuid": "9d28f2e2-5d1c-4a04-9cd7-b47eab4c1eed", "value": "6144:Kby+bnr+/p0yN90QEpl5h2AHkWH7ZNuEMF1gfOYun73cBhzUcsbnjpKQt4fqbk:VMrny90k9viBKwBhQXEE4fqw", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689847939, "uuid": "47cc023d-d662-45ed-aa7e-d2dcc5aefeda", "value": 399360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689847939, "uuid": "9dad4527-b10b-4d64-a792-848abd238541", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689847939, "uuid": "8eebe959-5f15-4f6f-a3a0-6830cf03e6ef", "value": "52f20123ad124cb3e94dc1bdb7f5c14c.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "61c13f16-2707-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689862315, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689862315, "uuid": "7e1f6016-738e-4729-b26c-06d889f06cb1", "comment": "Malware payload", "value": "47921ac5925698e152ca4c2563713a91", "object_relation": "md5", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689862315, "uuid": "8a259b24-ba1c-42cf-ad57-6bc4a7e4742f", "comment": "Malware payload", "value": "dc306dbb15325c40634f3089d5ff6dd9dae7b67c86215f5a3ded2f67aa0a7430", "object_relation": "sha256", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689862315, "uuid": "95f5d84f-5796-4b3e-9f94-ad5817468a52", "comment": "Malware payload", "value": "6006ca65ecd53732dba75b862e61594706ee2c5c", "object_relation": "sha1", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689862315, "uuid": "a3e910d8-f0c3-497d-98af-1145007625c1", "comment": "Malware payload", "value": "2e64be38b4deb9ecceb24be11f98f5973c6b8b6c6f6ae878fcf54b4561acc52629df7f45212a821f13fd81d04800f343", "object_relation": "sha3-384", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689862315, "uuid": "c2019e2a-0e87-4e3a-9d10-e73cd29cf92d", "value": "T10F038E5AE79F02A4CF911277231A0A89A6FDB33EB3505571346C933433EDC6E42666BC", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689862315, "uuid": "98a56c4e-5220-47d6-b896-5b3fd854bc5c", "value": "768:wFx0XaIsnPRIa4fwJMliWu2XcBi/TmFh7o44:wf0Xvx3EM0GrmP7t4", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689862315, "uuid": "ceef9646-940d-4fca-9df3-cdf558b9cc04", "value": 40083, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689862315, "uuid": "76087f73-3353-4d67-b663-928e73d5bf5a", "value": "text/rtf", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689862315, "uuid": "a55a5fee-e1f3-4a5d-83fd-2911a2046726", "value": "secagodzx.doc", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8e2d38b2-2741-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689887300, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689887300, "uuid": "0fd2ae1a-f480-4bd4-996b-e41dbe63c9c5", "comment": "Malware payload", "value": "c30860c1c8a02076c13786748090e96c", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689887300, "uuid": "93fd830f-e72d-4f82-9bb1-f498b8501e76", "comment": "Malware payload", "value": "dcbfe3857cc6ba5394a223008422349ca296cc676f7f60618b0b3cc67f7a5597", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689887300, "uuid": "b53cb586-493d-448b-bd6c-19ab3015a98b", "comment": "Malware payload", "value": "a052e1848ac689f0f32cc61c29a5bf38f82ba02c", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689887300, "uuid": "215da8f2-ddd0-4bc1-a6c5-6ce864cc56f8", "comment": "Malware payload", "value": "4e3c691544e65f502f855ecf8d9d317d78c41a97296ec42206925464dbaebb53640e71a710840a766954e0bb6ca6eed7", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689887300, "uuid": "c3ade1b0-e5d2-4aec-a025-638e92dcbc81", "value": "T1CB843B2393A13D44E9254B729E1FC2E8761EF2508F497BA512199A2F0CF12B7D973B13", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689887300, "uuid": "b9be460a-e7bc-4305-b534-96f5653e4a90", "value": "9de2ee79b7674f53e928d4abe630aabb", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689887300, "uuid": "a8d94f91-8409-4a20-89ec-4ee6db52529d", "value": "6144:haLbL6YTP5t0F54tRJfHUb1IZlHF5wg4Hdp1kGpAl:hk+ono4HVXq9p1jAl", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689887300, "uuid": "60801f73-d262-467a-8372-da6e3206198f", "value": 386048, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689887300, "uuid": "42f6088c-c7a7-4f07-8d13-43369a649466", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689887300, "uuid": "1cc18634-8ae3-4e37-b17e-3ca01de1a1c5", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "38163e38-26de-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689844636, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689844636, "uuid": "0493ea36-c6a2-4d4e-af95-e12adc9663d9", "comment": "Malware payload", "value": "b96ca0602af9456c35c8140ca9b77478", "object_relation": "md5", "Tag": [] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689844636, "uuid": "402e0fa0-3e69-4b61-865e-9fb3662a2e00", "comment": "Malware payload", "value": "dcd2d2e3e6c298d4fc10507fca78c2e0daf8686ecb0935e89b5d26273eb1e912", "object_relation": "sha256", "Tag": [] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689844636, "uuid": "221bd557-3498-4428-a0fa-1e966eb20ccf", "comment": "Malware payload", "value": "e826704de1aac59cc48922cc8fe1cf2f0e102ea1", "object_relation": "sha1", "Tag": [] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689844636, "uuid": "fd6b5668-8d08-4921-8924-1b3d4fb6996f", "comment": "Malware payload", "value": "f807d37e721683a075c6a5a8cfd6fff73d221c8469ecfef056b8e2cf3725c13bc0f13fd05b04cc21e5fd417911ce457f", "object_relation": "sha3-384", "Tag": [] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689844636, "uuid": "00e8a767-c90a-4817-bb65-ac9dc88070ed", "value": "T119A49E82F728D3AC4A612E0BEA773B0D41F2C5AA156F1BC65ECF04E7B98E97093C5511", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689844636, "uuid": "3a4312d6-c8c5-4c90-9304-56b0916f6f9e", "value": "6144:ipvDO524fMh0hF7f7j6I+/8zsh3I0MfHgHJVJKEr5Zpq9ptSkIJPXSvT:i5DV44KRAH9V56ptSDXi", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689844636, "uuid": "097d7846-c317-4230-830b-e77942d18e2f", "value": 473621, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689844636, "uuid": "89825e54-e672-43c4-b9d7-da1ffa0907d7", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689844636, "uuid": "cb0efa2f-4470-43a3-89f5-cbae8951a8f4", "value": "pp.py", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e5faf3fb-26d0-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1689838914, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838914, "uuid": "e3c6f64d-a352-404b-8d73-338f47207ee4", "comment": "Malware payload (Amadey)", "value": "0a95874b2a8162c0b6b4ce17301f8305", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838914, "uuid": "d753640f-efde-4f31-ac65-c570b5677200", "comment": "Malware payload (Amadey)", "value": "dcfab037f7269dd60bc810f260b86d7331030c746f879fa94f4b6bf922ae96a0", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838914, "uuid": "e80540b6-ca53-4a05-932d-32067bcbfbeb", "comment": "Malware payload (Amadey)", "value": "382fba3d10bfb1ee65a9392c0927aadccedf51f1", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838914, "uuid": "fc10f32e-577a-4124-be1f-62bde981201a", "comment": "Malware payload (Amadey)", "value": "2c1c574215b028e8a510cb9caf2e483e52cb9fcc09cb74bd65bf6c0a21d7a108185a6461e127d4d67858290827f4db52", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838914, "uuid": "c9d457db-2f25-437b-97ee-1c9ddb31e640", "value": "T154840202F7D8C432C9B617B05DFA02931A367CB69D78972B2794690E4CB2944E5B273F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838914, "uuid": "83eca096-bf9f-466c-ac38-4d40ef0f110b", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838914, "uuid": "2675121f-3054-4c28-b2c5-1d077d7e17c0", "value": "6144:K6y+bnr+2p0yN90QE+kwYCLqDGN01RODsqLf1LLPZfJHw9CcHnlRHYX34gba/:iMrmy90bewGNGROfL1LLpJHtcHnl9C2", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689838914, "uuid": "ea3ac355-7464-4492-88e9-4d34a727cd9c", "value": 399360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689838914, "uuid": "5f36c83b-8402-47b8-ae82-c5d6362ae19b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838914, "uuid": "fb79a674-2e43-4f00-9da6-d802fd44f700", "value": "dcfab037f7269dd60bc810f260b86d7331030c746f879.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "787060fd-274a-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1689891129, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689891129, "uuid": "31e2d3c2-21a5-4cf6-a39e-7d65e1ebd22d", "comment": "Malware payload (Formbook)", "value": "1e6e57bb6983bad4dda8a7b475320c3d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689891129, "uuid": "62bbacad-8607-4f7c-8caf-57add1b53ecf", "comment": "Malware payload (Formbook)", "value": "dcfd3789031450eb5a469d1bdcc81955975a7516c9e1d12acaeccd6c0c031b22", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689891129, "uuid": "a5936f8f-5691-42ec-aa22-97af3c334266", "comment": "Malware payload (Formbook)", "value": "8192195645e107c8993fce2efe85e32711336c23", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689891129, "uuid": "b0793fcc-c840-4a9b-95c1-0825255f8e55", "comment": "Malware payload (Formbook)", "value": "de9c43c540078dd8c617947c0051891d069222f3c76ac331a2e54c182ff7c4d989d90ea7df5b350c11ec54e302124bfa", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689891129, "uuid": "f22c2cdb-7840-4e65-aae6-d617e8954e5b", "value": "T1B02412016F8AF06CE135407914AF03CD426A77173E89562B636F6A97EDB813D12AE41F", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689891129, "uuid": "6d1ad282-a104-4512-8e16-ad49bd915c5f", "value": "3072:A4/E8dRhvlTrb+YIzQQ37ONOf1rio0MpYjfMi/s4gWTGWOcJD/Yih3rA:R/xlHarfSNOf1rH0MpYQHaTGyL90", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689891129, "uuid": "aa06dfd5-5c6c-4398-a936-bc1cdf7a5f83", "value": 216576, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689891129, "uuid": "653abfaa-f8e0-4109-911f-8872fabafb4c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689891129, "uuid": "556864fa-6dcc-4f9c-a732-6ff961cb436c", "value": "Nr 1177301317.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "91c18e4d-272c-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689878287, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689878287, "uuid": "ebd4a134-9c6d-46b4-88fc-305666404f86", "comment": "Malware payload", "value": "6a8ef0236d6b59aa1e28ae0dca1ca40f", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "xworm", "colour": "#E0D5D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689878287, "uuid": "a8d4e452-91db-4c5a-b3b0-04f746cf713c", "comment": "Malware payload", "value": "de67072d8a43936146f399f05dbac8b07e94013d423a7d7496275b77434fbdb0", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "xworm", "colour": "#E0D5D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689878287, "uuid": "5db8b0bf-7b5b-43a2-852c-819bb8df17ed", "comment": "Malware payload", "value": "8496b0df547e93cf84537bb79af3c4d7af4700c5", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "xworm", "colour": "#E0D5D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689878287, "uuid": "8eac59a1-69c7-43c9-9cf9-1d37462e5e95", "comment": "Malware payload", "value": "ae98bfac64a9c6cba0cd10cb4a2ec1ca79f7252a3dbdd51e7156700aa8fba943b717c65fe67943af94ca5eb2644f3ce6", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "xworm", "colour": "#E0D5D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689878287, "uuid": "5c66ae5d-720a-4b95-8ac3-708bf361e0a4", "value": "T1B9837E687BF68025F1BFAB716DF53251DB39F6236902E25F14C5028A1627988CD813FB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689878287, "uuid": "86bf8126-2258-4387-a858-deaef04ff277", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689878287, "uuid": "1d81db60-8153-4075-a6e8-844b69507e9d", "value": "1536:1GGSg6lHYUe/e2x+UE9OcrHZbNaN1jnJJGa2OOF9f7SWNe71:F+h9esULsZbN6qa2OOF9zDe5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689878287, "uuid": "c96c8701-d4fd-4d53-823b-489e98837544", "value": 81408, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689878287, "uuid": "d5af67ee-1941-4762-9816-ae6b5e4c0a34", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689878287, "uuid": "2f0c81cd-f532-4559-b1a0-6d2611f86bd4", "value": "msinfo.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "06b490fe-26ce-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1689837681, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689837681, "uuid": "d8d2df5e-4a67-42f2-8fcc-aabae8ce99b4", "comment": "Malware payload (RedLineStealer)", "value": "3ff49d292c8fa30fdee05c685bb6cccf", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689837681, "uuid": "ef898b1a-1599-4587-8a07-1511274caff1", "comment": "Malware payload (RedLineStealer)", "value": "de7ee156a6d715a9ccaa43c6df93b49b6a1ac3d2d46618b3b16b8416acf23ffd", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689837681, "uuid": "23d37db7-47ce-468c-ad4c-9c22c6fc2095", "comment": "Malware payload (RedLineStealer)", "value": "2744a4eb905798bdd6f455270e936c5eb1d444c4", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689837681, "uuid": "0e06d264-7717-450c-a354-6b536fbbf536", "comment": "Malware payload (RedLineStealer)", "value": "4fe2a55214fb7cce0c1f972c2b4c521f19b84cfca3ab229adce4e4fe16e714b3ca994ff3489aac82af490cbab527b130", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689837681, "uuid": "c4905f11-e600-4eaa-b2b8-f63802f7b0f3", "value": "T1C6840153EBE84132D8B5277068F603D30F36BDA099348B7F2785A95E1C73690A57273A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689837681, "uuid": "01f128a8-30e4-4c78-9b17-9d834607d850", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689837681, "uuid": "fab258ed-8e2c-478e-8574-a7d355bd5fda", "value": "6144:Kfy+bnr+gp0yN90QEMJZkgLo/L8cp+8Tx1zf27e665NTx3sG6S6mT:FMr8y90WJZxTNqz76uTxn6TmT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689837681, "uuid": "9c639276-9bf3-4f1f-9eea-b5d403722646", "value": 399360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689837681, "uuid": "9b2cb9f3-569e-47fd-9c57-4fb7fe96d5e2", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689837681, "uuid": "4a17c65a-e265-4ef7-92d7-53709d6a393b", "value": "3ff49d292c8fa30fdee05c685bb6cccf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "03b3cddd-2692-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1689811906, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689811906, "uuid": "42e7f969-8e42-4815-88ed-da943eb0fa9a", "comment": "Malware payload (Amadey)", "value": "7f9eac3be0c0fb79b960e360c79c3e43", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689811906, "uuid": "cd03f47d-6af6-44ed-b014-d9cc1f309e11", "comment": "Malware payload (Amadey)", "value": "deeea889e098de58160eac3ae70fc50f16d695a898522fe2c274d08f7f528664", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689811906, "uuid": "8e6423ec-35e1-4374-b1ac-c7511d392742", "comment": "Malware payload (Amadey)", "value": "b08abb94de5106adc911470ece6700a098a14dd6", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689811906, "uuid": "6b0b7a2f-d851-4cf9-aec9-6cddc21e5e1f", "comment": "Malware payload (Amadey)", "value": "a8770a3b0122bce35464f471396cb4aa783761a27ff20b4f41a8b809633cf8db6c10ed1de56d2a8c30099aad3f55a7dd", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689811906, "uuid": "c39c2590-2b77-42a7-bc01-0743f07c05c2", "value": "T1FE44BF223790C072D4A7593109318A916A7BBCB2AB76D9CF33543A3F1E702D18B79B57", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689811906, "uuid": "37d29f3e-ec65-4fb5-9e69-785f2ac718f9", "value": "56773f73f989bad299a87e406c009a58", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689811906, "uuid": "bcd699ea-e788-47ba-8f9f-c0538c8f09dd", "value": "6144:hP2VAQktmJ88+q/m8T3tJikotyHCxaiO:hcDktm1F7xphCxa", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689811906, "uuid": "56739ee8-f87a-4024-8e4c-bdc4a8b0ab1f", "value": 262656, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689811906, "uuid": "4f29a0ce-7fae-4015-bb88-c961da9b3a98", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689811906, "uuid": "81376ed3-bfd2-4d83-8e55-a00563ae5d2c", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2b729332-2748-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1689890141, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689890141, "uuid": "e29a20ef-9d4c-40ec-9d2d-d3456e580ccf", "comment": "Malware payload (RedLineStealer)", "value": "c6b515a8c71232d48e0442fe9469daa9", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689890141, "uuid": "d39aa1cd-ba90-4f79-9860-2024fbc474b9", "comment": "Malware payload (RedLineStealer)", "value": "e0ab4cba5a212e2a4731daab43feea7f8e070cac51807cd8c7c3d1558b854e71", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689890141, "uuid": "675b8ada-8c9a-4aff-ae2a-7ab013eabed0", "comment": "Malware payload (RedLineStealer)", "value": "7f4c7803acbaea80d0512a4cfb1a9659a631739d", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689890141, "uuid": "46541ac3-25a2-4c23-ae81-da0382c9e98e", "comment": "Malware payload (RedLineStealer)", "value": "b316bf67d3565fa92f4ef184a86f80004573227017b3aeec4dd9a0578876b89bddafcb04df4ad700de20715b5a297cde", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689890141, "uuid": "879a1677-ede0-4b44-b165-c5ae1dc23745", "value": "T1BC54CF2171C0C0B3D8B7157048DACB359A39706547A592DBB7DD27BA6F213E2A3362CE", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689890141, "uuid": "20e79608-e51e-499d-a93d-cc6200b8f825", "value": "bf5a4aa99e5b160f8521cadd6bfe73b8", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689890141, "uuid": "cb376cbd-d7eb-48b5-8b98-26a7762cc2a0", "value": "6144:tDKW1Lgbdl0TBBvjc/xL80q5Yb/llYhYiySXF1wIvj5:Fh1Lk70TnvjcpL8viWDb", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689890141, "uuid": "0dcc24ae-1636-4516-b8f8-349a2599bcc0", "value": 283200, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689890141, "uuid": "f2936dde-aa5c-4e68-865b-fdc6a1580336", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689890141, "uuid": "3f526d89-40d1-4fda-8a60-37bf0fae9e5f", "value": "YPT23-226757 numaral\u0131 Swift Mesaji- T-20230511.pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "53266627-273e-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689885913, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689885913, "uuid": "336b5404-4dbc-4700-80c7-0e26a517d53a", "comment": "Malware payload", "value": "e79456fae754c682d3059224db2d8360", "object_relation": "md5", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689885913, "uuid": "015a9730-7e64-4661-858d-6129d7b4001c", "comment": "Malware payload", "value": "e0b2219a87066dbd1f990f5ce335393bfd2ef512f3665ec26106011394f5ea65", "object_relation": "sha256", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689885913, "uuid": "06dadf08-5944-489b-973b-1d2f3ef01d21", "comment": "Malware payload", "value": "961f43339c8fce88c7666e2a5e4ee94aa0b29f0c", "object_relation": "sha1", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689885913, "uuid": "6fab30e3-6645-4eba-9b98-2f96f211b836", "comment": "Malware payload", "value": "db2aad492b3472859e078a99550800424347c87d3769bbc2d47e094ffcfdf92b14ab513a258a5dc28822348efe2f14d8", "object_relation": "sha3-384", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689885913, "uuid": "004ec33e-29bb-4a5f-bf05-41699b2d67ee", "value": "T1BD8423EE0AEACB17520707384D34577DDB2293163BB5C1A89FCE653A0D2530692FB0B6", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689885913, "uuid": "460de1a9-1a6f-473e-a023-d1a1a519541c", "value": "6144:9afDFqaPORjn91xIINNX/QAJ2msUpt0PjohUwzgrNtawJCtNFDBA+LXmHL5kf1Rd:AFNOjhx7PQk2g0PjwU4grNtNCLFDBAwB", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689885913, "uuid": "3013240f-83f1-4711-baa3-9bdb245fb601", "value": 390682, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689885913, "uuid": "58c47dd3-06db-49f3-849a-fe99cff540df", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689885913, "uuid": "543d6c99-782a-4c36-840d-b626c29591cf", "value": "RAIN FOREST WASTE MANAGEMENT SDN BHD_Pdf.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bb931477-26ce-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1689837984, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689837984, "uuid": "37201442-33c8-464c-a942-021c37eb22ce", "comment": "Malware payload (RedLineStealer)", "value": "683730ba1609ddbcdc7bd0544005e98e", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689837984, "uuid": "bce72a74-13b5-420e-9806-ebfd542fe300", "comment": "Malware payload (RedLineStealer)", "value": "e0dcd726f62a192acced737e9a71c0c61c899ae02ea92c8b8e9e442942151f6a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689837984, "uuid": "ea7d2546-2222-44ca-b172-fc751fc24494", "comment": "Malware payload (RedLineStealer)", "value": "71655f9a87765cd72d708d1b04f39697c60b5f86", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689837984, "uuid": "4e427536-b892-441f-8e48-fafd0a7df87d", "comment": "Malware payload (RedLineStealer)", "value": "d96886772b395d9b55f02a81209b06913e13d27852d033e6aa4ba7dd34f6e393abeb90df483c6c590be35cf232cf087d", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689837984, "uuid": "d0bd0109-2e2e-4980-80d3-8080a04b2815", "value": "T17BB41202ABD49073D8F6177018FB16D3273ABCA25DB8966F2754D95F1CB2980A13273B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689837984, "uuid": "99ee5c6c-1f5e-4552-9666-645964e083df", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689837984, "uuid": "fa5d7ebe-312a-4a13-bd1d-6282b206a2a6", "value": "12288:2Mr3y90IEsiaJMLAMaHvijIjMnLK60wnuaXqhKVLc:JyQjOFcIwnOAwd", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689837984, "uuid": "7d1fb835-d2c4-4738-981a-cca85b2d0082", "value": 527360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689837984, "uuid": "6849c20f-19c2-4718-901b-04c14addce15", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689837984, "uuid": "9ce33a9a-73c1-4f2b-bdbd-3342cce3b9ef", "value": "683730ba1609ddbcdc7bd0544005e98e.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e7dc8182-26e5-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1689847937, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689847937, "uuid": "17af81c5-6ae3-48fe-ad95-9150f36f6782", "comment": "Malware payload (RedLineStealer)", "value": "41ca828248f45fc333cc3fbdcf5683bf", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689847937, "uuid": "53870e84-a64d-433b-9715-d805867e9f90", "comment": "Malware payload (RedLineStealer)", "value": "e19806361e1c763db0c21f38454a6b942bd4a27dc3c398a0362e768fce63ec77", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689847937, "uuid": "f30c9b31-7379-450e-856b-fcca8a44f274", "comment": "Malware payload (RedLineStealer)", "value": "0a5eab67cc722de135f3aee46763295e1091ee42", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689847937, "uuid": "4c83fa4d-d8be-49d0-887d-7f414458116c", "comment": "Malware payload (RedLineStealer)", "value": "69d20c25b06733bab984f081e818f72be0f1ab5baccc59e314c54b7e11bc8e8910df22b936c47d579f54ae4f47629e03", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689847937, "uuid": "aaddf8f2-e784-4a4a-bb90-62c886de20e5", "value": "T134840212A7E88032DDB517B15DF313830B3A7D91997883AF3396985A5CB3984E53273B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689847937, "uuid": "d508e8d1-7248-4053-85b9-6368def876d5", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689847937, "uuid": "ddbacf18-c137-400a-ac27-35131e3281af", "value": "6144:Ksy+bnr+cp0yN90QEneXOWbplvg6Lv/hoPLXsf2lmVXCcHnlRHR81hE8c44Tb:oMrwy90xQ1r1oPhlcHnl9C4rP", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689847937, "uuid": "9e9b8988-1788-40dd-9f45-2418b968446e", "value": 399360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689847937, "uuid": "c12889ec-39b5-4ed7-885d-465120f840c0", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689847937, "uuid": "5e1d9d8f-db06-49b8-bfb8-f704d03249ce", "value": "41ca828248f45fc333cc3fbdcf5683bf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "01ec725f-26f3-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689853564, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689853564, "uuid": "afc58ed8-6d67-46ae-bcec-a4c026b957b0", "comment": "Malware payload", "value": "9c57bdd159a17435420910ee9c339708", "object_relation": "md5", "Tag": [ { "name": "cve-2017-0199", "colour": "#B8DD67", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689853564, "uuid": "31e09695-eb46-4567-8d7b-b25f4319fee8", "comment": "Malware payload", "value": "e1e040b09fa2e2093be4f79234d1c76a2e228c97cfa2823d9e1e4e043016cc3d", "object_relation": "sha256", "Tag": [ { "name": "cve-2017-0199", "colour": "#B8DD67", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689853564, "uuid": "658c6ac4-31dc-42bc-b42b-b5ba44316f35", "comment": "Malware payload", "value": "a7478f5b6877131c8864720fdd1c8cf81809c21d", "object_relation": "sha1", "Tag": [ { "name": "cve-2017-0199", "colour": "#B8DD67", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689853564, "uuid": "2589c9d0-9e50-4ed6-ba73-7b03728352b5", "comment": "Malware payload", "value": "82f9c20992f49f1e464beafaf877d25a9da11b04eeec502edbd71da24842b56973e2a786afc68b3ab4bf9b0dac2fa82a", "object_relation": "sha3-384", "Tag": [ { "name": "cve-2017-0199", "colour": "#B8DD67", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689853564, "uuid": "9dce678b-7ea0-4dd9-8004-7cd13c5160b4", "value": "T1C7B3C1EBEF894E1EC34341B683FCB8166F69BB5B96C742DD30A4A36401C2AD751F6058", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689853564, "uuid": "76fa4502-ad09-4ec7-8276-634039d0faf0", "value": "1536:BIeq1onu+O6xdRcxyBJVPYRysRywvoALRTWADfDOGMOpD3LV:S", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689853564, "uuid": "a31a7cb3-16c8-48a1-abc3-3b0cbe1b6320", "value": 115653, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689853564, "uuid": "6ca7eca1-5356-4287-a03c-e518ca5e69a7", "value": "text/xml", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689853564, "uuid": "8e556263-bb69-4458-8016-a5c695441a77", "value": "scan-75748595.docx", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "85bc856f-2690-11ee-a6f9-42010a9c0055", "comment": "Malware payload (GCleaner)", "timestamp": 1689811265, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689811265, "uuid": "e4502e75-07c0-42f2-baab-effddc0c904f", "comment": "Malware payload (GCleaner)", "value": "95da0a6ddca2bebaee156d59a42756e7", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689811265, "uuid": "9c84c7e0-0453-492b-b681-68851ceb1db9", "comment": "Malware payload (GCleaner)", "value": "e458ae8f825198ef3a2f8e6290053826044dc6635e14dd25884acbf8d7196995", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689811265, "uuid": "71cdd82f-804c-4f68-8287-ac8a1938e9b9", "comment": "Malware payload (GCleaner)", "value": "5c3336a4e0e80f03276d103c16d26633872906d3", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689811265, "uuid": "7d06edd3-a2b2-463a-8812-27245ccc7704", "comment": "Malware payload (GCleaner)", "value": "05f7edad6a7abb1db74469735ca17dc9a436f0cc2fbdedcfb888486d23e50963fea258254a7cb3f75a378c05ffbd857e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689811265, "uuid": "0dc83e11-8862-4d2f-b7d9-688ddd69bd85", "value": "T1B185339B9313A1B0F062A9F8BE969E10EB27FA011CB5544C31ED791F5F1AA835D8D720", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689811265, "uuid": "4923b6e8-0da4-403c-8217-3ecdb3ea59ce", "value": "884310b1928934402ea6fec1dbd3cf5e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689811265, "uuid": "1d75c3f3-11ac-4137-b611-5e49a635d0cd", "value": "49152:P2YLzyLb+umRm50FRQUYRbIG+kPKgy7d8B6:OVmRkAG+KKgEd8B6", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689811265, "uuid": "2b6a7ba2-e36f-4502-8063-9aaee372924a", "value": 1782563, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689811265, "uuid": "074b8fec-475c-4e53-8123-4a136c701e57", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689811265, "uuid": "932f1338-f788-4baa-b1fc-8830c55aae6a", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fad9dfb5-26f5-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RemcosRAT)", "timestamp": 1689854841, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689854841, "uuid": "d0369654-5e42-419f-9d47-db12bf20ef70", "comment": "Malware payload (RemcosRAT)", "value": "cdadf831a95733ffa3d1366741482341", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "remcos", "colour": "#0EEF17", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689854841, "uuid": "97d9a811-f636-4ba4-8d06-ce7e1c170c5e", "comment": "Malware payload (RemcosRAT)", "value": "e49958b7e02a747c5a20a08f8b199a2d1b69db119b78290220def02311fee60e", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "remcos", "colour": "#0EEF17", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689854841, "uuid": "24ad58d6-e2ab-4510-8db6-e2cf4d5d74df", "comment": "Malware payload (RemcosRAT)", "value": "5da7a9cf83f4e51927808557e1a1d69d3f4052b8", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "remcos", "colour": "#0EEF17", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689854841, "uuid": "73030e29-0d31-430c-908c-eb7f70219c60", "comment": "Malware payload (RemcosRAT)", "value": "006a37a0c9ab95d687676195f6287cde078f3f15322eb7d48ffbad86ed70bae970e10a6f030fb71c0551adf7f16b9a60", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "remcos", "colour": "#0EEF17", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689854841, "uuid": "097b2305-f952-45b3-8531-dd7c5341d968", "value": "T1133412986B2AC859D194C6FC8524D6F222D95C7E0D2665CE17DCFE2FFD27200EDD20A2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689854841, "uuid": "5552aab7-434b-4a51-bc45-b20d01299c72", "value": "bc4f8e98d1041d53dd63bfb91ed10d0a", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689854841, "uuid": "48bfa3a7-2c4c-4749-a5a3-fdff97e8935c", "value": "6144:wvGSN9gWuLpcBKnVBYAsmrzpyDfOXXVxB:wvbGWulcBKV3uOX", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689854841, "uuid": "6687be5e-9f09-4031-b535-dd52fa8b7f62", "value": 238080, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689854841, "uuid": "4cc03074-ebf1-415f-9017-9c6264b948f6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689854841, "uuid": "a08258ba-d67e-41e3-ba50-bd124c1715d2", "value": "bOwR.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "09ef7ec6-270c-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689864315, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689864315, "uuid": "2940cad6-1228-4106-a15b-468fd45641ee", "comment": "Malware payload", "value": "647b84ce795eb6d158fd43a86fc2fc28", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689864315, "uuid": "7645c6ad-d75c-4d72-95fd-2597fa836273", "comment": "Malware payload", "value": "e4a0406e06ba7a76cb5e60b51c56977a94a7e11b22f624ceea42778981802774", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689864315, "uuid": "0497a2b2-c59f-4c1a-b078-ea6708cde230", "comment": "Malware payload", "value": "587912f576627ed3d0f6aa3b5bcc2c226d5e1a6a", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689864315, "uuid": "369ef44d-dc05-40d6-aa06-64000a075d06", "comment": "Malware payload", "value": "d7172ac84a2ee7d84e3393b2f45c9082a643dd268b8ef244d0360f86c27a9e40df1f1077fab0e946e2aa8331f2e1b87e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689864315, "uuid": "da7abc09-79cd-4c0e-8d64-3d8ef23db78b", "value": "T1B3C5CF1238C0C03AD63731320669F2B64ABFE4701B6556DF53E81A7E9F746C19B3626B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689864315, "uuid": "c0053723-89b4-406f-953e-8e09a8d6bc44", "value": "ea2d297e3bd3b5b7def0556d0ff46651", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689864315, "uuid": "9e28f5f4-5dab-4cf2-9ba4-ba366b1bab8f", "value": "49152:6d5t+OJvVCSql4TogI8wjKmwXsaGfK3r:GvVxql4TogGjKAVfK3", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689864315, "uuid": "ce77f862-0080-4d81-93ee-3ceb723f2ab4", "value": 2621440, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689864315, "uuid": "59940191-8491-4314-83f8-ec9ffc09f410", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689864315, "uuid": "e3df8c94-af22-4530-96d7-642db2713965", "value": "647b84ce795eb6d158fd43a86fc2fc28.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1c7c6b08-2723-11ee-a6f9-42010a9c0055", "comment": "Malware payload (njrat)", "timestamp": 1689874225, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689874225, "uuid": "d6deaafb-6949-4d05-bf52-e715d11c93ac", "comment": "Malware payload (njrat)", "value": "25ce3e5e7542494839e7af1037d01b75", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689874225, "uuid": "87fab366-4be3-4ed6-853a-ea1e01e6e1c3", "comment": "Malware payload (njrat)", "value": "e5540cffba128c0d852016d11e6e154445f83b146aee17a82e9f45ac876d10de", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689874225, "uuid": "2ca574d1-0062-4b60-b8bc-d3157e0a385f", "comment": "Malware payload (njrat)", "value": "a0a429037733f0d952d10fe2b17e86bfc91fad8e", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689874225, "uuid": "87c19960-928b-4f30-9c1f-d12c5e1907be", "comment": "Malware payload (njrat)", "value": "5966b6af3ecd78425bafdf0cdaa48a6a3dd8da3bca47a5fde8321331636362441f44a664f78746da40d3d52b9bf32c77", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689874225, "uuid": "363479aa-23b4-4272-a7b8-b9e430a7f842", "value": "T12C032A4D7FE18168C5FD067B05B2D01207BAE04B6E23D91E8EF564EA37636C18B54AF2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689874225, "uuid": "c339a2c1-6c6c-487b-8b3a-589bb7adad37", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689874225, "uuid": "2ff87696-7d17-45b2-a9f3-02310ac91402", "value": "384:6IDIUiFubK7FmpE8QyEfeyfZOfnSFtrAF+rMRTyN/0L+EcoinblneHQM3epzXiNw:9d2n8LEfeygvS3rM+rMRa8NuwKt", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689874225, "uuid": "2e5ef232-3bf6-4b48-841e-458a6b0af7d4", "value": 37888, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689874225, "uuid": "516485c2-4df1-4a61-874c-05350e98cfef", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689874225, "uuid": "cfb96544-4431-4233-bbcd-4093e418bb4b", "value": "25ce3e5e7542494839e7af1037d01b75.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9dc20421-26e6-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1689848242, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689848242, "uuid": "896f8a33-95d6-41d7-af54-bcf80334f5aa", "comment": "Malware payload (RedLineStealer)", "value": "e618a1aae4a7c339dc45b5a5f5218b30", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689848242, "uuid": "906bca9b-e992-4767-9a53-ca6143532a8d", "comment": "Malware payload (RedLineStealer)", "value": "e55b862b348c113cee6d205911827067f77af25c9736eb25bcf2dcc570678641", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689848242, "uuid": "43c34272-9b46-4d8e-b218-3c0ab96f58ba", "comment": "Malware payload (RedLineStealer)", "value": "7d67b18761a365aa4edbb74ca8263b30e63642d4", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689848242, "uuid": "1b199e58-1df9-4913-bbb1-1adbc11113e7", "comment": "Malware payload (RedLineStealer)", "value": "d4824a5876a80fdf295c4953fe4f70b064b16f94f0c7d8271fa72f7fb1090b104d4aeb1c27dd3cbfb1fc0ee2522a22dd", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689848242, "uuid": "5419f180-4cdf-48c1-8ed8-7775142f4ee0", "value": "T1BD840202E7EC8032D8F517B01DF652831F36BDB259B083AF2795984A49B39D8E53176B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689848242, "uuid": "fe578869-f7e4-43a2-b298-f923acbfaa2c", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689848242, "uuid": "4c5a80fb-42e9-4ac6-a611-70a7f83d1f30", "value": "6144:KFy+bnr+Cp0yN90QEda44X0r+0aoawWTI5Hr0aSHCjdwdLXsDI0mV8CcHnlRH4gQ:HMrGy902V8R05bdLNcHnl9KaET", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689848242, "uuid": "cd78e8c9-c890-4f23-8781-795c3b286976", "value": 399360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689848242, "uuid": "59981433-c727-4c05-aafe-f43fbb122970", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689848242, "uuid": "eb10f640-7b1f-485c-86e0-c8feae38f2a3", "value": "e618a1aae4a7c339dc45b5a5f5218b30.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2b8f24ed-26ee-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689851486, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689851486, "uuid": "36f571c4-3269-43cd-9b30-2dea159246d0", "comment": "Malware payload", "value": "bc69853817c0044f100f0c21de56f57a", "object_relation": "md5", "Tag": [ { "name": "xll", "colour": "#EF2985", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689851486, "uuid": "626b2bfb-ea8e-4a50-a080-12dcff235729", "comment": "Malware payload", "value": "e5607794ccbf814d75cf150adfe90f5229a06b743eeadff105b556e28c9c4dce", "object_relation": "sha256", "Tag": [ { "name": "xll", "colour": "#EF2985", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689851486, "uuid": "86d19557-2653-473f-82cf-80009c9b9ce9", "comment": "Malware payload", "value": "aae77d3c4402043cb6358dafba0228bb110200b9", "object_relation": "sha1", "Tag": [ { "name": "xll", "colour": "#EF2985", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689851486, "uuid": "8f48a6a6-fd31-42e7-becb-95f35409cdd7", "comment": "Malware payload", "value": "f8b56ea60bc7c4ab38f554fbab1235b0f485fa85338321fd2fe977da517519c72a16ab039e285f7328b96b9c054574d3", "object_relation": "sha3-384", "Tag": [ { "name": "xll", "colour": "#EF2985", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689851486, "uuid": "e2c3150f-87e7-411f-b4df-4fe80943856b", "value": "T127D48E57F6D3F6A4E6BEC279C6B1992C66B234921370D3CF6601758A2913391983CB0F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689851486, "uuid": "9c96c735-f197-4110-bf2c-2bfb761a5908", "value": "38f592146b723546fe8c2e59a29b5cac", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689851486, "uuid": "a11b6b6a-4822-4091-bd28-0166b9945a4c", "value": "6144:+m2GdVpDV1rNUPbZhxj7WohZnxLmB9H283A6zbKsS5ukTP2YmqK5CmPTRqbGL8kD:+I1ExjTLEBk8bzbBSrepPTsONPOm", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689851486, "uuid": "205a0411-893b-4fcb-b708-2d2e5d39d593", "value": 604160, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689851486, "uuid": "2720bd03-5948-40d5-b65c-94feb8f6bb0e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689851486, "uuid": "d4c2f743-9140-47d8-b2b1-7e0f6516c4a5", "value": "2023-07-01--2023-07-15_Transactions.xll", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "64be5f29-26d4-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1689840416, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689840416, "uuid": "0887acf0-6ed2-4c68-8863-1c9c041fec93", "comment": "Malware payload (RedLineStealer)", "value": "178cfed96ef4394000b653a0cf4a8515", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689840416, "uuid": "773ddd2f-a9c9-463b-9553-0f28c6944427", "comment": "Malware payload (RedLineStealer)", "value": "e5ce25fb9584b2d4a33dfbe00a7a487b964d3c7c84f0e4da559a04b8e867b87e", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689840416, "uuid": "a2689924-ac2c-4fca-9df0-3e0bc6636fd3", "comment": "Malware payload (RedLineStealer)", "value": "f652d31e06225bff61d3f2ce92c89703f19b5797", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689840416, "uuid": "f674cb81-f3fa-45bb-a652-2c14aaee045a", "comment": "Malware payload (RedLineStealer)", "value": "734df1c4c6172a8acd686e21722b18e74a689c8295083357b61fddb4ee2d3f2fdf089f64dc54049956b80c9e0e93f5da", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689840416, "uuid": "d08a53a9-5781-4f25-9c57-d0d1dea65969", "value": "T12FB41202EBD88477DDBA177018F607A30B36BCA54E38931B2756A89D1DB3294A13177B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689840416, "uuid": "3ebe786e-b007-4eda-8c03-7dddba2b07a0", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689840416, "uuid": "df5a2267-1d8b-449e-ab54-c8ca9e11e8bc", "value": "12288:xMray90YG3+iL9hTm/MUBOzK/jjcRT7EeKAsm7NbMEsM:/yZu+//hOW/HcRXEemcSRM", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689840416, "uuid": "d8460b02-cb1f-44a2-82b3-5809ce6982f8", "value": 527360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689840416, "uuid": "0cfaeab8-891f-4a45-8f54-6365b73486f7", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689840416, "uuid": "2686f491-3be3-471d-980a-607737f15fc9", "value": "178cfed96ef4394000b653a0cf4a8515.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "07b37247-26c1-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Meduza)", "timestamp": 1689832099, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689832099, "uuid": "6f3742e6-ad82-446e-8430-cf6210199855", "comment": "Malware payload (Meduza)", "value": "40fbeddad5a68665f9cf789dc4658f1a", "object_relation": "md5", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Meduza", "colour": "#6D96F8", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689832099, "uuid": "fef52278-cef9-48d1-b45d-8b8868461121", "comment": "Malware payload (Meduza)", "value": "e5fd0cd5236b8a14e957049d52e422ac1da98077c8f37141cd1a8d0e3938d1b9", "object_relation": "sha256", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Meduza", "colour": "#6D96F8", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689832099, "uuid": "7875a620-d252-4ee8-b462-0debb553d8bd", "comment": "Malware payload (Meduza)", "value": "108b9222d937423a1ae83ff87f7a88817b97867e", "object_relation": "sha1", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Meduza", "colour": "#6D96F8", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689832099, "uuid": "b2cf0fc6-76c3-4fa6-a729-3f994dd06d3a", "comment": "Malware payload (Meduza)", "value": "9ec4b8e95ef55267ff7540fecf0038c0240a54070d12d54779704dcc1727147452f3304a7c0f6144aa379aa95548e1c4", "object_relation": "sha3-384", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Meduza", "colour": "#6D96F8", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689832099, "uuid": "2318f5f1-c7df-4945-9ffa-3b3f1f8509bf", "value": "T1F7F42831E69C32A9D06B9079FD0B5C02E536789E1320BFAB12D55E621F66EE01F3D760", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689832099, "uuid": "541ab3db-eb95-4509-b147-a2a316462722", "value": "108e18be559cec71db1f519ae1ab24ab", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689832099, "uuid": "8f98ebc6-063a-41d6-b5c9-23d8e95bd007", "value": "12288:Cl2P4G+a9A35KMRvZLgVALw2/qoBqcoUhpF:ClQJZ9SZLlLdioBqcNp", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689832099, "uuid": "00654e9a-fb5e-4753-a73e-09edaafa431a", "value": 747520, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689832099, "uuid": "1fa77de5-e2be-47b1-b02a-38c992d5ffba", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689832099, "uuid": "8193b712-7c2b-482d-9918-a3f92ac29bd4", "value": "40fbeddad5a68665f9cf789dc4658f1a", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "769ecf87-26fe-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689858484, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689858484, "uuid": "36152c33-d380-4273-a283-1b7826327138", "comment": "Malware payload", "value": "77b9cbbd1157318ac3093a286d62e39d", "object_relation": "md5", "Tag": [ { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689858484, "uuid": "82fb08f7-dd58-4b71-bd11-254f079865b0", "comment": "Malware payload", "value": "e698b00ca8ba0eaeb721f43cc49e0b1b1dd889a3229ac974588ecbbc1ed93220", "object_relation": "sha256", "Tag": [ { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689858484, "uuid": "5ec0a1c7-6dd9-4138-b4ce-0af896f86c00", "comment": "Malware payload", "value": "b4aebd5b6860a1b7808a55546ab88ca9c144f4d3", "object_relation": "sha1", "Tag": [ { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689858484, "uuid": "de694ef8-8aba-441d-a9b1-9f32258a506e", "comment": "Malware payload", "value": "6e6057b561fd1394f75772fd2bc2ee7dc292ded4125fc450233581e0c52b66c591c69fe06455cd000681318ca05612d6", "object_relation": "sha3-384", "Tag": [ { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689858484, "uuid": "f8709e7c-b1c0-449f-a844-ec36288d28df", "value": "T182A63A6BB1A4812AD11DC13ED0B3DF40953374751F36C5EF9294126A0EAB9D8DE3EAB0", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689858484, "uuid": "e0f33a82-091f-4a0b-b741-f1042479c6af", "value": "49152:FsfOGkd93NQ9EWDZqTATFnYBP3Slqm0IH7zSj3d/jzTF3Kiglz7h01CvjwPvY3J1:5d93JWblz4TKl2ZPvWJ/0", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689858484, "uuid": "87c33f05-f25b-429c-b584-36f8e6f5db46", "value": 10192384, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689858484, "uuid": "005b390a-b47b-42d7-b228-487fc58f1f7c", "value": "application/x-msi", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689858484, "uuid": "97f5c4ff-7ab5-47a5-ae2a-4835c7aee5a2", "value": "Copia_de_La_MismaBBAIBQJHPUagxujPXUOFBEXODjetbu.msi", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "77b3f27d-26cf-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1689838300, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838300, "uuid": "912f6be0-b29c-4d79-8ca0-0a2ccf914493", "comment": "Malware payload (RedLineStealer)", "value": "b463b4e34c4eabc3471a7e831ca821bf", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838300, "uuid": "15bb679d-462b-4a2a-816a-b08bded51848", "comment": "Malware payload (RedLineStealer)", "value": "e7b8d2cb79d76cc4434f9525644c524179ad84cea43f8c12ee7ad387710dfc0b", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838300, "uuid": "0dc36f4f-0650-48aa-8086-dea817d5e352", "comment": "Malware payload (RedLineStealer)", "value": "190840beaff3dadf2dd733e2cf26602553034caf", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838300, "uuid": "d8370633-2ce6-45ae-a2d3-ceae03438d09", "comment": "Malware payload (RedLineStealer)", "value": "b2bded524cc4ecbdb137a9de5395b96850a6e032742054167fa38a2d54982c662df9c6eeb3839581727582a94161ec25", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838300, "uuid": "5b19e959-2fb1-4895-9e1b-739520406fd4", "value": "T18E840153E7E89572DDF42B300CFA13C30B37BCA159B8536B2746595A09B3588A432B6F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838300, "uuid": "24b1c6c2-ee9e-4e65-bdbc-daf7b5027ef9", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838300, "uuid": "453ee6b0-e678-4939-9faf-feff1ce9ce6b", "value": "12288:AMrRy90F1S5fisieQUG5qigHRcHnl9u5zXRQT4:hyG1SlisrQUURcmHKvQ8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689838300, "uuid": "c4a85c25-b5f7-4180-b0b6-11e4f76d79b5", "value": 399360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689838300, "uuid": "c945234f-82a8-4a6e-9e1b-1f14a81adaea", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838300, "uuid": "5f5e17a9-206d-4497-bc45-11d64ece85a7", "value": "b463b4e34c4eabc3471a7e831ca821bf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5e8bce43-26aa-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Pony)", "timestamp": 1689822366, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689822366, "uuid": "83ec7024-dfc1-4cb6-aae0-970460eba930", "comment": "Malware payload (Pony)", "value": "3f95cd9aaa3e666072aa031bb8e444ab", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Fareit", "colour": "#F9D67F", "exportable": true, "hide_tag": false }, { "name": "Pony", "colour": "#E64094", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689822366, "uuid": "05dca3b6-b23c-4fc5-bfe9-c2a52f43dd97", "comment": "Malware payload (Pony)", "value": "e9772b945a731b447725680b8ef8b8252c2bb19931005718a8711ae527d532ba", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Fareit", "colour": "#F9D67F", "exportable": true, "hide_tag": false }, { "name": "Pony", "colour": "#E64094", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689822366, "uuid": "e3dd2a3b-4243-4a69-8d73-811d35fed057", "comment": "Malware payload (Pony)", "value": "a892e4b7ede93e63cdfc34bfd573843910ac505f", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Fareit", "colour": "#F9D67F", "exportable": true, "hide_tag": false }, { "name": "Pony", "colour": "#E64094", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689822366, "uuid": "52ab3f72-d39e-4aad-a724-70931abc08c1", "comment": "Malware payload (Pony)", "value": "4a7bdc93cf88b21ac76ce5ab5acf6adcd083a93516d7acabdbfaea22a5aa450fb6d726c8aea9006d1876d1e616e9dc35", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Fareit", "colour": "#F9D67F", "exportable": true, "hide_tag": false }, { "name": "Pony", "colour": "#E64094", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689822366, "uuid": "3f328fb0-da27-45c0-a1ec-05f586457634", "value": "T126A40903F485E4F1C1A226713BC71761E3F95E697C764D0AEF8DDB8769A3686BB12002", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689822366, "uuid": "b26eb3e1-0790-4488-9706-1eaf3eec38dc", "value": "1f3b7eab7f8ef80c1901611824a3f65d", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689822366, "uuid": "d2e1c4a3-b992-47da-a32a-105ffc6253a1", "value": "1536:TI9NpX5ThqTF4QwPTvUZUzU/r6Jshf1w9oKVBZUOPauTvWkzbkRr/bYRXDr2U:0fB5TfrYUzUj6JsvsyOycor/oX32U", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689822366, "uuid": "aa85f41d-b85c-4944-9f9d-23d108d0da1e", "value": 490707, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689822366, "uuid": "23df98e0-8d99-4506-a9b7-c5308c381703", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689822366, "uuid": "1da91f4b-c3dd-41f7-a2ff-073ae96f72dd", "value": "fareit_66e900538312843862ddf2686ccdd8b8926957d29139a2eaf66f2cef4a33a521_payload1.exe_", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "50ff62ae-26ed-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Loki)", "timestamp": 1689851120, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689851120, "uuid": "1aa1dd54-0700-4653-bcea-72688cd52f83", "comment": "Malware payload (Loki)", "value": "0e132e560cd3f63320ff415b8d218fec", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689851120, "uuid": "e86241ae-3c4d-4d19-ac1e-0a7118103c9e", "comment": "Malware payload (Loki)", "value": "ea5a585a8b9e9223d5d6d66c78615c795bab186c681b04f11e7901dae8d79bfd", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689851120, "uuid": "8e06f9ed-35a7-4ef6-8c42-95055a53389d", "comment": "Malware payload (Loki)", "value": "80f693cf12581ce4a45a3b17b068b98bdcc16110", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689851120, "uuid": "1088a638-1f63-4207-9e98-b72f3d313a54", "comment": "Malware payload (Loki)", "value": "bfde0787a027f4f1c9da49865ba419dd247b4bb900866c5cd01fc4c722fae7ce47f172be706b0b616c6d5bcebd07b8f9", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689851120, "uuid": "b63e3e2e-cc4f-4ae8-bddb-2fb9d7fe3195", "value": "T1D3D4F11482FD8B9EDA732BF4A524553C47BAAE693432D32E5E51B0C73951F035102BBB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689851120, "uuid": "d18a790c-c1c9-4af7-9e27-995f381054b8", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689851120, "uuid": "296157b2-8e0d-47c9-a3a5-80d42a0e3dd8", "value": "12288:VBvES6ln+flo/XciMvdXHsgNTJ9mw9cJ+sBcDn9zcfQNE/Dor:zvtTdCjEzlJEZcsBo94fQNE6", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689851120, "uuid": "56446f16-e304-485b-bb1c-59d3645ab544", "value": 626176, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689851120, "uuid": "75c0d028-0742-4bed-8e89-b1339897871b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689851120, "uuid": "65e87ba7-75cd-481c-bffb-bd6d7046f4ab", "value": "20230719H2B7001C000533.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7cad853b-26e3-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Loki)", "timestamp": 1689846898, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689846898, "uuid": "fe7948b5-173e-4aad-82b6-9d6c94e91242", "comment": "Malware payload (Loki)", "value": "0120e430e575a3d39ab873384ab1a5d7", "object_relation": "md5", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689846898, "uuid": "a6642362-cb76-4dad-b572-d88d1db9de77", "comment": "Malware payload (Loki)", "value": "ea87aab944e82b6711433894358556b563fa27e0d99b06febdba8d1a5c7dde0e", "object_relation": "sha256", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689846898, "uuid": "17e31590-e87f-46e7-8c86-3fd8997be182", "comment": "Malware payload (Loki)", "value": "5235ced623ca0bde4adc88c019f2569b1b103eb8", "object_relation": "sha1", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689846898, "uuid": "d4d2ec0f-4351-4ace-8f3c-cb48d923e1a7", "comment": "Malware payload (Loki)", "value": "67055326717adb3c129770c314abe1bba88f176190119db17cb9535fa6aff342eb4b4fffee3cc3328b91c0e0843a6c7d", "object_relation": "sha3-384", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689846898, "uuid": "52597c9b-bcaf-4400-8dda-4c5e8aa0ea14", "value": "T14AB423EC877C7627657E4C3414E0EAB626829A54BC4DC3C64EBE8F14D7CC03D9A2526E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689846898, "uuid": "2294e075-4ef3-4558-ad13-95da91b413a5", "value": "12288:UcU2gxvS2P3i3ua/Hjd+775PtoNAOnKM0YrA5Cv8vnm:UcUXZS2PGboHfoNADYVvgm", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689846898, "uuid": "0b7bb29f-fa24-4dce-a4dd-a8bf6f4d6188", "value": 519559, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689846898, "uuid": "2122b78d-34eb-4742-8de5-0368bf3be036", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689846898, "uuid": "b4c5ddd8-b76d-4d4f-9a8c-358ede38f595", "value": "AWB 3345808270.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0926ecd6-26e5-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689847563, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689847563, "uuid": "9eb369ca-043d-4333-a2b9-7d6482e65a49", "comment": "Malware payload", "value": "2a30d7c6413735f3ca2e6816e424b369", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Ransomware-Manner", "colour": "#E3A88D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689847563, "uuid": "d28b4a44-4997-494e-a907-a48200263799", "comment": "Malware payload", "value": "eb1e20113c9aa10b64a0fe563968f1c93ab2abfc85be74c25f690e9a3415919e", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Ransomware-Manner", "colour": "#E3A88D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689847563, "uuid": "e250a4fe-fced-47cb-bd67-5bca8ea04d2f", "comment": "Malware payload", "value": "715821d4ab8e46fdd6efbd8739a6830ccdcb75c8", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Ransomware-Manner", "colour": "#E3A88D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689847563, "uuid": "dffae9d0-3b4b-4df9-a2bd-458b507d6f73", "comment": "Malware payload", "value": "c4016ef51b0b6e23a58b7bd896cdebb48c8f115adea2b4c74e5bcac0f532b6b604825459d3b6d575159078b1b29abf85", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Ransomware-Manner", "colour": "#E3A88D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689847563, "uuid": "a2a7cf9f-5926-4d80-adc5-fef8cc55b797", "value": "T1A2B49E60B292E171C46F54F42F38EAC7B52DBC160B789ADBB7D8327A697C1C04B31A45", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689847563, "uuid": "53384cb7-7c09-4345-b756-9d1bd358d711", "value": "5445c91e5eeec0917c6e94296e04cf78", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689847563, "uuid": "7980bd6a-c47e-49b5-9f96-abb36e55771c", "value": "12288:DkoVBqj9tftNtlq8X+OeO+OeNhBBhhBBFoCB1hSy29IHiYipG70sJn88V0:Dkeu9HjlQoC8AHzipGVnb+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689847563, "uuid": "ea545e51-1ac8-43a4-8056-9dc94eae9802", "value": 515104, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689847563, "uuid": "1c5a24e7-28b6-4e31-aed3-9be8b02c86f9", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689847563, "uuid": "99c05a77-abb2-41b5-b54d-847ace6265a9", "value": "vcruntime140-2.bin", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f67f76b9-2736-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689882751, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689882751, "uuid": "c5cb882d-de47-4975-ae0b-40ac2a103aa5", "comment": "Malware payload", "value": "ef87a4a94705a4332c6afa92973edf5c", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689882751, "uuid": "c5607545-7ada-4229-9ccf-ad98a39ce84f", "comment": "Malware payload", "value": "eb1f3d72cd178d8e1cf467972758292975e9b7479438876f4560532047fc84b5", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689882751, "uuid": "522cba9b-d2c1-4aa1-b48c-2f01f2d39a2d", "comment": "Malware payload", "value": "18450ba1bb1a9d4c6d137597b44d9c25a013c172", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689882751, "uuid": "7f402a5b-5a6e-4782-baf0-e3e2fce7eae7", "comment": "Malware payload", "value": "e1e9cbaf92730dad7ba259484b498afc858c78373cbe0c64585124df9d65ac88ab202635bfaef3fe4bf62491455667ee", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689882751, "uuid": "c1e680ee-de02-4d17-b4f7-713455f64da6", "value": "T1A754D82393B13D45E5368B729E1ED2E8760EF6508F49FBA92219CA1F04B12F6D173B10", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689882751, "uuid": "ab21c7c5-9bd4-49c5-be1b-c1d8cd1936fc", "value": "9de2ee79b7674f53e928d4abe630aabb", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689882751, "uuid": "ea2cce1f-f6db-436b-b967-76debc1bf1cd", "value": "3072:6LkZb/xV1LA8cpMSSNvo8NicOO/CDRkl8j3LBeYktSP8TXD5Gt2ll:DZT/1LAReSAg8UNtj3gjxUMl", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689882751, "uuid": "b5935c3f-df55-41cc-9e48-da3d8c9891c7", "value": 297984, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689882751, "uuid": "68656e00-ea37-4828-97bc-7899bcf47ad2", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689882751, "uuid": "aee7757a-12cf-4502-8ca0-a2e631b28167", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6e9d2e29-26cb-11ee-a6f9-42010a9c0055", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1689836567, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689836567, "uuid": "e472c8a3-7534-4a48-9ad1-97c7bd650ee7", "comment": "Malware payload (SnakeKeylogger)", "value": "2ae7b668b23af73e2f4648f3cb8ab03e", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689836567, "uuid": "5256c52a-fef1-4606-abf4-560e307fe489", "comment": "Malware payload (SnakeKeylogger)", "value": "ebee69a6ec18f54b490457eb4cbc49e9394f1d2128044c1545ea6eb92b515dab", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689836567, "uuid": "2a2de490-e8df-413a-ae30-e6d281f0478f", "comment": "Malware payload (SnakeKeylogger)", "value": "71ebfb3e6505f7907affc4196914dd0da4393408", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689836567, "uuid": "787f5aa9-9b31-41ff-8058-1405e098165f", "comment": "Malware payload (SnakeKeylogger)", "value": "4bcaed521575cfd6a3dfa09b0cc2d9daafd50c921189235972c2d57ea83809529c66dcba842d8ef4c0cddba9947fb3f8", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689836567, "uuid": "243d1191-365e-4ebc-9e05-681fc796fb3c", "value": "T17BD4129155AB8E2BD17B4F74181132B482399FDAB433EA9B5D0BF1AFE6653026700337", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689836567, "uuid": "a4f63b2f-2ee2-49c3-85e0-8359ec2b3a51", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689836567, "uuid": "f1f18e05-5617-448f-8148-288b2fe703e6", "value": "12288:sS6ln+flo/XciMvypSeWyR7S0LzUkkQIvizByknKL9t6J4:lTdCjE4rtiqzw0", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689836567, "uuid": "8b27134f-77fa-48dd-9b7e-c9ce16e00b1f", "value": 605184, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689836567, "uuid": "de88d8c6-0899-4b61-9b37-7f1610b157c8", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689836567, "uuid": "3932da56-0176-4193-bdc4-44248f9fb043", "value": "PO-23070237 TDENGINEERING (H-0359).exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "31681fff-26cf-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689838182, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838182, "uuid": "3a91a038-b4ff-4db8-a37e-8e5ad8673518", "comment": "Malware payload (AgentTesla)", "value": "f1bfb26e91ba36bde8470d0776259d54", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838182, "uuid": "18b03074-c3ff-4901-b0d7-656d707ce680", "comment": "Malware payload (AgentTesla)", "value": "ebf830b54a27c0e76363ae7c9fb6e40a7f28c70da7f4d10d05bcf8e27766b56e", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838182, "uuid": "08ceab17-28b6-4ef7-bf54-363dde4cf9c0", "comment": "Malware payload (AgentTesla)", "value": "102ef1ace03c3d631d894389530048b9e349c5bc", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838182, "uuid": "2af0ac6c-5af9-4447-8e13-ff8184b7fde8", "comment": "Malware payload (AgentTesla)", "value": "ca02be0a4982c3e547bc30e094d4b604e28391f0ef09ac181c5dfb6bd4d36818ce34479eda4b0f56d94da6966b06c12d", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838182, "uuid": "1885b087-2b64-43ef-a4ea-c9a6ac3c17bb", "value": "T10BE4F11896FA8F9EC93317F5A628593C47BAAE657431D32E4E51B0C33A51F031602B7B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838182, "uuid": "146e1285-3027-4098-8a5a-c18351937bec", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838182, "uuid": "e1db9267-afe2-4dea-8bf4-ac1e9749cb63", "value": "12288:6BAyS6ln+flo/XciMvYys8nnS1Yo8b4G7Neh4vfPOS+RXcryToHfsMIkpnRs:2AXTdCjEYqnSB8b4Ac4uXcv/s2", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689838182, "uuid": "114339ba-8c3f-4409-bef2-966889fb3989", "value": 700928, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689838182, "uuid": "445b08d1-c0b8-4c30-8ee0-7243a53aa685", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838182, "uuid": "b967d30d-ecf1-4c7a-a860-18591de3e111", "value": "SecuriteInfo.com.Win32.TrojanX-gen.1712.15669", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d2f85a24-2740-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689886986, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689886986, "uuid": "96d4e78f-a740-43b8-9691-d0085744daf4", "comment": "Malware payload", "value": "7623eaa87222b28f9987864a222f0601", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689886986, "uuid": "702309ac-3de2-4e74-b777-f35746f2524a", "comment": "Malware payload", "value": "eced7d49892ae24499f3838dea71e76eaeb9e357631a050a95ce4366b20c1759", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689886986, "uuid": "6644a32f-e948-4ac8-b558-d1c606866a69", "comment": "Malware payload", "value": "2d99699ce5842b69845fb5d3357e02b5faa7881a", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689886986, "uuid": "9befcf61-ede0-4fc3-909c-fe4e0e0d0ddb", "comment": "Malware payload", "value": "482267c02ad4d183c13d3aed918c4ce758bb3755d9b650098577f520de72dca683439f8d43dafff4cd68bf989185ff74", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689886986, "uuid": "cd8095a5-9863-475c-ab6b-e1d1f3573740", "value": "T155B41203BAD84473D9F627B059F603D30A357EA29974833F2385A99A0CB3994B53537B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689886986, "uuid": "89a7abd4-c741-481b-9087-9e9f1ad296c7", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689886986, "uuid": "74fac448-d828-4b36-8110-e8d4a4eb0dc6", "value": "12288:qMrmy9060dBRn+mnWmdSk+cuUEX0f5bDZR9JKsjl:Myj0dBRn+sPdSquUEX0f5bNjJTZ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689886986, "uuid": "92804690-2150-42ad-b622-0feef70bce91", "value": 526848, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689886986, "uuid": "672ada5d-d345-4f6a-b1ee-5cf1af7a4b34", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689886986, "uuid": "b5d80131-5100-493e-9365-9c463ce58829", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "683e6690-26fe-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689858460, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689858460, "uuid": "898c3b1d-8789-41a9-889f-b0751e274064", "comment": "Malware payload", "value": "7052c1849d876e1b6c8230648ab650ce", "object_relation": "md5", "Tag": [ { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689858460, "uuid": "ac73a8cb-c8b6-41ca-9427-80fcf33d504e", "comment": "Malware payload", "value": "ed6fe9f087253bc7dd78d477675db66311c86e3b8c32dd2611e42a252233bd29", "object_relation": "sha256", "Tag": [ { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689858460, "uuid": "f36068ad-8749-4bb4-8635-e88e1ef23c53", "comment": "Malware payload", "value": "b4606a1fb421858ec9fb7110215331ecad68598e", "object_relation": "sha1", "Tag": [ { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689858460, "uuid": "b65b5963-5423-4d6e-be6a-1a964697fba4", "comment": "Malware payload", "value": "6542f7b32dd8c926780735c25f2fe0345be1864f3961fc0d915c18da3498bc911f5979b4c29d099b46009c96c119149f", "object_relation": "sha3-384", "Tag": [ { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689858460, "uuid": "6759c499-0b3b-48cf-b22a-76b82a8aa5ea", "value": "T1986533642F55A069AD023FBD623C92118F51F4650D54BFF2BC16B6CB8B88EF8429B353", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689858460, "uuid": "f1cf41d9-013f-4ac1-b185-50b0e6943a97", "value": "24576:M3NSPA077O/EG43SW8rsskZnLp/MLPcLqZlM5fwZ2WNe9RwISpZUaaMvgBrJm:M30A077O/bk18QsknNMQLqY5KNe9RwIi", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689858460, "uuid": "d5ab9a78-8213-46e5-94c5-4b93505361ae", "value": 1457637, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689858460, "uuid": "9e6fb62c-b55b-49b4-9390-5d9bdf90b8f9", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689858460, "uuid": "d4442539-839a-42f1-af02-02f392434318", "value": "9ct0u8.tbz2", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "df20264d-270e-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1689865532, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689865532, "uuid": "9e536e74-cb76-45dc-8eb0-60f33b30ef8a", "comment": "Malware payload (RedLineStealer)", "value": "35e3a392d84b7bdaac20a8ab550c67b7", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689865532, "uuid": "76bce2c1-3312-45c1-939d-1aac0c874b63", "comment": "Malware payload (RedLineStealer)", "value": "ef07756d96ceea91613d0e64c48162587247e1f828056db55f66fd5434ab4cdb", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689865532, "uuid": "ef68912d-e8b5-4918-b620-900dc8529030", "comment": "Malware payload (RedLineStealer)", "value": "27dbbb951af0e11f570a7705c998552117dd62c2", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689865532, "uuid": "69a4444d-e6ab-44be-8690-7a6c7d61fa74", "comment": "Malware payload (RedLineStealer)", "value": "031d73ac26f3fc20fac3a39b5f2bfc8c0c1ba622d20ecdafbf63c2d76fdf3827c145b17ef6444806f9193bcd16330d00", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689865532, "uuid": "9994d9e8-f669-4b28-80c7-f6db6531fa18", "value": "T1DB64A743C6A23FD9E9278B72AE2FC6E8764DF6548F49377D11189A2F04B8076C1E7610", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689865532, "uuid": "1e98bc7b-40ee-446b-89b7-797c897d5251", "value": "4204b9f7d0ffdbe2928a3ddb092604a6", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689865532, "uuid": "bef1497f-5c9f-4706-a61f-41826cd3c708", "value": "3072:Ml9xbUyLQPPkI5HUJHZvm4IuH5ieV6vy/ZO5W4S0Jkuz:WxbLQPcKH6pm4IuHIy6mN4Sm", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689865532, "uuid": "385d6b13-b60d-41f2-8405-33b46f17346f", "value": 323584, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689865532, "uuid": "854c876e-c7ed-4bb1-8fae-a23ace9bfec7", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689865532, "uuid": "8e9a034b-13b1-49f6-813b-bbcf484a7af4", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e5c9e1c3-26e5-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1689847933, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689847933, "uuid": "6cb1756b-18f3-4b3d-95ef-e2602fecd4ee", "comment": "Malware payload (Amadey)", "value": "3acf2e92c0625f14957b8bba85a5a133", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689847933, "uuid": "187537d5-80bb-4672-a459-8be0dce25392", "comment": "Malware payload (Amadey)", "value": "ef11bf7b35a28054917643092a94f68ccdbc57cd68005df66e6d81a0d2d012d4", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689847933, "uuid": "1632ef51-c028-4ef9-bc3c-3d8c86b9d74a", "comment": "Malware payload (Amadey)", "value": "519645e11407ed3991cf6501314ea5d8cd4e7a64", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689847933, "uuid": "17c57ad3-16ac-4ac3-838c-432f1d132e9c", "comment": "Malware payload (Amadey)", "value": "07aa6fc4ca738536fdd81d0f0f7bc4d7629f2f30a5611f1391662465a72207b4dd3e5e906611898c9274c9f6b62ebe2f", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689847933, "uuid": "f6985cf7-e7e7-4a2e-b226-3b2db076f195", "value": "T1B6840253F7ED8432D8B51BB05DFA13830A357DA58D78836A2791A85B0CB36D0B83572B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689847933, "uuid": "8a5fc42f-bd2b-44bf-a959-27ad0bfb23d0", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689847933, "uuid": "5ec03317-9189-4a9f-8b38-3dfa0c9c3774", "value": "6144:K+y+bnr+lp0yN90QEUO/bqnT1boVBqmroo3FgmF32GBzHPIRUMjRDDQdf:uMrty907zqT0BtUqoAIRUMjRwdf", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689847933, "uuid": "e25709ee-3a1b-4f73-98e1-2aeac39f9c6c", "value": 398848, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689847933, "uuid": "cdcdd489-7713-4963-b04b-e6c343876387", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689847933, "uuid": "1ae71028-9b8d-42e5-8b39-a64158f5d472", "value": "3acf2e92c0625f14957b8bba85a5a133.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5f9983e6-26ed-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689851144, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689851144, "uuid": "83a51313-b904-40df-969c-71afa91fa787", "comment": "Malware payload (AgentTesla)", "value": "15172be0c93f36e120fe18dc39b00e6a", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "r15", "colour": "#8E01A9", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689851144, "uuid": "55511273-148e-45cf-b5bc-d54101328f6c", "comment": "Malware payload (AgentTesla)", "value": "f08a427989880e86297de08934b3849787d1e5cfa099e2268d6ca9147e0dfb1d", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "r15", "colour": "#8E01A9", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689851144, "uuid": "2df09674-3b95-4077-a219-c43fad09aa40", "comment": "Malware payload (AgentTesla)", "value": "b93afae0c9d8d027466b30debe7c07a6662e8cec", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "r15", "colour": "#8E01A9", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689851144, "uuid": "197ddd7b-5afa-45e3-ab11-40a21135569c", "comment": "Malware payload (AgentTesla)", "value": "a31ea2a22d617594ea8eaaf1bb752071a2c9c4eef2b5540a61a573faf4c8b666429653fd1ab911fa9f5a78df6fab6f30", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "r15", "colour": "#8E01A9", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689851144, "uuid": "89008949-3ca7-4145-bbc9-16f570c0b166", "value": "T165A42343C4EC8A9878CF50DCBA7E29C7CAD72FE9560D088D540C90ADE2EAF4D5445AE7", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689851144, "uuid": "6de5b9a5-a1b4-47af-9fe7-bc10fb6938a0", "value": "12288:gnYRjHI17D05gU+jDSovP672Cxwdnqz43:/jHWc2UVon6SCGP3", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689851144, "uuid": "6167864a-06c0-4e1f-be16-5f296a34c56f", "value": 449271, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689851144, "uuid": "13d91034-1e2c-4fe8-a767-79937403a702", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689851144, "uuid": "abf49291-ffd3-4d70-a8a9-18cc2bea64d9", "value": "Remittance slip 060223.r15", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7c61053b-26cf-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1689838308, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838308, "uuid": "a756e300-0dfa-43f6-a7fe-d4a537a6dfcc", "comment": "Malware payload (RedLineStealer)", "value": "10d90091ef4d583803f960e642111708", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838308, "uuid": "67aacda0-d4a2-473a-922a-27d04a6b27f4", "comment": "Malware payload (RedLineStealer)", "value": "f0fb625894c32db0094ce88fe51ad9ddb2db188124af7a638cf184eccf3d1203", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838308, "uuid": "b25750df-288e-4b11-b105-45d7bb8bb254", "comment": "Malware payload (RedLineStealer)", "value": "9a36e16049aca4f664c3802003afa15637326ccc", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838308, "uuid": "7413e2cf-a9eb-46df-b1c1-1eed28f51353", "comment": "Malware payload (RedLineStealer)", "value": "07664ff15b4882be994d7ca66d2e19a278bfb81e9ff392894efa607442362f00e8a872774d96c38fbc6f906051c5d807", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838308, "uuid": "c7c611bc-47e4-4b6e-aed2-cc8121cb5ed2", "value": "T1F0840266B7E49172D8B5177018FB13430F36BCA15978C3AF23426E1A1CB2680A97377B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838308, "uuid": "b87a5755-6f33-4c07-a143-d239aab32c3f", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838308, "uuid": "5fd6f788-44d4-43a9-9e9f-5c9085f45cc6", "value": "6144:K/y+bnr+5p0yN90QEwBYGFRxbEZcRaEHIpj1XH8bbvymQmiaKq9REG8dq2:pMrpy90LUIZ1EHEBisG8dF", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689838308, "uuid": "8895b455-0683-438c-be32-7e172546d12f", "value": 398336, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689838308, "uuid": "45baf39e-9513-4702-8b72-d1d0f349d244", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838308, "uuid": "a813d7ad-42f5-438d-92c5-83cec6a9547b", "value": "10d90091ef4d583803f960e642111708.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d7f87f0a-26e4-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Loki)", "timestamp": 1689847481, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689847481, "uuid": "2aa9cad6-8f39-44fc-aa87-313d7a40dca1", "comment": "Malware payload (Loki)", "value": "79cf654defc344d1eea337504f7a28d2", "object_relation": "md5", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689847481, "uuid": "213f8d81-f3f8-427f-927b-784c9bb07d30", "comment": "Malware payload (Loki)", "value": "f15f539c0ae209595dc2256318091681aa7852d4f88b2c6ab8e0d1f1dc1f1e91", "object_relation": "sha256", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689847481, "uuid": "74005a30-bfcf-4fd0-bd16-efb323d82cf5", "comment": "Malware payload (Loki)", "value": "0a5e85276f6a83307b3d7cc19676839a1d4b99ba", "object_relation": "sha1", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689847481, "uuid": "c640f623-ef1d-4366-8f35-f32240b44a37", "comment": "Malware payload (Loki)", "value": "73317258366cd701e729fdf076517395e4aa171ab3d24103656458c155fcbee77934d80855cae0d7958a766c80e033fd", "object_relation": "sha3-384", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689847481, "uuid": "9a3a8c0d-532d-4815-875c-792e0a17dca3", "value": "T1FBB423387FDA5886624831C3C1E0AD4BB2AF6ACC445F5F5C4699A913F70744CBBE584E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689847481, "uuid": "70b8b3b9-da23-4822-923a-331e320f9cd7", "value": "12288:LQozuJcsXbYPCbXNZW5vXPfnqbetrCWjA1SMV:0oCJcbCDNgNneeNHjbMV", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689847481, "uuid": "efa0a3d6-8b3c-4349-8269-2782da5b29b5", "value": 526708, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689847481, "uuid": "cfc8d00f-36e1-4e4f-97f9-934c9c645452", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689847481, "uuid": "b086a6d8-f06e-4eb5-bb78-8734217c0703", "value": "0018188403.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "62672a15-26fe-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689858450, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689858450, "uuid": "0fe2ef0b-2711-420f-9d14-773914d32aa9", "comment": "Malware payload", "value": "96725f8dfab3f5d47ea7aef15c8e32bd", "object_relation": "md5", "Tag": [] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689858450, "uuid": "62ee3a87-359b-46fe-ba17-e5fbdb0ad299", "comment": "Malware payload", "value": "f1aaf9b06ba8794832e53b45e560c63b52ba76cb01b2a8d31de8f625d29a1b8d", "object_relation": "sha256", "Tag": [] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689858450, "uuid": "fa6f5ce1-c4c7-4c66-8b33-7b439cf1c885", "comment": "Malware payload", "value": "c620fd4987d633d7e3063f5c9a5bd3db9ceec56a", "object_relation": "sha1", "Tag": [] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689858450, "uuid": "17addc68-0dde-4d82-997e-87c11718b8bf", "comment": "Malware payload", "value": "161d20eebcb35bf3bb67c6bb69312d3551dfeef5300ff7fa72c6a0e8a08d18ad38fd24b52e61dcd9242e3a25e7d88054", "object_relation": "sha3-384", "Tag": [] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689858450, "uuid": "d48949ce-2603-4af1-b129-1e1d444bbd39", "value": "T1C9E42314BE49DC21FEDED37F18B189451EC7DAC6814A7154C02ACA6CF26D7D4A22B0EA", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689858450, "uuid": "2ea69f54-ab40-405c-9d6b-ac5d085cec24", "value": "12288:fpnL4LmWGhzn2qLuVOzWXAWO97yyaBjz324aQAGvkd+YUtDyRxN:f1L+mWGhB37yJBjzxa5AKx5nN", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689858450, "uuid": "29289d7a-5a5d-46c1-bdc4-5a2cf0bc6800", "value": 665954, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689858450, "uuid": "1716d606-d0d6-4531-880b-95dd0ed38892", "value": "application/x-bzip2", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689858450, "uuid": "fb0fbe30-a0a6-49bf-a18c-4542242bc228", "value": "efdu79.tbz", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5fcf5e21-2736-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689882498, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689882498, "uuid": "f17a308d-4d48-48af-af30-1f27795500c3", "comment": "Malware payload", "value": "189b5cb409366aafd28e8589f3c94fa3", "object_relation": "md5", "Tag": [ { "name": "crypt", "colour": "#70DED5", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "Downloader", "colour": "#25284B", "exportable": true, "hide_tag": false }, { "name": "dropper", "colour": "#04C509", "exportable": true, "hide_tag": false }, { "name": "exploit", "colour": "#F98DCA", "exportable": true, "hide_tag": false }, { "name": "Exploit.MSOffice.CVE-2018-0802", "colour": "#4BF664", "exportable": true, "hide_tag": false }, { "name": "Shelma", "colour": "#7BB583", "exportable": true, "hide_tag": false }, { "name": "Sofacy", "colour": "#40D929", "exportable": true, "hide_tag": false }, { "name": "stealer", "colour": "#CABE3B", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689882498, "uuid": "8e71f66a-f25a-44fb-abb6-ac022d5e472f", "comment": "Malware payload", "value": "f3a25448fcb942e61330c47778b49939a43b64e48c9cb0cd70a36084a61b1bb9", "object_relation": "sha256", "Tag": [ { "name": "crypt", "colour": "#70DED5", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "Downloader", "colour": "#25284B", "exportable": true, "hide_tag": false }, { "name": "dropper", "colour": "#04C509", "exportable": true, "hide_tag": false }, { "name": "exploit", "colour": "#F98DCA", "exportable": true, "hide_tag": false }, { "name": "Exploit.MSOffice.CVE-2018-0802", "colour": "#4BF664", "exportable": true, "hide_tag": false }, { "name": "Shelma", "colour": "#7BB583", "exportable": true, "hide_tag": false }, { "name": "Sofacy", "colour": "#40D929", "exportable": true, "hide_tag": false }, { "name": "stealer", "colour": "#CABE3B", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689882498, "uuid": "c7978ad1-e3cb-4a28-b568-f01e79ceaa63", "comment": "Malware payload", "value": "d91c3e44fb6495cb523c55d4cc4711e9d7ad69e0", "object_relation": "sha1", "Tag": [ { "name": "crypt", "colour": "#70DED5", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "Downloader", "colour": "#25284B", "exportable": true, "hide_tag": false }, { "name": "dropper", "colour": "#04C509", "exportable": true, "hide_tag": false }, { "name": "exploit", "colour": "#F98DCA", "exportable": true, "hide_tag": false }, { "name": "Exploit.MSOffice.CVE-2018-0802", "colour": "#4BF664", "exportable": true, "hide_tag": false }, { "name": "Shelma", "colour": "#7BB583", "exportable": true, "hide_tag": false }, { "name": "Sofacy", "colour": "#40D929", "exportable": true, "hide_tag": false }, { "name": "stealer", "colour": "#CABE3B", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689882498, "uuid": "f35eed24-352a-415b-baa8-83acfa3019fa", "comment": "Malware payload", "value": "d9b537eec4096eaad631cdf87ad1f8d2180ff0205d43932e013a9a8df15bca9561a7b330acb6f38f4be46fafca166db0", "object_relation": "sha3-384", "Tag": [ { "name": "crypt", "colour": "#70DED5", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "Downloader", "colour": "#25284B", "exportable": true, "hide_tag": false }, { "name": "dropper", "colour": "#04C509", "exportable": true, "hide_tag": false }, { "name": "exploit", "colour": "#F98DCA", "exportable": true, "hide_tag": false }, { "name": "Exploit.MSOffice.CVE-2018-0802", "colour": "#4BF664", "exportable": true, "hide_tag": false }, { "name": "Shelma", "colour": "#7BB583", "exportable": true, "hide_tag": false }, { "name": "Sofacy", "colour": "#40D929", "exportable": true, "hide_tag": false }, { "name": "stealer", "colour": "#CABE3B", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689882498, "uuid": "868d10ea-27df-45b4-ada7-ff75dcdbdc59", "value": "T1C75423AC2072954BDF3787A0A91A23BDF874B8A4357CE7064D7CD90ADBAC8D55C1093E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689882498, "uuid": "c4b88a94-0f4f-454b-a8ae-e83b1ec1db07", "value": "6144:fg3/lEq0Z103/6N/Dxdmm3zvajEC1NVBIll5RFev+hcb5:f+yqU103CN/VMmrapba5RFGf5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689882498, "uuid": "0a857f3f-4609-4b99-9f01-499c4971a81f", "value": 289409, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689882498, "uuid": "d90e943f-6225-47b8-8a77-4170b7ff87bb", "value": "application/vnd.openxmlformats-officedocument.wordprocessingml.document", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689882498, "uuid": "a880f9f8-33c4-465a-a8c3-87fe6cd00a27", "value": "documentsoDHL9980.docx", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "56417b32-26e7-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1689848552, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689848552, "uuid": "eaff9744-716f-463d-bb4c-62cb429279c7", "comment": "Malware payload (RedLineStealer)", "value": "a48de889c19197426214da54922eb7ad", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689848552, "uuid": "7bbdc37e-c516-4db4-ae39-3a3c92f59cb3", "comment": "Malware payload (RedLineStealer)", "value": "f4fed6410af40a0441fd09c9f8d2b203938d46b8ae18dd75f6ea78ac9f675a2b", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689848552, "uuid": "705a0a76-656e-40ef-86cd-b7b4864025c7", "comment": "Malware payload (RedLineStealer)", "value": "fe3658635c66bb8b0981fe3f73cebf1b229ed661", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689848552, "uuid": "6bd7ee48-2e56-47d6-91e9-466707986f4b", "comment": "Malware payload (RedLineStealer)", "value": "3c29ada878ca0fa230ab9139e9b186f0b92429e418fe0ea6ed6c15366a9e7ae000b7b9f53e4519ad4cbb36ec54e45734", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689848552, "uuid": "dda3abf5-f758-45ad-820c-33842020c59a", "value": "T1AB840AD3C7A23D59E9278B738E2FC6E8764EF2508E4D7B7D12199A2F00B0176D1A7610", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689848552, "uuid": "e183d717-789f-4edc-9d53-6c79c37d67bc", "value": "01c4ee1c294ad77d8fcb236b1ae3a868", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689848552, "uuid": "b4ab0ce4-7881-4a2f-af70-23e977b13407", "value": "6144:FdJL5aCNSwXadmlzRO3YUMmJxqD54zt2ySqOOS:7J1ahld8RUYUzED5It2POS", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689848552, "uuid": "67375e1e-bdb6-4887-9dcc-2f6f396515ed", "value": 405504, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689848552, "uuid": "ce7aefc3-5ace-4ef0-88f9-3e9145987d3c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689848552, "uuid": "aa42dfe0-ff5c-4576-91a6-7fe45c632a38", "value": "a48de889c19197426214da54922eb7ad.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bb3e1d43-26d3-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1689840131, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689840131, "uuid": "00e320b3-fb45-4321-ba29-fe27f01056ea", "comment": "Malware payload (RedLineStealer)", "value": "da1148d1d10604b8628f51d6b37f3d24", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689840131, "uuid": "69757658-044f-4e8c-a155-ff716833bb99", "comment": "Malware payload (RedLineStealer)", "value": "f56e7b93658fa4f3e42f802edebbdb62b17a6c5697a9f94135c139b4b3f75ee4", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689840131, "uuid": "e6865af1-d5c1-4566-9fad-62191e3dee7d", "comment": "Malware payload (RedLineStealer)", "value": "2417b34ec75c9f877f35620536203c700375fdf3", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689840131, "uuid": "418f739a-1eec-454d-84cb-40515e2026e2", "comment": "Malware payload (RedLineStealer)", "value": "5577d28da8a6f35fa835d372930712df44466d93db4abbb4d7e2f6e04d703efd804e075a5c582f85567cc618e4b2fc4e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689840131, "uuid": "51af4f6c-f010-4384-a385-d91c7ee125b8", "value": "T1A7840151A7E88433E9BA177008F213D30B3ABCA12D78822F2349595E0DB3685F5757AF", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689840131, "uuid": "bf3e429b-c302-463d-b224-899c5d39db10", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689840131, "uuid": "1091aa43-f973-40a4-809c-429d28f70493", "value": "6144:Kgy+bnr+kp0yN90QEggvqHkWn7ZNaQHzGS69BshZ8iv/sr+1bCcHnlRHNakwyGk8:AMrgy90fvqBSSAiZ3/fkcHnl9srkx6", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689840131, "uuid": "fcf27f79-b294-4251-9ff8-f8dda8e4599b", "value": 399872, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689840131, "uuid": "b84c439f-1d94-464a-ad2b-b6ae2e2ae29b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689840131, "uuid": "6cef4b45-ece2-48db-b1b4-0e11db70f2ad", "value": "da1148d1d10604b8628f51d6b37f3d24.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4ad84c85-26cd-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1689837366, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689837366, "uuid": "57bfd6b2-6bae-4111-89f3-0957b1d0cac9", "comment": "Malware payload (RedLineStealer)", "value": "047a5e67b8325b5f7f14d6300d2525fa", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689837366, "uuid": "eadc5e71-5b90-4b9a-9ad1-9e372dd3fd57", "comment": "Malware payload (RedLineStealer)", "value": "f5c9c18ccaa6f832b0b5e79345b5442c799774303bf84ea96f45d3c21b2a1f6b", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689837366, "uuid": "2e6e7a58-a6bb-4536-bce1-a9ed039704cf", "comment": "Malware payload (RedLineStealer)", "value": "e765cf5f8a5e1e80bad8f737cd658ffaea69ed78", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689837366, "uuid": "89a240d1-0580-46b3-b5a5-a35355498ada", "comment": "Malware payload (RedLineStealer)", "value": "a9074c7bb7782d7dad42928b1915d17b81c82cc3f50bce0b2478225f06006843b8a73486ef730371ce02662fb92ddcc8", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689837366, "uuid": "90ba7b89-b330-416e-99aa-d0262d8b8781", "value": "T107840102A7F98077E9B5177018FA13C30A357DA2AE78871B2795AD6E0C726D4B43173B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689837366, "uuid": "6d206276-3ee9-4dca-a4fe-c894fb89efa4", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689837366, "uuid": "cfdf6252-af52-426c-b69b-f69e8189bfea", "value": "6144:KAy+bnr+Np0yN90QEQmynqq5AvfcQr4UliD4EYjxgt2jfsmdrHq/LDxMMJOkeb:UMrhy90WP64Ul84jSt2jfHrKjDxMMbM", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689837366, "uuid": "ee83ab25-a9da-4d28-bd8a-9ebbe2a3750a", "value": 398336, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689837366, "uuid": "767cf803-2cd9-439f-874a-fc6c37aec139", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689837366, "uuid": "99ad2a08-3100-4597-b718-c3e74d042e69", "value": "047a5e67b8325b5f7f14d6300d2525fa.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7ff078bd-26cf-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1689838314, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838314, "uuid": "dc08263c-2ed9-401d-89c5-1e09ab459acd", "comment": "Malware payload (Amadey)", "value": "cf437087089aa38c75d1a9bb9942fb5f", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838314, "uuid": "e51c6ed7-8e1a-48c2-bb1f-b2cad65b05bb", "comment": "Malware payload (Amadey)", "value": "f5e186b7dcf00264ea4057aa9d96befb5bcd42dbd72bd7afa141fe349dc2acd9", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838314, "uuid": "09460174-9244-4430-9f64-acf326398457", "comment": "Malware payload (Amadey)", "value": "710124a07ca6713b2df8c57e6eb3c17cfc77a21a", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689838314, "uuid": "0b66324e-0412-4e63-bcf5-e220db74d62e", "comment": "Malware payload (Amadey)", "value": "5404181111f59a9470c385ab230d2a6ed396888ca92b4817398e0e1656a854dda6a632312890a568a14254cdecf1625e", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838314, "uuid": "a2605a29-bbc3-4e32-ba2a-3bd192884938", "value": "T177B4022766E98032DCB6177058FA03C30B36BCA55C75536B2B56688E0D73A81E53277F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838314, "uuid": "aea29e1b-aa3d-4dad-97f8-7c705f975687", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838314, "uuid": "53347a2e-0f04-47a3-9624-63f4d909fa89", "value": "12288:jMrXy90v5Mm1lCYaochPrwcj/oUNDk0OcxEHD:wyU5McCYar10q/TNlqHD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689838314, "uuid": "a5c18c26-6777-4e13-906c-40acaf88cdb4", "value": 527872, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689838314, "uuid": "2b7c9211-151c-4655-aa91-3d30684255a4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689838314, "uuid": "f1209b77-6c21-4731-9022-4ec6b4c3d8b8", "value": "cf437087089aa38c75d1a9bb9942fb5f.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "66c68e32-26fe-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689858458, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689858458, "uuid": "af03e3a6-9259-4130-a3fe-90a54787fc67", "comment": "Malware payload", "value": "71554e676dbf129a2ee9e4b401d1bc83", "object_relation": "md5", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689858458, "uuid": "36f41c7e-90ec-498a-b9a9-8b8e6cfb8df3", "comment": "Malware payload", "value": "f77b609af51e127578b5f6e804386795c9e2f603b70f0d66777511ab9a2c0998", "object_relation": "sha256", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689858458, "uuid": "b613c88a-3596-419a-8ebf-42ab470b9d9f", "comment": "Malware payload", "value": "4f3ac179693ac21313ba2a2fc733c0252554ada9", "object_relation": "sha1", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689858458, "uuid": "159c54e2-bed4-4ad8-850c-bdf61a05cdcd", "comment": "Malware payload", "value": "9d15908ee5a76fe0d68b0cf59380b190261b8841f0d6809e1608d6c611563379b59589acc28dbded5f9fa5f6ad61fafc", "object_relation": "sha3-384", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689858458, "uuid": "b40e1ce8-94de-41df-a205-993772f24084", "value": "T1465533D964EDE4AD2D923739F43B60AE624F9BDEF173A61049BF0A1DA35D401E436230", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689858458, "uuid": "8b0ca10a-311e-44ee-807f-3aa7eafa744e", "value": "24576:947LZKZGHwkcc27LV/7VCmokGfMChQcoaBzlbbJBNUzjl/bPvU7xLYUDgmFjoyNP:uXZKcQc23VjVuf3lbbbWR/bP8GMBFjoE", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689858458, "uuid": "55b6aa4e-daeb-4784-8e57-2085419abbc5", "value": 1336652, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689858458, "uuid": "092134cd-8ed6-4a1a-b6ab-e39d0e827b6a", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689858458, "uuid": "f5deecd2-fd6d-4fde-882c-41ab7e837843", "value": "FacturaDigitalonline-ID-1689799544.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "faca5718-2709-11ee-a6f9-42010a9c0055", "comment": "Malware payload (njrat)", "timestamp": 1689863431, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689863431, "uuid": "526b21eb-5dde-473a-a209-7e2dba37d14e", "comment": "Malware payload (njrat)", "value": "1cf29dc99e1bd358eb6a6a51bd99c842", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689863431, "uuid": "bb3b2026-c336-4b19-a100-4c898023ba34", "comment": "Malware payload (njrat)", "value": "f7b1f59d4c4e68848083a7d5310653e6a77505f01182284df5c2205c9ed32af0", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689863431, "uuid": "8b6a654a-a851-4603-b682-7b954952f5f3", "comment": "Malware payload (njrat)", "value": "d84403c190f1cfe20d22906a1b821a0340da170b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689863431, "uuid": "f1b9483c-f14e-41ec-a0ca-c77f4aef142d", "comment": "Malware payload (njrat)", "value": "7e00c2b5430acf502397aaa3b671fa7a9deb5a9876ff3179deea489615a836c1b541c2de513c1a2304a9383bd6ca5b53", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689863431, "uuid": "fad6c0c1-2380-4175-86d6-fb8ee100d5a9", "value": "T1A4E22BADFBE64465C1BC0AB50571950053B8E103E523F77E4ECB24A66B2B3D84B88DF2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689863431, "uuid": "38de14fa-54ef-4f5d-97ad-a6357030af9c", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689863431, "uuid": "cf784dea-b793-43f5-8f9a-3411eab7b58c", "value": "768:R95CBKdTtrUzxf6vJA2nO39vYSQmIDUu0tiAuj:kaorpPQVkaj", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689863431, "uuid": "83ed73a6-780f-4d68-ad20-ffb3a36fde41", "value": 32256, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689863431, "uuid": "eeab0c39-1e60-483b-aa3c-61e51dc6a672", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689863431, "uuid": "a96c33df-5556-400f-bd16-29149eb612ee", "value": "1cf29dc99e1bd358eb6a6a51bd99c842.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "92b3e968-26f3-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689853807, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689853807, "uuid": "b7f9ce41-fd37-4304-9ce3-fa83927c5ea6", "comment": "Malware payload", "value": "95c4644a9510d4a4d16bef660f1f7340", "object_relation": "md5", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689853807, "uuid": "6f6ad940-2018-4854-b93b-b3520366b790", "comment": "Malware payload", "value": "f9dac526b2d0f6cfe8b6ed9ff98616adf87946f289ce4cbab9a3745596706ff0", "object_relation": "sha256", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689853807, "uuid": "1d89c51f-fcb6-481c-829e-38355ff43b51", "comment": "Malware payload", "value": "28213fbdcd19173f3502c7624a4f4d2ae557df17", "object_relation": "sha1", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689853807, "uuid": "2441276a-1510-4084-b835-dc2567c521f5", "comment": "Malware payload", "value": "70534e8c85df1ad1b9053ef9dd35b106c197ca7bb633e06aa8c67a076b077f4f4b03efdce20f4132d3327d5ecde10ea2", "object_relation": "sha3-384", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689853807, "uuid": "9fc393cc-e030-478f-8e30-2a174368e45e", "value": "T10B04BEF0379099D2EA9E8BC791595E9D1736317BAECA21CC4082FBD929773418B0DCC6", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689853807, "uuid": "faeb313c-ddcc-400a-82c3-5f7f5bf6ef34", "value": "1536:LBgHCInoC9eP4/5xHBd3i1HLKPxpzR68HjwjuX6cDpwOYG+7dMKCascYU9CJ4JmS:VgHCINaU68kJOYGicgToFL81gy9dV", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689853807, "uuid": "7936ec3a-bd69-416b-b39c-38ec6c2f96ce", "value": 176938, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689853807, "uuid": "7b9e0fb8-9efb-4040-914b-4ad4e771919d", "value": "text/rtf", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689853807, "uuid": "73467f59-7c4b-4b7b-8703-0eb3404a613c", "value": "SWIFT copia \ufffd 27,000.doc", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "36ec3f16-26e5-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AZORult)", "timestamp": 1689847640, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689847640, "uuid": "f861991f-7f3d-43e0-b506-724e418f9fa7", "comment": "Malware payload (AZORult)", "value": "cef96968fc8be786444d79dd5ab45e16", "object_relation": "md5", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689847640, "uuid": "3a7b25b3-9c1e-43f2-9f1e-cb549bd7ec69", "comment": "Malware payload (AZORult)", "value": "fa71bbc6871f13271d6fae0f9a16dcb44961e7c9730baa8efb86999f06ea7105", "object_relation": "sha256", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689847640, "uuid": "7e4c8530-3ee0-46b9-a7df-22265ce2718f", "comment": "Malware payload (AZORult)", "value": "492011f92d309b26baceb2f7a70c6983bd8767cb", "object_relation": "sha1", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689847640, "uuid": "1d87534a-cb2e-4dfd-8e51-6574f90146b9", "comment": "Malware payload (AZORult)", "value": "5ef99b3ecb975e248830c25159a217c66b2dc7fed3b078a41c83a522274f00b375b40635f6d63b116e27a0246bfaa35c", "object_relation": "sha3-384", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689847640, "uuid": "2ca98c0b-d8d8-445c-bded-7092447aa9ba", "value": "T13D54078462A2F64BD7410B70D9D0E7B9257B6DF1AA01422E6D9E36F85C3FF290DB0172", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689847640, "uuid": "f021a8b3-18bd-427e-8b77-6aac4431e6ba", "value": "3abe302b6d9a1256e6a915429af4ffd2", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689847640, "uuid": "b494f496-787e-4da2-89f4-c8cd80b32cc4", "value": "6144:ajC8w75wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww5w5wwwwwwx:z8w75wwwwwwwwwwwwwwwwwwwwwwwwwwJ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689847640, "uuid": "27c4c053-fea1-4d5a-81e6-dc0c09020c52", "value": 289532, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689847640, "uuid": "2465e0a4-6df8-45c6-91d8-a1a9585c9c1c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689847640, "uuid": "112eb17f-23d9-4f72-9747-413a6e0b8278", "value": "PO-S518740 #OR23298-RH.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a8a1fda7-26e6-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1689848260, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689848260, "uuid": "7e469925-21c6-4643-8a24-63fd8deec882", "comment": "Malware payload (Amadey)", "value": "d881a984eec499fc06d15a1f53202e2b", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689848260, "uuid": "dc7a3316-d8c5-4dda-9896-8495b94b5618", "comment": "Malware payload (Amadey)", "value": "fa84f49cbe34b30b9179a4ff954c42a89cef66263a0ae682eef4a6e2da2e5a79", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689848260, "uuid": "55e74cdf-bbc0-495e-af52-d5e11782e256", "comment": "Malware payload (Amadey)", "value": "1dc0ade9c2102e95141b2f1215f32b8251fc0b4f", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689848260, "uuid": "4a2f8547-054a-4213-979f-12a0caa5772b", "comment": "Malware payload (Amadey)", "value": "60479dec433fcc73a97d7c3453324337d7caed7701d66c64ad0059afba535be3de8484e44aff3d1417ff75c801fbe6f5", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689848260, "uuid": "dc7b4b42-2fb2-499a-b9ee-ac770780aa45", "value": "T131B41202AAD8A5B2D8F127716CF703970B35BDA18E74831B2342994E5DB36E4E53172F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689848260, "uuid": "d713c2bd-2e6d-4d93-8602-2ce382f0cd32", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689848260, "uuid": "5cea6a69-8f71-4a94-8a9b-8083f1a0675c", "value": "12288:kMrJy90PfCm4okkgMMlC0ke8pD74dOU1v7E/vzWopkGlo4EHrF:Fy7osZke8h4d/1vKzPCAqHrF", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689848260, "uuid": "64dc33b6-7c53-435c-896d-afd4c17191a9", "value": 527360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689848260, "uuid": "21b5a44b-c62f-4b79-ba57-22355f9cb8ed", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689848260, "uuid": "bf041353-1019-4af2-882a-9588a38a45c9", "value": "d881a984eec499fc06d15a1f53202e2b.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "81efc730-26cb-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689836599, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689836599, "uuid": "272370bc-c250-44ef-98ad-5a8ad0aa51e8", "comment": "Malware payload", "value": "6b8a56aaaff3a59d7be12e8a94acf3ff", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689836599, "uuid": "a1187ea8-df38-48d9-abd6-f9d7f5c535ee", "comment": "Malware payload", "value": "fa9884511a32bb9801860bc8aee5c3fd408d767f7676e6a54fb666d83ffc82e1", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689836599, "uuid": "dd9e7b2d-d971-4e6b-89a2-22e8990b4e62", "comment": "Malware payload", "value": "de4ce38dd92032b29725e0af37dc7729b889093f", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689836599, "uuid": "c3db9fad-f6da-440a-992f-68da74473529", "comment": "Malware payload", "value": "68a10a2df1427df1742c3dd2dab4fd10245137941fd009b53aab507b8ef28ebd232509a845770edc53835066fa76833a", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689836599, "uuid": "e6da86ac-d083-4095-a40a-7d365c40ffc1", "value": "T1E96522207AC1C870E47615356AE4AB32BB7ABD31177A4ECB43445E5F8B310E1DE26B63", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689836599, "uuid": "4d1e15f2-1e32-4c79-8ebd-f5a13f0360a5", "value": "91e96141ed5dbe3bc541c8aad7ff3c38", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689836599, "uuid": "91b6b9d9-0967-4ac0-9926-1b42227fa59b", "value": "24576:JLllLl7tEtqOdin2SBRfJNa5YIQbIJ4Ot+BsYY8zGmTka3jEjddoAPGK:hllL8qfnM5YZUt5IGxaITXJ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689836599, "uuid": "d47f1e78-2435-45c9-86c4-3a2a4a0c42c0", "value": 1449844, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689836599, "uuid": "aad760b1-b225-435b-9450-5546da7cd0f3", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689836599, "uuid": "cafef786-6090-4cac-9960-7c83182e52af", "value": "6b8a56aaaff3a59d7be12e8a94acf3ff.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f4cbde9d-26e5-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1689847959, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689847959, "uuid": "9d4aa989-02f6-4ace-bff5-bac39b78e5c9", "comment": "Malware payload (Formbook)", "value": "3e2bb319c4263b1fd1a06d7d7b8e7966", "object_relation": "md5", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689847959, "uuid": "d428a0c3-4eef-4226-af4b-2927f6e61d76", "comment": "Malware payload (Formbook)", "value": "fae585f17bceedb161916e5e96fd1bf4209286bb6542f0239f458e15e990cfbf", "object_relation": "sha256", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689847959, "uuid": "65b170f9-a3df-4ede-9574-311514f9fb1a", "comment": "Malware payload (Formbook)", "value": "77984e27d64d1f3608ee672a9a7765d6c0e4ae34", "object_relation": "sha1", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689847959, "uuid": "e817a17e-b975-4387-b8de-dee678ac8218", "comment": "Malware payload (Formbook)", "value": "ab3d7a860507df8c1270378f8cbadd4649a8bb15fae5438064886a3e0c251e7e0aa84c1e6dd279755a3d8899455e3222", "object_relation": "sha3-384", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689847959, "uuid": "ba6a76ab-826a-499d-ac85-bd21d408117f", "value": "T11E4423278F9A795827477BED71308322AC9B8B6C8F41D4872A9EF07BE57014BE0590B5", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689847959, "uuid": "3f57d79c-df5b-4f0c-bc6b-67c9058f8eec", "value": "6144:lvbdv9D+tKQCq5qA6cs72FqYmOVoJ+K3y2efV:lv/+QVq5xs72QdEwl34V", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689847959, "uuid": "dd3972fa-e708-42d0-912b-85a5c0143dfb", "value": 263914, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689847959, "uuid": "ec8fba77-a5fb-4df7-90f0-8c921b8daca5", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689847959, "uuid": "9ddee0ee-81e5-4da2-a1e1-52ae7f797895", "value": "Urgent Request.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5e7d733e-26f3-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1689853719, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689853719, "uuid": "863408c9-d331-4836-bf24-4637285f75b2", "comment": "Malware payload (AgentTesla)", "value": "23a16958c4c0bd190104ee0350fb2538", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689853719, "uuid": "6b110860-7f2a-41c0-9cbd-108fd9466e67", "comment": "Malware payload (AgentTesla)", "value": "fcc04c16f9e1b91da50286411e8d8e2deb5a62a276ba4558d2fcaa2350f49f46", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689853719, "uuid": "da909d4a-7384-4757-99cf-c50c9b17bbd6", "comment": "Malware payload (AgentTesla)", "value": "8f602a8c0a6cdf39c28bed8da50fb5e060d077e2", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689853719, "uuid": "e33f7c29-aacf-421d-9d45-f675d8d3dd33", "comment": "Malware payload (AgentTesla)", "value": "089ade0501deff1a61e43d34dc7216fb5894fa0306dc9987ccaf3c9a0dd7c3924bf80d598d346e5e75ba4dda6e5a6e43", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689853719, "uuid": "c0cd32e9-4b2a-4dc2-b45a-3f9638667f83", "value": "T1EED423A2A1F699A7C6134F756C8232F0821D8FDAB86F8B134F5BF1B1F79B28D8511045", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689853719, "uuid": "1193079d-8eb2-4b43-a857-a33b6aa2c85e", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689853719, "uuid": "ad1ba092-5739-4e83-b680-fd3a4c9cb973", "value": "12288:GS6ln+flo/XciMvGPviwL7VCb/g5UV3UKa8BNzaFZqulw1QhBa:7TdCjEoiYcLGUva8XzaBlWA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689853719, "uuid": "7c6a3899-f32b-4d5a-8f39-7e25cb94f6d9", "value": 630784, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689853719, "uuid": "f02057d2-64e7-4dd7-8467-b5a27571bad8", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689853719, "uuid": "6116481b-37f5-4835-a7e0-85f62fdff3a0", "value": "Scan_20072023.pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cd62f8bb-2748-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1689890413, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689890413, "uuid": "4d18e9fa-79e8-4f3f-b15d-0907a9a5d027", "comment": "Malware payload", "value": "cdbf60a83a441fc0e4f3c321ca27d9a2", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689890413, "uuid": "6a2552d9-af98-405e-b0db-4d1fcf41ce7f", "comment": "Malware payload", "value": "fd88b1953ed1726607972489022c0c2359dd7dd2244a33a5f475184768ad7bc7", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689890413, "uuid": "b1da3ddb-e18f-47f0-ad06-5f667d9c6598", "comment": "Malware payload", "value": "f440aa17edb79e226b3feb7213b1930e5b67eebe", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689890413, "uuid": "7493903a-16dc-446c-a2c1-4479b0968faf", "comment": "Malware payload", "value": "5628c0e88847ea1f9e08baf8154b32b82362108e78fee5b7fa92cee8d0f3769a1ad8bea57a7dca0cab44e1c751400ef2", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689890413, "uuid": "1f88bec1-0536-4d15-9708-95235c1c1699", "value": "T171256E9D3A5F1DB3CD7E01F1FB556A885B22C44BAB0090E72A5E45CDA20ED23AD4D0DB", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689890413, "uuid": "76378d41-a5a0-491b-a9e9-f3f0f3653ea0", "value": "12288:cek0FyKlWKk2+ffolgG2wc43SaR+xBl0NyXSOZNn21hprX2L:cek0FyKlH+ffolghDBxBl0cScn2R", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689890413, "uuid": "ab31eee6-6606-49b8-b17b-de1ee5f8b2ee", "value": 991232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689890413, "uuid": "b316e98c-3681-4a82-8816-bf5e5ac5ff15", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689890413, "uuid": "f3493936-00eb-46c1-8b5c-02d3e784a28b", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e3a65742-26e5-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1689847930, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689847930, "uuid": "87f1d236-b3b6-44a6-8cda-dc1673f20636", "comment": "Malware payload (RedLineStealer)", "value": "08306af598af45b8f7436ad80e8568c9", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689847930, "uuid": "9ab29bfd-98d3-451a-bc63-8f7ded1fee51", "comment": "Malware payload (RedLineStealer)", "value": "fdb9b250992b8c5988cfe05d255d96db5dd1d7a3ac4959de26b8546038f10c78", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689847930, "uuid": "db446b0e-46f2-4b13-8471-86f1346b3ce7", "comment": "Malware payload (RedLineStealer)", "value": "2c79aca7b3cf41f1a4b225abc5b07051d28ef610", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689847930, "uuid": "063dd03b-aacb-4531-b93f-3b7aa968c765", "comment": "Malware payload (RedLineStealer)", "value": "15fb2f2bc3745628a1c14d01aeb9320c292c42cfe67c6465ae7126fe4bae9fd7247b11981c86421729f536c9c833ac90", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689847930, "uuid": "09aeabea-b21e-4de5-a027-7e88209e7c43", "value": "T18A840243F6E88172D8B517705CF212D31D36BDA29D78836B27856D5E0CB3A90A83277B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689847930, "uuid": "8a388910-d404-42ad-9dd3-572265cb2b2d", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689847930, "uuid": "3542f210-d892-4044-a055-837df9d82966", "value": "12288:sMriy90lWOVYM/uatHtNpErYtyxmVwWo:eyuVYEHt1EEtyowF", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689847930, "uuid": "e7414ac3-65f6-4da5-8585-39675c787516", "value": 399360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689847930, "uuid": "7a928ad5-4fd4-4b43-81ed-d1435f22365a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689847930, "uuid": "efb63015-92e9-419c-8603-638979ac4668", "value": "08306af598af45b8f7436ad80e8568c9.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3338fca6-2714-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Zyklon)", "timestamp": 1689867820, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689867820, "uuid": "89cbd121-217c-49ac-a4b8-cbbf21f482df", "comment": "Malware payload (Zyklon)", "value": "8b18883007744833a9c19047fe34e07d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Zyklon", "colour": "#67ECE0", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689867820, "uuid": "195ebbe3-3628-4313-94d6-d097e4bf4f66", "comment": "Malware payload (Zyklon)", "value": "fdca00e3c56b15eda992ba0a43f758514216f53f7e1cb83fd100c57fcb70fcf9", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Zyklon", "colour": "#67ECE0", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689867820, "uuid": "25062665-6ddb-437c-9b7f-9917fc498b38", "comment": "Malware payload (Zyklon)", "value": "50d8d5f68313a513c7ff4e3307ac4f8a06fd3b72", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Zyklon", "colour": "#67ECE0", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689867820, "uuid": "c96bcf01-a9a9-480c-ace0-212717be808a", "comment": "Malware payload (Zyklon)", "value": "89ca420f28b7afebc1912fe84e92179f9346330819955eaa3b4a7d8b5a37d656b3f6796dd7ab3ad39ac8bb94fc4c9c1e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Zyklon", "colour": "#67ECE0", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689867820, "uuid": "625269da-3c90-467b-a156-223d85b6e76c", "value": "T15BB58C447A424D56CE6D31F2D25347286F50C8632B01FA5B2BF65ACEE70DAE3794C2CA", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689867820, "uuid": "1fa5d333-c9a5-483b-af34-ad38a67b6a63", "value": "24576:sXCIZEaeWq5mCSsGgLWEi2Q6mtV3QpH0HlDih5bU+wF2ZoicmLZ086V4WFoSmi1V:29ZwBHo+giPZ0d5wgkPm", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689867820, "uuid": "ed4b8027-abf7-4b76-9ac2-e45685f5dcef", "value": 2399232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689867820, "uuid": "5290d3ce-bf33-401a-9b95-0399c395a115", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689867820, "uuid": "6d1958e4-b9a7-4993-8a22-d9c78130a47d", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b35bfafd-26ce-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1689837970, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689837970, "uuid": "93268e80-6d0e-4933-baf2-1a89aa888238", "comment": "Malware payload (Amadey)", "value": "4fb77a2ca5a3a32f85886bb6c3fb883f", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689837970, "uuid": "a0a10353-a50b-4627-8675-668d6f63d55a", "comment": "Malware payload (Amadey)", "value": "ff2847671ffceba69d2e4bbe302af33d2de2cf1a3e7bffd60bd70ac75bbc0eab", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689837970, "uuid": "644fe8a0-e408-4293-b059-49402e7e7571", "comment": "Malware payload (Amadey)", "value": "54aef1893079f49ba94069873e8aa3f0a18133e4", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689837970, "uuid": "b0d1bdca-f5b2-408a-8321-e22463ebe40d", "comment": "Malware payload (Amadey)", "value": "dbf2f2b06f6f5e67e6c2aa92b7538a5f3a772461d4c4f825b99032240669e4a52fbf81ef8f56f899d180f881b8325dc8", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689837970, "uuid": "e6fdc6d2-bda0-4e46-aab3-6598871b8215", "value": "T15D840117E3ED9022D4B52BB05CF706D31B3ABCA15C78836B2756685A0CB3690A57173F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689837970, "uuid": "ee2da5ea-ba32-4c39-b56f-cc5efab94ffc", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689837970, "uuid": "42cbd9e9-82e4-43d8-b883-5c378e080f95", "value": "6144:KLy+bnr+2p0yN90QEJChKk31N1rP8SZ9SCpYysfqvgzZruLiuYf:lMrCy90AK+1NpP8EpYDrkiua", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689837970, "uuid": "4b10b0e9-fec7-4e97-929e-ac4d965677ef", "value": 399360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689837970, "uuid": "d52f2471-13bc-4c89-a721-7a459ebff471", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689837970, "uuid": "50552d20-a3d8-4379-a0db-cc51a519a122", "value": "4fb77a2ca5a3a32f85886bb6c3fb883f.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fff8525a-2714-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1689868164, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1689868164, "uuid": "d98de8e1-5f8a-4a73-85b7-9cc3eb6e3ae6", "comment": "Malware payload (RedLineStealer)", "value": "b265eb3f1956025d99ea3ab6bc57b9c7", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1689868164, "uuid": "63ea6532-6c1c-4027-a09d-5f76bbb5b95e", "comment": "Malware payload (RedLineStealer)", "value": "ff519e790d2e2816f80fcb42e750e66953d37b6b24ee401c4341a466d1170b9e", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1689868164, "uuid": "6666a6de-7d5f-40b6-a832-bae44b7e67fc", "comment": "Malware payload (RedLineStealer)", "value": "9a7fb79052cdd7fcc251b270fc9bb2269696726b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1689868164, "uuid": "b18c64ec-21bc-49d9-b8a3-14379f68d610", "comment": "Malware payload (RedLineStealer)", "value": "9c23a033a8ddbaba54c669d2be11b5776974da1b9049d8eee4b813f53a3f36a187e10cc2ab981aaf70c8ccff091f6d65", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1689868164, "uuid": "45d0178a-ad8b-410c-b392-7f3521be79b5", "value": "T100859DC130F4D8F1DC9167360A1452B37F3EF97159638AAB238A1A754FE0AC05A3C6B6", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1689868164, "uuid": "c90ee52c-bed9-434e-8b95-f49364c1f7ce", "value": "28f039ba63a716b696dd5058ca2bb671", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1689868164, "uuid": "2bb6dd82-c4f3-428f-89d1-110ef43e8c5a", "value": "3072:cX7YZKqO4m1Hjjwlmh3Jmlw83sDhCwRZbsS7DbKzoqXB54DkdctMbfbzlJW3dP7V:mtTr1HjMG3Jx88bKzoqX4DkxfbzYu3i", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1689868164, "uuid": "d2f1e632-a25e-49b7-82b5-0b27971760b5", "value": 1791488, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1689868164, "uuid": "44a2726f-f08f-4a13-86ca-d14b9c24413e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1689868164, "uuid": "902b422a-3fdf-456b-a685-bbc6fb2e3f74", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" } ] } }