{ "Event": { "published": true, "date": "2023-06-29", "threat_level_id": 2, "info": "MalwareBazaar malware samples for 2023-06-29", "timestamp": 1688083381, "analysis": 1, "event_creator_email": "bazaar@abuse.ch", "distribution": 3, "uuid": "7b4efc9c-e67c-4e82-a47e-800eb2086afc", "Orgc": { "name": "abuse.ch", "uuid": "9b086132-8588-49ed-97fd-8578a777822c" }, "Tag": [ { "colour": "#004646", "name": "type:OSINT" }, { "colour": "#fffff", "name": "tlp:white" } ], "Object": [ { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "48645c20-163c-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Loki)", "timestamp": 1688015866, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688015866, "uuid": "206283bd-8b72-47c9-958e-1fc41a8de941", "comment": "Malware payload (Loki)", "value": "dacf04bf96751944ade96bbf9a746429", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688015866, "uuid": "63c10382-476f-4f36-b823-806936a214f8", "comment": "Malware payload (Loki)", "value": "01884b7d8e2c9bde09bec45e9258fec0b4b5db58f9852be8dbd6a0c55180bd23", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688015866, "uuid": "07f70fc9-e476-4b4c-bbf1-55d2fec74508", "comment": "Malware payload (Loki)", "value": "e5792781b57a91cd689f18d3c81b7fb73a033076", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688015866, "uuid": "fc42fdfd-5bca-4c4d-9661-54d6d46763c1", "comment": "Malware payload (Loki)", "value": "fde1d86ffb34ec02505654d76d8164a8bc02a195a415942a3eb5e6fd2d8f9c1ace4bbd51f28348ff31cf11e525bba89d", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688015866, "uuid": "750854c3-7370-4656-80e6-365e022e2c96", "value": "T1FCB4483D1CBE2A37C174DAA98FE48463F550D43F39229A3264D79795470AEA325C323E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1688015866, "uuid": "d20470b0-7399-4d00-b0eb-dca4645164c5", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688015866, "uuid": "ea8d42eb-bd68-40ca-87bb-39b4bff250d2", "value": "12288:aLWwIThm0UwV17fsXsy1xgXPP+N6SYuND1Fj5gTF8:aLW9dmLwj7f2sUgXhSYuNHtg58", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688015866, "uuid": "30858069-5236-4e78-8d4d-0b56dd618e39", "value": 515072, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688015866, "uuid": "9abf34db-e4a9-4db0-8330-93617e79c1a0", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688015866, "uuid": "be7e3cf5-5375-4dd7-826b-65ca9f63b528", "value": "dacf04bf96751944ade96bbf9a746429", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1ec597ec-1673-11ee-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1688039418, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688039418, "uuid": "77d3276d-ffa0-4739-a5b0-f9fc04c2f7b7", "comment": "Malware payload (AgentTesla)", "value": "e03eb288f64c961e9fcdead3ded3b9cc", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688039418, "uuid": "1849aad3-93a8-41b9-a6fa-3056715e2a8c", "comment": "Malware payload (AgentTesla)", "value": "01a7195a65b73ce39d09234ab7266977e307fd0c66efb4ef5219dc3677df90df", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688039418, "uuid": "ef6a5ae2-1ba6-4194-9e97-f5ae4463ed3c", "comment": "Malware payload (AgentTesla)", "value": "dbb8f44105e315491b46df5afb3ef15c4c938879", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688039418, "uuid": "3aa8077d-39f9-4a4d-b1ba-a50d23d48d1a", "comment": "Malware payload (AgentTesla)", "value": "12e72626b83ff7e7032329b287250ce5f555d839547e024d058a9ac0886880385e478036add9cb40b680e0a3fb5eb7ea", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688039418, "uuid": "34329f69-7d19-4fcd-a28f-d2b97c84a878", "value": "T1AFE423C4359AFC42CA920EB35636460FEEA4D61561D8461B1BA0BF1DF9F3D818B4E722", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1688039418, "uuid": "7d85163f-9408-43ad-8ead-57d69a860b42", "value": "61259b55b8912888e90f516ca08dc514", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688039418, "uuid": "b1824859-5e56-4666-b7e8-f9d5ecca8d73", "value": "12288:ZYDECKt2MzwSkbppG0JWqcuVi7yfWEJ18ZXzHlv1kYgMkTyg2kxTM:ZYDEDIdSkTG0/cuVi7yfPjevOYMT5FlM", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688039418, "uuid": "67ec000a-a3fb-4579-8dde-f0e45406b28f", "value": 660949, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688039418, "uuid": "1b984a6c-7b5d-4a76-922f-df1705aecea7", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688039418, "uuid": "7050f07e-c06e-4236-9b40-08b55c46d369", "value": "337864093.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8b8576ac-166f-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Cobalt Strike)", "timestamp": 1688037883, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688037883, "uuid": "2f79258f-e92f-4576-b762-8b654db2c299", "comment": "Malware payload (Cobalt Strike)", "value": "18daf97c7f88e754beb22bf049a8cd84", "object_relation": "md5", "Tag": [ { "name": "Cobalt Strike", "colour": "#47EF09", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688037883, "uuid": "70ec1106-3f6b-48cf-9637-e77a5cbe8109", "comment": "Malware payload (Cobalt Strike)", "value": "0286adc5d78f435af5b04693f2c5deac1878782929be38b839d9b662c7ff9496", "object_relation": "sha256", "Tag": [ { "name": "Cobalt Strike", "colour": "#47EF09", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688037883, "uuid": "91634111-81e8-4fee-85c8-54092a786bcf", "comment": "Malware payload (Cobalt Strike)", "value": "6e383015a3409aacc9a0e694e0bc68155cbbcb80", "object_relation": "sha1", "Tag": [ { "name": "Cobalt Strike", "colour": "#47EF09", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688037883, "uuid": "97672371-e465-4a6b-aa25-3a895b669ebd", "comment": "Malware payload (Cobalt Strike)", "value": "8a01e7be18beb616963e5502e27d7c3194bf495d83584278b996b9589ed5f8aefef8e8878a1fee4985bb2665fc74b657", "object_relation": "sha3-384", "Tag": [ { "name": "Cobalt Strike", "colour": "#47EF09", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688037883, "uuid": "1bf05849-64ca-41dc-a4a7-a34f459ffaa9", "value": "T181A633D2ABC088E4E5774235C8B795A3E523B90E1E68820F1984BF4F7D333539876967", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1688037883, "uuid": "61a90dcd-0c96-45a7-b42e-bf9a2289e1a7", "value": "7320b3cae0f7c7e579e85728a091f04b", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688037883, "uuid": "90089fbe-510a-427e-b555-59bc3c96884c", "value": "196608:outDn+RHarkpO1MNJm3AqFpLpJfsdrJT3F4frsLnJh/Qg2:RtDT31M/m3pFRpJUdJTCfuJh/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688037883, "uuid": "08558996-1cc6-43be-bda4-db64be13ab7a", "value": 10105400, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688037883, "uuid": "f90e62dc-8127-44b0-979b-1250ba1c8126", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688037883, "uuid": "78f402ec-c3ac-4ea5-b6d0-36332453ee62", "value": "\u6295\u8bc9\u67d0\u67d0\u4ea7\u54c1\u7ecf\u7406\u4e0d\u6b63\u5f53\u884c\u4e3a\uff08\u8bc1\u636e\u89c1\u9644\u4ef6\u8be6\u60c5\uff09.pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "09497d5c-1655-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1688026497, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688026497, "uuid": "e3e658ae-5f55-4779-98cf-c89ffc589aca", "comment": "Malware payload", "value": "73d0992d96ca6d024b83954f99418be1", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688026497, "uuid": "edece6fe-4557-4654-9b69-032b04a27869", "comment": "Malware payload", "value": "03f2b4a5e6d44e1d3c89f15510006e1ab087512d710042b3b439f90edb077ccf", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688026497, "uuid": "75bcdecf-e84f-4799-b8fb-98a8e50b3382", "comment": "Malware payload", "value": "d214d634b79b6a648c6ffe17f75e990836c6ddc3", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688026497, "uuid": "efe6433f-f9a0-4acb-8266-21243dc12a05", "comment": "Malware payload", "value": "913a10bc1f15362127f492aeba5b46583bb6c181585cd0f5365633c81f7c8a03b9d904b5c80749510d6fe49611d5288e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688026497, "uuid": "51e6ae30-c2a8-4076-8e30-6eea13afa49e", "value": "T1CE64DF3C9F85DED2D7DCC03594F1AB3CA77189BA8687CB277A9450B059E33580A8528F", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688026497, "uuid": "2865916e-c555-4d0f-81ad-97c12042168e", "value": "6144:TWrm4xLNEHcWvg3iFce5Q7Bbfz8oQrcI89bk:TWPZW43iFce5npYo", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688026497, "uuid": "0c887e10-653e-418b-ba9f-ba7f91d95785", "value": 328208, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688026497, "uuid": "2cb19063-76fe-48ac-8a1b-ec11a48b1c9f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688026497, "uuid": "631f9dd1-4156-46a3-8002-5110d80994bd", "value": "file.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3150ae80-1674-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Formbook)", "timestamp": 1688039879, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688039879, "uuid": "c0c01f20-ef9a-4e81-8616-87bd6a52455f", "comment": "Malware payload (Formbook)", "value": "3a954da76c4dc1d98ab922bdd6ae9ba3", "object_relation": "md5", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688039879, "uuid": "850c45de-d8b3-499a-a5e8-f684f628750c", "comment": "Malware payload (Formbook)", "value": "05a04c8fd5c6e3bf56ed628e020b36e8381bab3244114335fa9b978e78e62fdc", "object_relation": "sha256", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688039879, "uuid": "392a7fad-6e40-4229-bd72-9db85d374f16", "comment": "Malware payload (Formbook)", "value": "960eb082c87bd988eddd35925e86c6e4ef9f94b2", "object_relation": "sha1", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688039879, "uuid": "0e3fe267-242b-4847-a098-946726219a25", "comment": "Malware payload (Formbook)", "value": "6993ff7654b5b054ef0a50c185217e228601776aab35c951cd1a353bb4f5cd30bb0d037f59ff7cc8f734df5a037ee5d3", "object_relation": "sha3-384", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688039879, "uuid": "234e5436-99db-4d1f-9c23-a7302a2ac1b4", "value": "T14E3423E296C7A4F81CB784664DFDC0D7A846A102EC554AC9762913C07B6CE7BE701A3F", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688039879, "uuid": "0f485699-07a9-4cda-98ee-89f5debe2949", "value": "3072:yU9/5cEcbqoy+JbtTeLKy9fww21EWsYKng+bx9wxErHcmjnmDAI/Wpde0hJQqLie:yU9RQbyUbGKQp21Enga92Er9nmxgJQw", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688039879, "uuid": "18fd53fa-7af1-4b0d-99a3-62688f35a253", "value": 246815, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688039879, "uuid": "4a690a1d-dd75-4c90-8ec6-f6cbcdc0c541", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688039879, "uuid": "5015f734-53f6-467f-9be5-dfa08b6ad04b", "value": "RFQ # 1045981 - MAA_D Plant Project r01.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d55063d7-161d-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1688002788, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688002788, "uuid": "9d860376-9fd2-4683-9c55-f2aa127f617b", "comment": "Malware payload (RedLineStealer)", "value": "2016a49e26ec62c9a7650ff9ab7a8755", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688002788, "uuid": "1853e61e-867f-44b9-b040-e5c7d3d98754", "comment": "Malware payload (RedLineStealer)", "value": "0607901ab40d19311dd4db0ef9200597bb5523be82ac72c1ce0a6cef7484dd5a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688002788, "uuid": "105959da-0275-4e72-96b3-4186734dad4c", "comment": "Malware payload (RedLineStealer)", "value": "a4ee789e672ed561bacc62730902b11a0804bbb5", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688002788, "uuid": "8f028f7a-5eee-4f75-8556-3b8f44b99148", "comment": "Malware payload (RedLineStealer)", "value": "107291cd22f99307f6a389643973667a1271e812549b00ddf7fc6a618000ec58ebb7458d26871d8954f38a8e1bb9b0a5", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688002788, "uuid": "39f98b04-4771-4851-87e3-41867925bc17", "value": "T11B0611CCEF7E8CF0ED7982F99DE384E46D5C25EB51A08E2A2A5C656317A027D305087D", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1688002788, "uuid": "bf183703-3f55-45f6-a4b4-421e6f1329df", "value": "335c1a113789bbb917445f00d58e5071", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688002788, "uuid": "1b11a7fe-3675-4a89-84f3-66413fa78c26", "value": "98304:UX+7TJgUjub28RaErOlUZFRx7Q4ZpEvL6Mckc:UX+7TJgUjub28RNOlUZFRBQYEOMcZ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688002788, "uuid": "d6b63f2e-4a87-48f9-992b-b85a5c74ea0e", "value": 3737224, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688002788, "uuid": "ae3eaf5d-f0e2-4d5c-b130-f646cf8190ff", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688002788, "uuid": "12dc93c0-3bd7-474e-a316-e9877eb4e3a9", "value": "file.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "af2ce51e-167e-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Adware.Neoreklami)", "timestamp": 1688044385, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688044385, "uuid": "d678e200-03ab-4ae3-afbf-6289f9b24a46", "comment": "Malware payload (Adware.Neoreklami)", "value": "852062a7c4a357a5d749c78dac7656dd", "object_relation": "md5", "Tag": [ { "name": "Adware.Neoreklami", "colour": "#5DC9D2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688044385, "uuid": "55859941-811b-4bac-b9ec-09660fe016c3", "comment": "Malware payload (Adware.Neoreklami)", "value": "064e8805777f12cf94583c9707192268fdae3410691787b2080cbb9c1e707f70", "object_relation": "sha256", "Tag": [ { "name": "Adware.Neoreklami", "colour": "#5DC9D2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688044385, "uuid": "a9a8a559-2ff8-4fc8-bc5c-aa3916bfbcc0", "comment": "Malware payload (Adware.Neoreklami)", "value": "3cd45242199af333c433cb82a94dfb8ad6c5ff50", "object_relation": "sha1", "Tag": [ { "name": "Adware.Neoreklami", "colour": "#5DC9D2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688044385, "uuid": "7e395472-e31e-4238-bf53-a6c4c2e099ae", "comment": "Malware payload (Adware.Neoreklami)", "value": "bf23ca2424546d5099127414d8accd7400885fe6e96854521d44e62f3351911aa5179ccc4306182f24e8534f50b5eb03", "object_relation": "sha3-384", "Tag": [ { "name": "Adware.Neoreklami", "colour": "#5DC9D2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688044385, "uuid": "55e78794-b6b8-4e0f-9935-28e71ef6dd0f", "value": "T13B76335976E14CB4EB4425307A1D7F52F9B6D90C58739A633389211C3ABFA0A437BB38", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1688044385, "uuid": "07048570-8d59-44e8-afa7-da2710a510b8", "value": "3786a4cf8bfee8b4821db03449141df4", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688044385, "uuid": "620c049d-828d-4d24-827b-75a16cdc6dea", "value": "196608:91OsqjNHcY162DA9oPuw1DaDzdSMuXQ4n3pyAHAmOdnQ:3OsAJK2s+G1D2QW3dsnQ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688044385, "uuid": "e964e101-e98e-4925-bda3-31354ba271dc", "value": 7546453, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688044385, "uuid": "41b2b6fd-2b09-49eb-a6ba-2b001f685a7f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688044385, "uuid": "1e3797a4-edea-4143-ad67-a6e27bb697c3", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "195f1f1e-165c-11ee-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1688029531, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688029531, "uuid": "951f9bb7-f616-4a36-8512-11a04568ae86", "comment": "Malware payload (AgentTesla)", "value": "5cb31213e34b960dd22125d5881d783b", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688029531, "uuid": "1f8d9aaa-7b78-41ca-a5c8-bdd500bec4e3", "comment": "Malware payload (AgentTesla)", "value": "093349f01a9a8ac53c05206763726569e4062e97a061795727968af3bd17b7ad", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688029531, "uuid": "3b5438a1-f665-4f98-8572-2b1b37c66a62", "comment": "Malware payload (AgentTesla)", "value": "f24aca197cad0e0c2cbc06c1c9d1063e7dde32c1", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688029531, "uuid": "24c1accb-a51e-4245-a505-f443f8be694a", "comment": "Malware payload (AgentTesla)", "value": "a3a119d1674864a36978cb05e91a817acf99431671416ef2d43445d01b90cfb63c5c1aa9297b090b30b51322ddf69138", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688029531, "uuid": "733777e0-9f18-4aff-a5e9-c7cd0a938e99", "value": "T1EFD4583C1CBE2A3BC174DAB9CFE48463F450D47B39226A36A4D78755474AEA221C723D", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1688029531, "uuid": "3f950051-f6ea-4ad0-89c4-0601ed141512", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688029531, "uuid": "03b5c8b8-2d94-4981-8b81-bd3c9a9cf6d4", "value": "12288:/2iNQ5NwL8eNhOIW4Q5OxBXWeJ6HkINgp/MyEJOlZ:/1W5NwLfNU3oo+MkINin", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688029531, "uuid": "ae23b3bc-deaa-4445-a03b-4d7d9d0d25fb", "value": 611328, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688029531, "uuid": "947f65e9-ea17-4967-bb03-7b5a879d8020", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688029531, "uuid": "f55714ae-46aa-4cbf-9eb1-e3c26fbca2aa", "value": "5cb31213e34b960dd22125d5881d783b", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c74e7fce-1692-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Cobalt Strike)", "timestamp": 1688053015, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688053015, "uuid": "75005b9a-4c7f-4c02-ab33-15523fe0c656", "comment": "Malware payload (Cobalt Strike)", "value": "348dc88b372e539bc2bd2911667b7162", "object_relation": "md5", "Tag": [ { "name": "Cobalt Strike", "colour": "#47EF09", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688053015, "uuid": "5df674fc-59a1-47a1-9f7a-238cb106e479", "comment": "Malware payload (Cobalt Strike)", "value": "0a4437b6e8f7ac6aa163f0596e3921e114e0cd1bfde192d3ddd5f34d57698336", "object_relation": "sha256", "Tag": [ { "name": "Cobalt Strike", "colour": "#47EF09", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688053015, "uuid": "3f5f554f-e5a4-4b46-9d16-b3e6c4e07973", "comment": "Malware payload (Cobalt Strike)", "value": "ab99831aa2e46ce9bf8e19ef64fa351b34ffc078", "object_relation": "sha1", "Tag": [ { "name": "Cobalt Strike", "colour": "#47EF09", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688053015, "uuid": "92c447e6-997d-4805-9f44-5fcd024fb6b9", "comment": "Malware payload (Cobalt Strike)", "value": "c75cff803b50cb3437227c55f4b6998737c9d1a8c96e184cecd3e6529d6975f02f3d792a0f15eb644feafd0104b102b0", "object_relation": "sha3-384", "Tag": [ { "name": "Cobalt Strike", "colour": "#47EF09", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688053015, "uuid": "46b8959a-a12e-4fe7-8f5d-7ba731001a4a", "value": "T13AD53951FA9B88F1E6021571485BB2AF23317C054FE6DF87D650BF7AAC736E16C2210A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1688053015, "uuid": "819b0051-abbd-45e4-a576-36e0212df892", "value": "9cbefe68f395e67356e2a5d8d1b285c0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688053015, "uuid": "6fb2310f-1fbe-4410-a6a3-6d3f3243cc90", "value": "24576:eMMRQqPRadFCc0gezFoNxFTArnOlbtWR9kjhBD8l3iSSOngshQze/dgl1oF8LTCL:eZSWxkUitTGgl/XCtifBpQrR1JsNn3Y", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688053015, "uuid": "da718db3-aceb-4909-9b30-792280a4dd9d", "value": 2941952, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688053015, "uuid": "7b7f3878-e999-4abb-b6b8-e822fa9addc3", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688053015, "uuid": "08311b0f-fccd-487d-90c3-551ec5128f38", "value": "0a4437b6e8f7ac6aa163f0596e3921e114e0cd1bfde192d3ddd5f34d57698336.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1ed1629f-1674-11ee-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1688039848, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688039848, "uuid": "d30b48ae-7614-494c-b35e-a5b2e26e5951", "comment": "Malware payload (AgentTesla)", "value": "e269d9fc775dd68994bc12d49ac157ad", "object_relation": "md5", "Tag": [ { "name": "QUOTATION", "colour": "#75C1ED", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688039848, "uuid": "59248b23-775b-426e-9e56-f1094f579eed", "comment": "Malware payload (AgentTesla)", "value": "0a4dbcfe8b526dca5eb2fd786ea6888c812b506108e2401699f4be8f5fdf38d4", "object_relation": "sha256", "Tag": [ { "name": "QUOTATION", "colour": "#75C1ED", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688039848, "uuid": "70e19218-ba6c-4092-86fc-d0188922f720", "comment": "Malware payload (AgentTesla)", "value": "f1fd948699443c26e00db31b5a1afc50fa1577ba", "object_relation": "sha1", "Tag": [ { "name": "QUOTATION", "colour": "#75C1ED", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688039848, "uuid": "e0961726-3150-42a0-a0b0-1ab45c96ce81", "comment": "Malware payload (AgentTesla)", "value": "d009d7abef5478933f23448cebdd5e9c065146de3ae0e4495494d62e5d65e0d10daf74f1efe26904771258e83ba80d22", "object_relation": "sha3-384", "Tag": [ { "name": "QUOTATION", "colour": "#75C1ED", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688039848, "uuid": "03ba81d5-9f4d-4186-aa4b-e35b11b0a89b", "value": "T10844235EA871086DEC60930BE6628676FEDD20DE5A74401CB6D00D2FCBC69739E83637", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688039848, "uuid": "b7337910-49f0-44ca-9038-aea620419d23", "value": "6144:8RybiaRelW4VCC0i8adFTxYr9t2CRr3TnNaq1:8RgrelJAziFSpt/37NJ1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688039848, "uuid": "89fcde3e-cb62-4152-9190-93be00623536", "value": 261930, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688039848, "uuid": "c2d3f624-5557-498f-806d-ce832ebd148a", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688039848, "uuid": "9581fc53-c584-4703-99db-21ad0bcbccb6", "value": "New order.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1af87f77-1673-11ee-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1688039412, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688039412, "uuid": "45930e04-682e-47bc-9f7d-21c85d1636e1", "comment": "Malware payload (AgentTesla)", "value": "e83c26d7a9bcbc5a159387ae90b6e7bc", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688039412, "uuid": "e2399b2f-1534-4a41-9b34-9d86b7ace99d", "comment": "Malware payload (AgentTesla)", "value": "0ce8211aacb8bcffc146bf001020015d556aec71d6e631a2072e9ad516b565b9", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688039412, "uuid": "ebc41628-6c93-4683-8fe2-c50f059f75d9", "comment": "Malware payload (AgentTesla)", "value": "5423ef9493205b3bc60d0b490330551e894d4f97", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688039412, "uuid": "a0283741-4089-4732-8b15-980afe0c9605", "comment": "Malware payload (AgentTesla)", "value": "b6814f28724cc46b6854c2a872ac4f769ee50f921349a104310e66fe4f620350ae3cecedac93e3c361a70c3c4f487a59", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688039412, "uuid": "9f450e2a-0a24-4fce-a233-78f9a6b4bf7c", "value": "T1C0D423C5309F7E40CB930DC3A226190FED60D759B2C892594DE5FE69CAF7CC98B8A512", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688039412, "uuid": "13f1433b-883c-4593-9c0b-f1d92a2db5c3", "value": "12288:aRLlVGKtOM5wckbJXG0Jcq6uVk7yfwEJv8xXzHlvHOYgOkTQs2kgTG:aRLlVHkdck9G0F6uVk7yfVJYvuYETDFt", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688039412, "uuid": "84f6d12e-ca46-4f18-865e-cdf93060466e", "value": 647231, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688039412, "uuid": "bfa33994-021b-420a-8f06-4188fdc79dc5", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688039412, "uuid": "588875d7-abc9-4f3e-8d13-1a503bb6c56b", "value": "337864093.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3cb3addb-1670-11ee-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1688038180, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688038180, "uuid": "7efc0718-87e9-4866-85f4-f6d6953c4de5", "comment": "Malware payload (AgentTesla)", "value": "da455eb6f2711969d68bdd0788bf8299", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688038180, "uuid": "c653754a-db21-46a3-bba9-885a14b7f5e5", "comment": "Malware payload (AgentTesla)", "value": "0db2b503e3b5ed1be8cab45f9ee3174806aebc79d2d28e1823a42fdb2a9cdce5", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688038180, "uuid": "44db97b5-38cc-4c2f-9694-16a2e5ae5ff4", "comment": "Malware payload (AgentTesla)", "value": "dd7b009d32b46cca32200ff0bbb5b94aeb1545f7", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688038180, "uuid": "24957426-14c9-4488-8f4e-cf81f9faa3c1", "comment": "Malware payload (AgentTesla)", "value": "5e1458160e8e9c326b03b444669b98ce465c204514ce6985cd89450c4be76c1cfd5af44ad3b0ca36ba2487d7f149f960", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688038180, "uuid": "49d4859a-fbff-4ff9-a318-84caa4c4571a", "value": "T11DB42387F9715B728CC22E8485E9D3D274AB51250687FAA26E27DBEFCE43F050374212", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688038180, "uuid": "14bb84f3-d019-4cd7-8db0-bea85846e013", "value": "12288:ApOxz66may33v8VJQWZAkb8rqaojXRNtPr3lVfQePSb:KOxW6Ty33v8VJQWiU8rq/jXR7/O", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688038180, "uuid": "7ea90c3e-d739-4c3d-adb8-d1fb151a6ca9", "value": 525205, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688038180, "uuid": "121a1f3c-351d-4b8a-9912-8cdd699fa44a", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688038180, "uuid": "c160666c-680f-48d5-ad53-c22a45e0938b", "value": "ISF document.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c48229ac-16b8-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1688069332, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688069332, "uuid": "3f50514e-c5d6-425b-945b-530266c28982", "comment": "Malware payload", "value": "58f5d3f738283351db8a2dbafb50be24", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688069332, "uuid": "fbd7577f-1a66-47d9-8f26-31d7e364370d", "comment": "Malware payload", "value": "0ddb866d33fa7277ea51dbaadd197e08318d1c6cd524c352ecb325cad85b82ba", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688069332, "uuid": "aa5ae088-25c8-4cbf-a69b-a4181ec2773a", "comment": "Malware payload", "value": "9c18d5b5957ecf187fb5a2e68a6868a8cd719265", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688069332, "uuid": "aa223534-da65-4213-801f-d6d32f87d1d3", "comment": "Malware payload", "value": "a57925f8757740d9242baac16b76e72948dd43ed57c31573c0b64c322a1b2051c2924b37e0de64f76c61d360e6e3e326", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688069332, "uuid": "f4c8ee7f-8cfc-4d2a-85af-886d0535a6a9", "value": "T16F75229073F84E04E3FF6B79ACF151116671FD239C61D58E358920AD0E36B49AE12B2B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1688069332, "uuid": "d512b144-0090-4ff2-9ef8-359f8ba18d50", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688069332, "uuid": "0b205b56-c5e5-4bc3-a10a-9a001177467b", "value": "24576:Di2Q9NXw2/wPOjdGxY2rqkqjVnlqud+/2P+A+ZecdyFoBkkAnexMrdgL/:mTq24GjdGSiqkqXfd+/9AqYanieKd", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688069332, "uuid": "e827c53d-131c-4ab5-b54a-00abb077d2b3", "value": 1628160, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688069332, "uuid": "1ccec2c8-fcd3-4a8f-a7df-045ee37139e5", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688069332, "uuid": "405ec71a-cf20-4dc8-9e81-cf2a59b0e2ca", "value": "HP Mouse USB.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8a22492b-165f-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1688031009, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688031009, "uuid": "d7fb32b4-7b61-4124-99c5-2300bf133c80", "comment": "Malware payload (RedLineStealer)", "value": "bc30ecff6b782b6cfcc383b3e7aaf84e", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688031009, "uuid": "36089556-d536-41a0-85d1-443460876032", "comment": "Malware payload (RedLineStealer)", "value": "0fabc1fb936acd314e8df063a42125d271b958a29455fe817c81c40522e0efa5", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688031009, "uuid": "b7d2f36f-4640-4502-87c4-548208d72df9", "comment": "Malware payload (RedLineStealer)", "value": "87831f66ec61d860269fa59fce2807aab2521d90", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688031009, "uuid": "8adf4f60-6e3a-4715-a952-7682522c382d", "comment": "Malware payload (RedLineStealer)", "value": "b094420be40cee413362f5551391c01896ea5556515926691b65f9f87323504e6ddc0f3eace296ec8151a665620d23a8", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688031009, "uuid": "e9971fd1-c7ca-40c5-b5b3-28c2a06d9bd2", "value": "T164945DD3A2A17C5CE5254F728E1ED2D47B1FF9504F49B7AA92189B1F04B21B2C2FE250", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1688031009, "uuid": "c87eaa1c-135b-478f-9360-2d34d1a01d93", "value": "c61bedf317f19d715278ea485f1b5899", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688031009, "uuid": "5dd51cd3-5d3d-4e96-a336-98210e1b58a5", "value": "6144:DHoppM77BhrvAriXmbBO+4okkGLJw6Nw0bt/EccV9o/TOVD1DG:DHoo7BhrvACuPnkj+jEtsccV+/UD1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688031009, "uuid": "6f01f336-3f55-4c98-8e73-b58d21cb54eb", "value": 412160, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688031009, "uuid": "7b7c0668-e599-4496-9bf2-c11f651ef7b9", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688031009, "uuid": "083d4672-7736-453a-8dbb-59d531c5269e", "value": "bc30ecff6b782b6cfcc383b3e7aaf84e.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7aba6677-16c0-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1688072644, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688072644, "uuid": "d5db52b5-702b-470a-be76-1be31fbceeb8", "comment": "Malware payload", "value": "d5bd63b4a6c8721960ee35a94780c683", "object_relation": "md5", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688072644, "uuid": "1a87fb8b-2255-4c90-bb6c-1c51fe866483", "comment": "Malware payload", "value": "10d4830a52cf86da7cfa25899be4c2d000107edfc58344b797cfaed192309538", "object_relation": "sha256", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688072644, "uuid": "25d13d86-1ff8-4586-8589-0e7033378095", "comment": "Malware payload", "value": "a8fbc02f07dcfd75d4a98797058bc3c5a9c3beaf", "object_relation": "sha1", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688072644, "uuid": "c964dde2-e915-46b1-9a03-6ff78c7b7ef3", "comment": "Malware payload", "value": "4d3d02fc2e40a3c36c3d8fcb2a53a40771a525bbe9de4eb0ddd17b2e5cafb78e4af21bb26be4fe0d00abd97212b8e652", "object_relation": "sha3-384", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688072644, "uuid": "1763db37-0813-4cec-9d4c-7bf727f20160", "value": "T111C4CFAA7EC38D7DF427D43D40438863AD3911F8A14AB5A71BB4189B1C21C995B2BFCD", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688072644, "uuid": "2e67055a-4d74-46b9-a368-724862286534", "value": "12288:PHzPAqIVXnRd4dpBZMPzdJzZiPSx1ThIoP6C5JDr:PXIVXRoB6bOOhh5Vr", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688072644, "uuid": "7c27f03e-539e-43a9-8bd4-17228e7348cf", "value": 562812, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688072644, "uuid": "cbbb5b33-038d-41cb-91ac-fa3b7f03c259", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688072644, "uuid": "d397a8bc-7136-4f9a-907e-bad8830fa796", "value": "core-mod-1.12.2.jar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4d4bb52b-16cf-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1688079010, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688079010, "uuid": "c950d36e-6aad-493a-aa02-1141fc8b9a7a", "comment": "Malware payload", "value": "aeb9c8460f2adee018e3e218497b9bf1", "object_relation": "md5", "Tag": [] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688079010, "uuid": "e69ee9d1-5dda-41c3-bd1b-4f4f8fd13b02", "comment": "Malware payload", "value": "1264ea4509743d64be2ee85496b888e45e192d8626945fc333bcc3d0d53a1b2c", "object_relation": "sha256", "Tag": [] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688079010, "uuid": "c8910179-d655-4fcc-8561-02310d1de3be", "comment": "Malware payload", "value": "64ab8653d45e34bc6d7b556b11a879bbc49b5f95", "object_relation": "sha1", "Tag": [] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688079010, "uuid": "7cdd3008-99ac-43c6-8bca-257b9b79e61e", "comment": "Malware payload", "value": "f5e4629ce1b2771ee8b4a66c2e663c611adc24e661dee5c3c3df5a7f1b40e6e810dad96b79ff919517f4e4c2f5f29045", "object_relation": "sha3-384", "Tag": [] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688079010, "uuid": "07882696-417f-4bcd-9e70-c8127c264b0d", "value": "T13C43851E6D168FBCFB59863447B78E219A5833D627D1D642E16CDA002EA034E741FFAC", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688079010, "uuid": "2e82ecea-fb86-4d42-8f82-e02631f387b3", "value": "768:bvaLxUxyQpPT5rhmurrFtSmSnoh2Lt3ug+N1IZi0e4fyMnup//dujgtywEz:bvJFP1PtkF+N1t0lk16gtLQ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688079010, "uuid": "77aac2d4-2786-4780-8f0b-7114a7f75e01", "value": 59768, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688079010, "uuid": "eff49250-fff7-4abb-9d32-f8be25b85bf0", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688079010, "uuid": "c245dc12-9e4c-40ca-9ca7-d0a3e4c58b2c", "value": "mips", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "aa3a28cc-166e-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1688037505, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688037505, "uuid": "4131b37a-205d-4fa4-9a41-89c1fea55bce", "comment": "Malware payload", "value": "3e7485b5db921f61e61edfcfa08fcfd7", "object_relation": "md5", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688037505, "uuid": "4de4a15f-ab03-4f7c-b4e3-a755335879fd", "comment": "Malware payload", "value": "13058ede62dcb87fd35e2032122255578179e6e2a1435570f1deb9772a875286", "object_relation": "sha256", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688037505, "uuid": "d20a4604-5fe0-4154-bf2e-45e2bb0bb338", "comment": "Malware payload", "value": "e4ff2e36bcf5e8b8a51dd97e1887ad568aeb3033", "object_relation": "sha1", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688037505, "uuid": "a4043a2c-9669-455e-88f9-cfa9a06d5142", "comment": "Malware payload", "value": "f57288a91f645b4690492194ba3b3ff01fb65c336b9494d3c6de1cc1d851dde6c0a9d4a72036ab2633077d649eb10e51", "object_relation": "sha3-384", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688037505, "uuid": "e5c0020c-4220-43d6-9868-29c8f8522331", "value": "T112A39442B2276F3AC03D1D74915B93D916BCACBE1E15936722D63E183FB42A0BE1531E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688037505, "uuid": "93b815b7-171e-420d-adf3-6dcfb64a9a86", "value": "1536:ZfwzW3i1p2r9ofxrtKJNLJNiVBRJNLJN4VBVVBWeQrDG3:tf3i1pI0beQ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688037505, "uuid": "74e9c704-7e0a-4238-9ca8-0ec947b7977b", "value": 99328, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688037505, "uuid": "bcc827f1-2c58-4eda-bf6e-ffd40d9ab615", "value": "application/msword", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688037505, "uuid": "fb64f182-1bc9-4243-aa10-7a43272b3086", "value": "Vamsi_Gadi_Resume.doc", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0cd3c476-1688-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1688048408, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688048408, "uuid": "5226328a-f20b-41c1-9141-58f9841875ea", "comment": "Malware payload (RedLineStealer)", "value": "c92d329c982a22f81e4b045e5de2f1c1", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688048408, "uuid": "2031cbc9-2d6b-41e7-b6ce-5ad778902a62", "comment": "Malware payload (RedLineStealer)", "value": "14303e8619397af6bbc422163d5bf4ada709dd711a1789e1b1a38b2663dcfb84", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688048408, "uuid": "dc37eb82-9233-4e8f-970c-e59da446aed9", "comment": "Malware payload (RedLineStealer)", "value": "c5abef37342ccbbce1e29562f82d3638d5c0752a", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688048408, "uuid": "a19b7da6-29eb-40f1-8859-57d7ada3c068", "comment": "Malware payload (RedLineStealer)", "value": "0b126be39a198836b63461fb06752397c77635492f10d6699aad967b10c7449db79a61e11b3fa242e91329ac6b7b0a06", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688048408, "uuid": "44033ff9-e7fa-4eca-9c0d-a8dc95e1b0fe", "value": "T16C04D558364BA57ECA6F883D9C700CD46B7CAC661246A7078D8EF0E83D3B7909B151F6", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1688048408, "uuid": "a08d2e1b-8ba2-4efa-8b7f-9fe4e324380b", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688048408, "uuid": "0d76b36a-b80a-455e-b479-36b9640fa6f0", "value": "3072:PyvhXHOMOrIVd0xNSOAxXJReliLpb8e8hw:PyZO2pNJReliLpb", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688048408, "uuid": "ec67ff1b-e8a4-46da-8f2d-2bca17800311", "value": 176640, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688048408, "uuid": "092acc99-c5a8-44f8-afc0-45ebee47b8a0", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688048408, "uuid": "3bac9c85-b5da-4e01-97a1-d5b116f2c8c5", "value": "c92d329c982a22f81e4b045e5de2f1c1.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c6845021-167e-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Fabookie)", "timestamp": 1688044424, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688044424, "uuid": "f7c699fd-fa92-4446-8e05-f182038f75b8", "comment": "Malware payload (Fabookie)", "value": "1efcd33b3cfb3130e759cdb4b58af1d4", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Fabookie", "colour": "#289638", "exportable": true, "hide_tag": false }, { "name": "X64", "colour": "#FE8399", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688044424, "uuid": "06ed43be-c3e6-4401-a0ab-b077b7eeb1fe", "comment": "Malware payload (Fabookie)", "value": "155dd3b4d2665fc6486167b4f8ee758f5a848039216c76614ebf3167990e9ec6", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Fabookie", "colour": "#289638", "exportable": true, "hide_tag": false }, { "name": "X64", "colour": "#FE8399", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688044424, "uuid": "1f76ae5d-d973-431b-bf18-5663edd9aa87", "comment": "Malware payload (Fabookie)", "value": "58235ee3e6547cd443bfb2457e2d8126da7cc469", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Fabookie", "colour": "#289638", "exportable": true, "hide_tag": false }, { "name": "X64", "colour": "#FE8399", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688044424, "uuid": "ebbb2fc3-ae54-4023-95c9-8ad409b8302d", "comment": "Malware payload (Fabookie)", "value": "116e2fe2f22191774dbf40d392dde5c405a3c5b0f9ca5aa94942951e1c169eb1a9eb6840b5b1132f0fad1cad3711e6cd", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Fabookie", "colour": "#289638", "exportable": true, "hide_tag": false }, { "name": "X64", "colour": "#FE8399", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688044424, "uuid": "0160f947-240d-4f4b-a133-7c54f9674f26", "value": "T101346D62F3E81069E0B7C23A8AB25375EB7278191F2187CF1164566D2F337E18E3571A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1688044424, "uuid": "282e3cb9-2492-4702-a0fe-8b13fe7fd495", "value": "0b788e8ff3124c2dd648ac7a27e0b5d8", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688044424, "uuid": "11a699b7-1445-4125-80d6-c3a7f9bbf108", "value": "6144:zqkvJK8JRGHtg7WSByYiEEiEEsfByAwZZS4onQF:ztg8JRwtgzyYXIB7GjF", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688044424, "uuid": "157fdfb9-7d83-4007-92de-afaa9e1759f7", "value": 247808, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688044424, "uuid": "425b0444-7716-4d7d-a940-acf8881ed5f6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688044424, "uuid": "1eec8d17-606f-4cf5-9012-60f070ce7a3d", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "41f4168f-1673-11ee-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1688039477, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688039477, "uuid": "ab9a8f49-9c9e-440b-bd89-56ea58360f4f", "comment": "Malware payload (AgentTesla)", "value": "e600ab285af11a6bf26377bd48616de2", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688039477, "uuid": "a4e081e5-35b0-4537-9d97-60762935b3c7", "comment": "Malware payload (AgentTesla)", "value": "177c8741bb507140909e9bde6f678f1af134fc4ca5b7664ad97e1ae216ba01f1", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688039477, "uuid": "54b79d4e-9f09-4f4a-90a5-30aa94766550", "comment": "Malware payload (AgentTesla)", "value": "d1e4bd1b8cca6bd33554feb8cc46a19e8ba12cfc", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688039477, "uuid": "5ea579d6-e938-41b9-938c-ea14347238bc", "comment": "Malware payload (AgentTesla)", "value": "32140c6aaafd42f8543210b6909f1d01fa2915632632dbdcbdd57e3fe2945010ad5b0f8a39654822131be4e21f8ba799", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688039477, "uuid": "e7b7bde2-46d5-458d-b3d9-216b3a1b9f01", "value": "T157441258B5F0C5D3D8720731887A4B2A9FFEB9130866870B57D08B8E357AB919E1E731", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1688039477, "uuid": "d1ab77ec-ecdf-4d26-afe0-297b912d19f8", "value": "61259b55b8912888e90f516ca08dc514", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688039477, "uuid": "ae839d1f-dfef-423d-8968-ca9ba6ac8291", "value": "6144:vYa6gkBP+iC9PxDte3fHCijwmhYSFejIpoYiYv2S9kyDFA:vYekBWiCJvcHTEmhDFe9Yhv2S9BDFA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688039477, "uuid": "a316a3a6-7692-45c2-a4c4-35b717051587", "value": 273701, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688039477, "uuid": "d1cbf0fe-42c6-41e0-b817-d951ccb9a9c7", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688039477, "uuid": "2502d060-1eea-45ef-945c-c4f59397eff3", "value": "SWIFT COPY USD 211,18.35.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "74d026c0-16bc-11ee-b3cf-42010a9c0076", "comment": "Malware payload (CobaltStrike)", "timestamp": 1688070916, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688070916, "uuid": "1da119fd-8210-48e5-a9b8-3338581cb7f2", "comment": "Malware payload (CobaltStrike)", "value": "0be1135ad4c034fbe0f5437ae386cad2", "object_relation": "md5", "Tag": [ { "name": "CobaltStrike", "colour": "#8E4D73", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688070916, "uuid": "4b76a1f9-37d5-4033-8000-de6602751f83", "comment": "Malware payload (CobaltStrike)", "value": "19f1ac569f0eeaf463b668616806a92ad876824d8d786eb703d26390f25e6ba8", "object_relation": "sha256", "Tag": [ { "name": "CobaltStrike", "colour": "#8E4D73", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688070916, "uuid": "81a9c3b3-7f69-4a40-b26f-6b65cd207c48", "comment": "Malware payload (CobaltStrike)", "value": "0f71f2ca32f74b8bcf6557dd65b752e2b56f01d7", "object_relation": "sha1", "Tag": [ { "name": "CobaltStrike", "colour": "#8E4D73", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688070916, "uuid": "aebd765f-53c1-4d0c-a445-a57c7696ed22", "comment": "Malware payload (CobaltStrike)", "value": "7b17e0dc0e681e8e6e5e5a4444d3e64137a88939147e7f3aef456bccdbd8844baac18a50d49ac0515ab6396477c1f536", "object_relation": "sha3-384", "Tag": [ { "name": "CobaltStrike", "colour": "#8E4D73", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688070916, "uuid": "8f9c5691-360c-4608-be8b-794ae7d1ef1c", "value": "T11854BF84ED76EFA3FC66E1BF4E72533B0E1A031A45344F81DB5C74198A2849E868BD71", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1688070916, "uuid": "08c23e6b-8298-421d-90e7-a3676641e0bc", "value": "dc25ee78e2ef4d36faa0badf1e7461c9", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688070916, "uuid": "0fc7dd9e-4336-42e7-af70-367da6210e9b", "value": "6144:dRYT/sSC79iXBhBFs4RXhVbEPtSYZkaptGHKYeePM4b:dC/FC79ixhDs4RItPZkStGHKYY4b", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688070916, "uuid": "34dcc61e-6e56-4b51-a132-9d69d7641375", "value": 284672, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688070916, "uuid": "64f4f47f-7ae4-487a-8894-4524facc1da5", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688070916, "uuid": "84bfc0e0-a4f2-4cce-a030-dce5fc99a770", "value": "beacon_wlan0.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4831ff05-161e-11ee-b3cf-42010a9c0076", "comment": "Malware payload (njrat)", "timestamp": 1688002981, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688002981, "uuid": "76c5c182-b287-4492-bac8-14032bc0ef49", "comment": "Malware payload (njrat)", "value": "837e7a401c17906aa92c5017f3956f66", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688002981, "uuid": "951014e4-c3a4-4333-a9c5-270171c91abf", "comment": "Malware payload (njrat)", "value": "1a803a8d7f55faf66459f33c7d89e961a22aae970eb84528b952b01e8c0af3dc", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688002981, "uuid": "f891e191-81a5-4eaa-8d18-a702f7b636c3", "comment": "Malware payload (njrat)", "value": "8f3dea852710373fa49a353704c56bcc26f565b1", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688002981, "uuid": "45c66c2a-4823-4d0a-9d73-020b30e5373b", "comment": "Malware payload (njrat)", "value": "aaa96bd4f4cc64aba4f258dd07b66fa02b8649e95a771d2a59f5a696855d7c6d297c6fae776650c60c6a1bebf3d62360", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688002981, "uuid": "6f72373d-3935-4b21-b70c-9a405596c8f0", "value": "T1FF93E84977E56524E1BF56F79471F2004E34B48B1602E39D48F219EB0A33AC48F89FEA", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1688002981, "uuid": "e9ec1c39-aaab-4eb3-96f2-db7b0b4d9517", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688002981, "uuid": "25ceff76-2c6d-40a3-b4c6-33d77ddbdff4", "value": "1536:fUVFQWqkqqoLc2mJiIjEwzGi1dDSDBgS:fUVmkqqoA2Gi5i1dk+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688002981, "uuid": "105a114e-164e-4e9f-bbf3-9f6ffbce1959", "value": 95232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688002981, "uuid": "677d2932-c9ca-469f-ae27-64cd58707282", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688002981, "uuid": "cafc52b9-42c5-4a81-ad43-17895e56eebb", "value": "file.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8fa5eb5a-161e-11ee-b3cf-42010a9c0076", "comment": "Malware payload (DCRat)", "timestamp": 1688003100, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688003100, "uuid": "ef478dbf-9ce1-4be2-9baf-8d40e94d3d1f", "comment": "Malware payload (DCRat)", "value": "2b2a5d4338710971228ad230b774c7af", "object_relation": "md5", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688003100, "uuid": "fc6fc72f-6e58-4809-8644-b5761fe9a082", "comment": "Malware payload (DCRat)", "value": "1ac36deadf79f1d911a8cd2232d5d86f39870c8041c52196f87f6390f132fa85", "object_relation": "sha256", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688003100, "uuid": "64e05f33-09c1-453f-91ce-790a5218bb26", "comment": "Malware payload (DCRat)", "value": "d65b264ae7b323daa52c002c520592ee8d76adc2", "object_relation": "sha1", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688003100, "uuid": "63aa1c25-35c4-4663-adaa-2681d3e0d447", "comment": "Malware payload (DCRat)", "value": "3634939370e1f367bee13e1c3435863067bc54f9cd8cc87999073eb352fe5751986989f6d948981f8cef45f1689f2214", "object_relation": "sha3-384", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688003100, "uuid": "ab036bfa-840f-45e1-930e-75828b58561c", "value": "T16A95BE017E64CE11F01A5633C2FF454847B4AA516AA6E31B7DBE37AE15123A77C0CACB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1688003100, "uuid": "68268a03-6bd5-4673-878a-0199a538ad7c", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688003100, "uuid": "a02a32b2-35fa-4741-88e4-4a4e989761d6", "value": "49152:Y3qwa+gf/cmEiN6QIeI4JP6shoNlKwX/HzIo:Thtf/cC1p63jHMo", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688003100, "uuid": "48175731-f387-4d47-a275-93bb6e1c2451", "value": 1878528, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688003100, "uuid": "b8ad88c9-b089-470e-80ca-71053482919a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688003100, "uuid": "e9ddc1c1-cfc1-4463-99b7-6567e6a2a0c6", "value": "file.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c6ea0a3f-16c0-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1688072772, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688072772, "uuid": "ee8b6596-eec7-4db1-96a0-1f7d3354d280", "comment": "Malware payload", "value": "76edc33ad9b87ea8fec576b6614114cf", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688072772, "uuid": "31bfcfb9-f76b-47c8-b074-33bc9d39a4e0", "comment": "Malware payload", "value": "1ad56287fa3c495ffee5719603969b4ebec9eb856011e1d042481e97908311d3", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688072772, "uuid": "ecc37e1d-18f0-4738-8771-cc38ddcceebd", "comment": "Malware payload", "value": "4bc756e7fac1d8e7e6da5294d07372019b83f469", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688072772, "uuid": "c773d9a6-8375-440a-a1bf-229b5420da79", "comment": "Malware payload", "value": "71d4befe3332e850c33186eb960b16daacf456201ee745d5072077a3274aafb6e3d661a0ff3dd827f885af43e7b765e5", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688072772, "uuid": "40f77515-8431-4b98-b760-88fbb7e79e94", "value": "T1A445BF6D624433ACC02EC9744933FD45E2F1651A0BF496AE76D7FAC07BAF800E906B56", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1688072772, "uuid": "c55d40cb-4047-4403-bfa3-2d8a714b884e", "value": "0f5cc683fa39edbe3ca8321b37bf56bc", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688072772, "uuid": "79a7546a-9184-4ed9-8abf-1016a31f46b7", "value": "24576:LTXjHTx/3DDzYtfhn47SAWtv7xwQpdLTXvsTkHDRfQ:LfHTxLDcJhn474tTxd7LTXvsTkHDV", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688072772, "uuid": "c2a1b12c-c82e-4f84-8fad-e39a45d33fab", "value": 1255424, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688072772, "uuid": "477f372d-0514-40fd-85f1-e109d9c5e790", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688072772, "uuid": "145bf8a8-4f13-4179-b8a2-95d2bca83494", "value": "java.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d49d152d-161c-11ee-b3cf-42010a9c0076", "comment": "Malware payload (CoinMiner)", "timestamp": 1688002357, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688002357, "uuid": "2a45a64c-8ec2-4f83-a9e2-25f7fced456e", "comment": "Malware payload (CoinMiner)", "value": "607668fe92b4df6d65540dfa4792dd7b", "object_relation": "md5", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688002357, "uuid": "61e5bd37-d3f0-4f15-80b6-8d38fab89ae0", "comment": "Malware payload (CoinMiner)", "value": "1afcc28d0ff14dae49c06970d6ec362111ce6cd11a5a3f602c643073da8eae38", "object_relation": "sha256", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688002357, "uuid": "51e67926-5d69-4e09-b142-bf8d7c62c972", "comment": "Malware payload (CoinMiner)", "value": "08a6a6e187c73069385cff2d24cb03d6019ff44a", "object_relation": "sha1", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688002357, "uuid": "ada40fab-3639-41a3-8bd7-79abb33ea078", "comment": "Malware payload (CoinMiner)", "value": "07346c71360416dbddbf94eb1ac0700f46e859839f09d36cc05558907e47170a189c18b3f8c807a34cd063e56afb9b0f", "object_relation": "sha3-384", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688002357, "uuid": "33e852ab-c509-4b75-9120-c5f477efcee0", "value": "T189A5225073D144A8D0BAF0FAEEB5A277DC257C5084A9686B6AF1F2619F38113CF099CD", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1688002357, "uuid": "1022abe3-840a-4955-9a5a-a50c9674ac35", "value": "c24ea937b2b0d62e829e8a8faeff5a8d", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688002357, "uuid": "a6b8c174-db5b-4150-9426-5318bbf7f834", "value": "49152:re1FVWROlqR/uGRreECJ6Q9Bwd+Q/+rcS/9i+iG5GjVIL2cnGQ7soCx/J:reXVWQlqRmGR7C0QEd+WXS/9BiwWoAqe", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688002357, "uuid": "fd9c1557-1710-4a96-9853-eadc53131420", "value": 2177536, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688002357, "uuid": "a0c73865-6f5a-48a7-825c-311b16bf76e0", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688002357, "uuid": "3216aa39-2382-4ab2-8308-2ff327210ddc", "value": "updater.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "10eec975-164a-11ee-b3cf-42010a9c0076", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1688021786, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688021786, "uuid": "3faa9f4e-cfcf-44f6-af36-23bb2cc72266", "comment": "Malware payload (SnakeKeylogger)", "value": "475eef04a54767726564d8b4cf5891c6", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688021786, "uuid": "394385cf-7fc8-464c-bac2-f9e339cac889", "comment": "Malware payload (SnakeKeylogger)", "value": "1b87add557e732b93c288ac361f45b9e22674b9c5914b21ece4f8b0f2694f0c5", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688021786, "uuid": "a629d81d-755a-479d-b928-6b8b4d3744ac", "comment": "Malware payload (SnakeKeylogger)", "value": "6edbd4132ada726017b691128fd51b1c8f04ea25", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688021786, "uuid": "9eea24f0-decc-4ab3-bede-c87a0baedb32", "comment": "Malware payload (SnakeKeylogger)", "value": "f8415570785b8cd618341e8291b18da406b5d8e60fcdb7c453e8cf8722af2c687744a2ac1e9e1446f9915bd327925a14", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688021786, "uuid": "75578577-29c5-492d-8c1e-04387e9e37ef", "value": "T1AFD41738297EA327D134C6B58FD18027F3649D2B3021EAE5ADC277E54666B1126C363F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1688021786, "uuid": "1563921a-d226-4e69-ab64-9d379a2eca4a", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688021786, "uuid": "21ec5412-bf8b-47af-94f5-6586889521d0", "value": "12288:qVp0K8s6owFYleF/P4CmUqXQsiwJO1LhZ0TAefKAwiyIgE0WgJwI8Vu2:qVp0K8s6owFYE9Pe5JOpgcefKEOE04Ie", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688021786, "uuid": "27aafa83-7fe7-43c8-bcea-58efb74d80b4", "value": 651264, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688021786, "uuid": "9cc000e5-3147-4984-bc42-8c9233656786", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688021786, "uuid": "37a65583-13eb-4e46-8df6-8374101849bd", "value": "doc2906202399998888.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e7829182-166d-11ee-b3cf-42010a9c0076", "comment": "Malware payload (StormKitty)", "timestamp": 1688037178, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688037178, "uuid": "ff203b9a-c2d2-4558-94fd-8dd0d864eb74", "comment": "Malware payload (StormKitty)", "value": "eb86a5f1888e1a9d49430082d8a1c491", "object_relation": "md5", "Tag": [ { "name": "ace", "colour": "#72CEE0", "exportable": true, "hide_tag": false }, { "name": "StormKitty", "colour": "#922AAA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688037178, "uuid": "00858a56-0e38-46e8-8fe9-64a82240cc1e", "comment": "Malware payload (StormKitty)", "value": "1bab5028710d9579d220a46ff4f3bdae6a0012d4ad66e827a4928f82ad1d8412", "object_relation": "sha256", "Tag": [ { "name": "ace", "colour": "#72CEE0", "exportable": true, "hide_tag": false }, { "name": "StormKitty", "colour": "#922AAA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688037178, "uuid": "81432cd8-4f98-413d-964c-f3000872402c", "comment": "Malware payload (StormKitty)", "value": "24cb57d409be1ac4f9a72a056a4a7ecf26a95fe9", "object_relation": "sha1", "Tag": [ { "name": "ace", "colour": "#72CEE0", "exportable": true, "hide_tag": false }, { "name": "StormKitty", "colour": "#922AAA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688037178, "uuid": "a5fa5643-f871-48eb-838c-cb8d18587aa5", "comment": "Malware payload (StormKitty)", "value": "08b56be385f2ffeed3601440ff93f88eddc274280c749d672a13fa11081e27fca7310351f39cfa3d3b146a9222d12917", "object_relation": "sha3-384", "Tag": [ { "name": "ace", "colour": "#72CEE0", "exportable": true, "hide_tag": false }, { "name": "StormKitty", "colour": "#922AAA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688037178, "uuid": "c650a879-7961-4965-a9eb-f01b6f9563e4", "value": "T12CA3123898951EF1F0FFF0F5FB8180D7458D3BE540A4936E71E2A7626A9498CEBE5012", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688037178, "uuid": "54755568-eaee-4e47-bc7c-1b327ac5c4b3", "value": "1536:lECoKngfKDBDT/DeYvpBMpFMHWy9A3SfPvANCtWVL0etuhYf9wFidaQ907:GunTHDeKpQuHdRnvAwwQetMYusda407", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688037178, "uuid": "e6555a43-435d-4fe6-8cf2-10da025d3dd6", "value": 97817, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688037178, "uuid": "6d8769ac-3774-4b33-bb33-2d75a3fadcaf", "value": "application/octet-stream", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688037178, "uuid": "b9def036-c634-4914-a3c6-1810071e8af0", "value": "n00178439238--ENQUIRY_.ace", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6f6197a7-16bc-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Cobalt Strike)", "timestamp": 1688070907, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688070907, "uuid": "4b13257f-414f-4e37-9bc4-0d036fd467fe", "comment": "Malware payload (Cobalt Strike)", "value": "399c8e3cde9997b61643f4271b749715", "object_relation": "md5", "Tag": [ { "name": "Cobalt Strike", "colour": "#47EF09", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688070907, "uuid": "e9501bb3-939d-489c-a9b2-0350ceeebde8", "comment": "Malware payload (Cobalt Strike)", "value": "1f36f866935d5c8e9508dadfadacfc7272508a904cd5f01f2d8f56c1143ed216", "object_relation": "sha256", "Tag": [ { "name": "Cobalt Strike", "colour": "#47EF09", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688070907, "uuid": "718c40e3-ae80-4985-9de4-b8a64799e691", "comment": "Malware payload (Cobalt Strike)", "value": "6328ff0cc5587d6cc578cd477fb6174a39945d06", "object_relation": "sha1", "Tag": [ { "name": "Cobalt Strike", "colour": "#47EF09", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688070907, "uuid": "978aa1cf-1631-4ca8-8c93-64246ab08d6d", "comment": "Malware payload (Cobalt Strike)", "value": "af9dfcb05f821ddae6acee5cb3aa22e7e3c7fca607729e79d2ee1c636f718f61b0c4ad42355974605db68ce802dc619a", "object_relation": "sha3-384", "Tag": [ { "name": "Cobalt Strike", "colour": "#47EF09", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688070907, "uuid": "59b1ac72-7bed-4af1-a6bf-df07db78c0f0", "value": "T16154BE4CAA533905C34AF27ADDC74BBC4633B211611878339DBA7C4DAE8CB6BA535748", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1688070907, "uuid": "ca13ef37-3560-4b9c-9ab3-5cfc2df0fec5", "value": "dc25ee78e2ef4d36faa0badf1e7461c9", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688070907, "uuid": "45493d70-e6fb-4a39-886a-092b4167321e", "value": "3072:0RUC3nbWh93TR8rk2HTf40HWNOXmy4r/6plIMfau2O:0RAhTR8zHmIY7", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688070907, "uuid": "fc4a0363-5163-4fd2-b2cc-b98b25ea6e80", "value": 284672, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688070907, "uuid": "de5f91a2-7682-4ca9-b208-f32dac32de4b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688070907, "uuid": "1f67c020-c3eb-455c-8764-278d50f0c733", "value": "beacon_test.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2ebf9127-16c3-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Formbook)", "timestamp": 1688073805, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688073805, "uuid": "f6d3d848-8d6f-4e6e-b454-cad0eff12361", "comment": "Malware payload (Formbook)", "value": "4449429ef363924a7fcff191dd03a72b", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688073805, "uuid": "9692e806-4093-4824-8845-a2a25e8e09af", "comment": "Malware payload (Formbook)", "value": "215bf08032eb73c5e0b50bcce07def909e22f769315b0f90ed6cec87b28d44f6", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688073805, "uuid": "c0a4def7-fd81-4908-aba1-01f5a2612741", "comment": "Malware payload (Formbook)", "value": "165df27eaf709ed593eab2d54f91a6bb770d44f2", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688073805, "uuid": "eb1f1cca-b5c7-4d82-b06b-0604aeb77cd2", "comment": "Malware payload (Formbook)", "value": "d148c3404e8d76f008a4b5536ab530faba5760dd876e716c4993c6efd4ccee8cba4b916fb54c59d6fe0881c531331e5c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688073805, "uuid": "62104a9e-d647-4673-a242-c4933253e5b7", "value": "T121341251EB60C467D4A702721E7A63638FF6BA1710A4838B3B501F49F876662EF1E3D4", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1688073805, "uuid": "9647c748-3855-4b50-9d92-1bfe53dae8d4", "value": "61259b55b8912888e90f516ca08dc514", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688073805, "uuid": "5961cc44-3f6c-4612-a6ee-5ca5bde73eda", "value": "6144:/Ya6ZrtLB2NHnPfIOOJVZE5k8EcMYvbW12UP:/YT5ENnIRrKk54vbW5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688073805, "uuid": "9d186069-a285-47f3-b204-01e77685ea97", "value": 245825, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688073805, "uuid": "45d1ce57-6af6-404e-85b9-6c1aa86d1665", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688073805, "uuid": "a65d1917-0321-45e9-90b2-126b1699762d", "value": "PRE ALERT NOTICE#202307.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cb33aa1c-1672-11ee-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1688039278, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688039278, "uuid": "206fa5bc-5cf4-4e3e-8759-962c450faaf2", "comment": "Malware payload (AgentTesla)", "value": "3ed2e76a807e8aa3c2201955eba0bcdd", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688039278, "uuid": "b9fa4b03-10ac-4a3b-9742-c3778c77a996", "comment": "Malware payload (AgentTesla)", "value": "21afd28ee430548fc6e79700fee08f4c4a22e4d22fb12ad0bcc72f4df6f25540", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688039278, "uuid": "abe97c57-03b3-4c58-aa3a-404ab43b3e8b", "comment": "Malware payload (AgentTesla)", "value": "2443390bd8f7ebdd3f32c4bd34eb96237c438220", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688039278, "uuid": "95e7b568-b0a7-4da5-b1f4-02b1c12defe7", "comment": "Malware payload (AgentTesla)", "value": "178c69b45314f8ecedbd48913056e54076a371685d8d82b8cd3cecfed7c8e77cc8c480f47ae293e14a0c86f7b25a8fa3", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688039278, "uuid": "a3c6ea89-5dc8-4533-9918-ad0fafeed7e8", "value": "T16625B43A66FC9AD2D06CC2B48ED5F2AFE1114E3664119C121C86FBB52631B5219F373E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1688039278, "uuid": "f3feb348-638b-4462-8314-9ef1aafdc3f4", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688039278, "uuid": "396e7739-9595-4e3d-8ffa-029cff5e174d", "value": "12288:bcj6FsVWu/bRdznRN42ATAzxZ/brCyIftPL2L3cr:IVgu/bRdP42/Z/SyIftPqL", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688039278, "uuid": "fd8e3646-f11c-4666-a75c-b42a2647b41e", "value": 987648, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688039278, "uuid": "e7639c74-b976-4d7f-840e-072e27c49fcc", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688039278, "uuid": "d9367000-8e31-486d-806d-d07d5849067b", "value": "June_New_Order_PDF.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c1748453-164a-11ee-b3cf-42010a9c0076", "comment": "Malware payload (GuLoader)", "timestamp": 1688022082, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688022082, "uuid": "2088f4da-2dad-4c3c-ac7d-d727eb9a6f05", "comment": "Malware payload (GuLoader)", "value": "50a039d6efc0d579cd87aad43d3d715a", "object_relation": "md5", "Tag": [ { "name": "CVE-2018-0802", "colour": "#AB286D", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688022082, "uuid": "62034f11-3eb4-4221-be8b-9d95cbc372c2", "comment": "Malware payload (GuLoader)", "value": "2270b53780e96ad78369d0159e2ac95357511f0a2c2b0960078316a28085d9db", "object_relation": "sha256", "Tag": [ { "name": "CVE-2018-0802", "colour": "#AB286D", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688022082, "uuid": "1821dd97-886b-493c-9e6e-bb69b9e9b8f4", "comment": "Malware payload (GuLoader)", "value": "ad9461f4231e831cf1dd86c41184242d65629c03", "object_relation": "sha1", "Tag": [ { "name": "CVE-2018-0802", "colour": "#AB286D", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688022082, "uuid": "c0cd0025-e064-4384-95da-2fffa4b2ee5b", "comment": "Malware payload (GuLoader)", "value": "71bc8959917d642e853d39b80b23a5e19a1bcdac33a6b102fe784502d42ec1680f28acbe582c478162425ede6de89df6", "object_relation": "sha3-384", "Tag": [ { "name": "CVE-2018-0802", "colour": "#AB286D", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688022082, "uuid": "85448a1a-49e9-4219-b13f-988bbd49a78a", "value": "T1AB251212F650E967D85693387482856A410CFC26A3A8D843678B7B4F05F1BF08DB7BDB", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688022082, "uuid": "d09b4b05-b782-49f4-8b6a-66777dd60786", "value": "24576:45zMw6s8zGo0xfsjcUos+xKFzdo0xfsjcUos+xKjsnDjvqJP6y:wr6s82xfsjdos+xKFtxfsjdos+xKjsn6", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688022082, "uuid": "5f059ce9-863a-4815-be39-3c7690b706dd", "value": 1031168, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688022082, "uuid": "8cc49bbf-dec1-4ecc-a20f-ae966f653751", "value": "application/vnd.ms-excel", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688022082, "uuid": "afdfa1ef-bdd0-47f8-97ec-41ce6a105135", "value": "InquiryRFQ PTT International.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2e555305-164a-11ee-b3cf-42010a9c0076", "comment": "Malware payload (GuLoader)", "timestamp": 1688021835, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688021835, "uuid": "da8a6f1c-cb04-4707-b99a-2a3f3d090aca", "comment": "Malware payload (GuLoader)", "value": "46bb79ba72dc742c74d359aa4bb4e68b", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688021835, "uuid": "9e57ccde-b0f5-4f2c-a73e-d62a4278291a", "comment": "Malware payload (GuLoader)", "value": "23c4047b4d4c32d9b1a50e9d2295dd536ca0e0fb2d36e66d9298c8fde9378920", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688021835, "uuid": "7fa06e09-ff03-4df9-82aa-c9611e9f0828", "comment": "Malware payload (GuLoader)", "value": "e8f0f21cab4cbe042549672eac4776af687bf989", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688021835, "uuid": "734ce93d-16e7-4e06-86b9-23e6959f658c", "comment": "Malware payload (GuLoader)", "value": "3731b03f9a9cf81d1c83084a2116138fe34301282bfc4ae0862b9470baa084ae4b3921a5da877b9400bc9731a7209492", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688021835, "uuid": "d9f2ab07-5dd7-4d6a-b7f3-48650c240ebf", "value": "T15DC4121666D08817D59C57310DB2E73CB138AC29DE34920F23F87F7E3BB265699032A9", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1688021835, "uuid": "9c21d4ef-34f7-4f40-8916-088b62e7143b", "value": "b78ecf47c0a3e24a6f4af114e2d1f5de", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688021835, "uuid": "17b57262-8095-4890-9585-b04d40a7ee18", "value": "12288:28dDnMRISgnK/z9ekybwdfUg7s4t2qQE9xyBO1i6PbqmcYK:28eRIBKb9qwRw4oEZvPOT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688021835, "uuid": "f7cfada8-59a0-47e6-96b7-902fe223788f", "value": 553820, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688021835, "uuid": "b50f1eb9-3395-4dc6-9a28-616fd197eab0", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688021835, "uuid": "b8dfb9d2-d7c9-49f2-a831-bb597c84daf9", "value": "Request for Quotation 0032118 doc.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a8302c76-1661-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Fabookie)", "timestamp": 1688031918, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688031918, "uuid": "1faac653-735a-4ec5-889b-da59c575c237", "comment": "Malware payload (Fabookie)", "value": "b08bbcd9a26c168544badeac111fc5f0", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Fabookie", "colour": "#289638", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688031918, "uuid": "ddf4f91f-eb2b-47d3-8629-dcb7bdb77004", "comment": "Malware payload (Fabookie)", "value": "243579b15acf7ad8fd3eeed48955cdf788946015f3f9db341e2caadd5b7fcbbe", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Fabookie", "colour": "#289638", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688031918, "uuid": "76e262e2-6618-4245-85a4-fdefc96fe71c", "comment": "Malware payload (Fabookie)", "value": "390a3faa7cbb38ae08c54ac011486298873aa030", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Fabookie", "colour": "#289638", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688031918, "uuid": "076bf3b6-8231-4459-9ddf-a52b42298298", "comment": "Malware payload (Fabookie)", "value": "0c79051fbfdd5c597ad760827ed7c7f1db752d0b027b138fb09b4d187518a56583e362fecff367931bd3f9931bf2261a", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Fabookie", "colour": "#289638", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688031918, "uuid": "eaa5df39-4c05-4430-8e14-10daf577b762", "value": "T12764FAC3A2A17D5CF5254F729E1E82E8BE1FF9504F5977AA92185B1F04F21B1C2FA210", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1688031918, "uuid": "0a229a42-f7a1-4b6e-bd90-69ce490ba633", "value": "dc6e265d7c90a021ccdd169409ae96c6", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688031918, "uuid": "99c2e8de-22df-4e9f-a340-361311056603", "value": "3072:MIUDX4BGise77Wc+0dmz5F9OlDgoEQfD/kSd8vq/o+TwOfx4:M3DX+777Wc/M5LOioEQ7kSCLUlG", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688031918, "uuid": "81af2690-daa2-4f18-b27a-f9074cd6fb88", "value": 312320, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688031918, "uuid": "9e323ee0-3c31-479a-a635-bee25cba3b97", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688031918, "uuid": "39f954d1-b163-404e-9adb-ea49a9855808", "value": "b08bbcd9a26c168544badeac111fc5f0.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "237d2ecf-164a-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RemcosRAT)", "timestamp": 1688021817, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688021817, "uuid": "27a958ad-d99d-4dcd-8999-79fd8368f7d8", "comment": "Malware payload (RemcosRAT)", "value": "1f17c3775584429ef126cd4afb0ad7ca", "object_relation": "md5", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688021817, "uuid": "2435819d-537c-4e45-83ed-6651549c26b3", "comment": "Malware payload (RemcosRAT)", "value": "2490954c3b255bfb810b9552a52e58607dab2b9b5c2e551b1d0934583c11a603", "object_relation": "sha256", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688021817, "uuid": "dce01884-8a18-48a8-b543-f366a63547a7", "comment": "Malware payload (RemcosRAT)", "value": "87dd20bd063aeb6d345bb7e678f5feaf2d70c6f2", "object_relation": "sha1", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688021817, "uuid": "9c6eba50-90da-4dd7-9bda-9c86cbbdf628", "comment": "Malware payload (RemcosRAT)", "value": "e1e19123b7dbff198ffab453f607e9b641314450323d4f1633ebc9659b45306f82bb0339f04ae53f27b756b9ee77691e", "object_relation": "sha3-384", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688021817, "uuid": "416543fd-ce4b-4041-9e61-c75861c6b51b", "value": "T1D8035C5AE78F02648F911277531B0E899ABDB23EB35154B174AC933433EDC3E42666BC", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688021817, "uuid": "9e5cbc59-263d-4af3-ae35-21f5d6d16ce5", "value": "768:8Fx0XaIsnPRIa4fwJMl8h5YLzbw106i7cK5d2/cip0gLvMTeIQ3btj:8f0Xvx3EMQ6zbw6J7cAYcu0gLEeIspj", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688021817, "uuid": "cdaac012-475e-4da5-9287-feb4c70e8c28", "value": 41054, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688021817, "uuid": "cc681125-6059-48f4-8529-ee112473ea98", "value": "text/rtf", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688021817, "uuid": "043cd16e-e54e-447b-a0bc-2da393441c9b", "value": "Product Inquiry list_1.doc", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "57169bc0-16bc-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1688070866, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688070866, "uuid": "2c0e9630-49d3-43ab-b998-b7b78bb4f50b", "comment": "Malware payload", "value": "391f23c790f169f5b5b9eed2613e1f38", "object_relation": "md5", "Tag": [ { "name": "PEM", "colour": "#94C7E0", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688070866, "uuid": "1ea1aa5d-cfbe-4eaa-92c6-e49b1da7489d", "comment": "Malware payload", "value": "24faeec793ba7758252530127de9e692f85ab09c6803b3f6a159142a6194e0fd", "object_relation": "sha256", "Tag": [ { "name": "PEM", "colour": "#94C7E0", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688070866, "uuid": "1577675b-47c7-4673-aa4a-17a32e3dfeff", "comment": "Malware payload", "value": "b8d6e0b131830203be6a3a80328b666b225ab6f9", "object_relation": "sha1", "Tag": [ { "name": "PEM", "colour": "#94C7E0", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688070866, "uuid": "6b018b8f-31d3-43e0-bcdc-3da36a710598", "comment": "Malware payload", "value": "377446f8afea0a7d31cb8280a4c0387b716bf889f30dcc22369e0548b16eacb15d63e19f57d5493ff01c434a05f3b5dd", "object_relation": "sha3-384", "Tag": [ { "name": "PEM", "colour": "#94C7E0", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688070866, "uuid": "8fdfeff1-9aae-4dea-a7c4-5f04ecc8160b", "value": "T1E4847BBD4EE567DB2775B801DA2DFB452D6C230B4AA3A607D263C2786D4C434338A53E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688070866, "uuid": "e9181360-426f-4fd7-bd76-925501bf5eea", "value": "6144:TZtQA/DEHtL7/XUeh4iOhPES8JpClAxWhKBzY:TZtQAbEHtL7v9GiOJEXJoRh4zY", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688070866, "uuid": "d9f8746a-7545-433b-9c9d-c53591bfef75", "value": 391482, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688070866, "uuid": "8fed2cb4-f26b-464f-9c3f-6bd430aeb2aa", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688070866, "uuid": "c706face-e595-4d6b-b16c-8f266f2270cf", "value": "beacon_b64", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cb15745f-167d-11ee-b3cf-42010a9c0076", "comment": "Malware payload (IcedID)", "timestamp": 1688044002, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688044002, "uuid": "a1890958-49e2-49c2-8fc5-25016ed65366", "comment": "Malware payload (IcedID)", "value": "99125bc27e0e54789c4a2c620fd5b3ff", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "IcedID", "colour": "#819B92", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688044002, "uuid": "ff6f265c-e58a-4540-9a7a-e082acf708d2", "comment": "Malware payload (IcedID)", "value": "252c75237d927a1b9aeae3d4b4c04389f6c8eeccc318cdc7ae05508fed7b7b4e", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "IcedID", "colour": "#819B92", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688044002, "uuid": "6c53c0e2-eee1-47d7-b8d1-490f05a4e026", "comment": "Malware payload (IcedID)", "value": "6c26a02050557b897d6b4f669ca4ce92b88669ec", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "IcedID", "colour": "#819B92", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688044002, "uuid": "3790ccc9-25b9-4f7b-b464-08073c816ca6", "comment": "Malware payload (IcedID)", "value": "6285cbd8988ac92a7e40ce66dd11479473ebfb62b6b3d1ad4a5abe31f7cc65a6faf7a23ec473207b032bc06c395cb629", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "IcedID", "colour": "#819B92", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688044002, "uuid": "94f3dfbb-0852-458d-b90c-1bb6dbbc6097", "value": "T136D5C116DCD2EF97D93C4439DACB9865A9A6E5403B8A3D07B74E852030237947BD3B2C", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1688044002, "uuid": "55912c40-2f6d-414c-9927-3ad3341ef266", "value": "08ece2b1700596744480c3e95a25d19c", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688044002, "uuid": "a505858e-9b9a-43d1-88db-e9d526d42b5f", "value": "49152:42AKNJM2ObcVTmPFeQbBrMi16ylKrSoR1j9WnGaqBi:42AMMNcVTmP9bBoLy5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688044002, "uuid": "9b8dfed1-29cf-4903-aff8-705f67c5e4bc", "value": 2932152, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688044002, "uuid": "fdb7de58-b38d-4430-af1c-b1a9ca2a3b23", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688044002, "uuid": "a7667974-55ec-457b-85ff-8583b84708aa", "value": "Scan_06-28_INV _10.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0c9c3d07-162d-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1688009323, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688009323, "uuid": "a7591608-d382-45a1-9acf-04e8171a8677", "comment": "Malware payload", "value": "743231862cd5eebccceec6420da8d849", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688009323, "uuid": "99567d06-c9e6-461b-9c7e-9b0804b9d596", "comment": "Malware payload", "value": "2646dd01581c1813f0478a25051ca4edac5e5c4fedcbd1ac0b4ca758426ec52d", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688009323, "uuid": "3cf45deb-ca51-43c2-bc40-2957cf81dbe3", "comment": "Malware payload", "value": "010f3f295fa5a40b5d153dc7cedd8b9b8161df4f", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688009323, "uuid": "8ed94a47-469a-4c22-ab06-638783ce881e", "comment": "Malware payload", "value": "86a6e7dfcd1725838cc22f767a959b25c8a6f18213793d62005ae5797756fd47c09cf32e8081922361251e2e8474570c", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688009323, "uuid": "e8b484f0-b886-4c2c-a58e-e6a69ff62171", "value": "T1F375226176C08872E62619380AA197317B38BC70277ACEDF47841E1F9F359D1EA357A3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1688009323, "uuid": "84f0982e-1a5d-41da-ad5f-381dd99320c8", "value": "fa8d20faea9ef7b4e2b7fbfe93442593", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688009323, "uuid": "5356f6c4-6ee6-4d99-8e9b-c19c191746a8", "value": "49152:qDkUjj/ll6POkDpovMg/M9e7qz0HqFXGySqo:q4UFQ/DpeV/MXpFXGL", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688009323, "uuid": "38102a14-127c-4514-8058-53afe117d977", "value": 1583707, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688009323, "uuid": "9bda9326-fd56-40b9-8a74-903307e9bf18", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688009323, "uuid": "2d3828c7-d454-4e56-9556-29648a3e8f0e", "value": "743231862cd5eebccceec6420da8d849", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "66908413-1679-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1688042116, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688042116, "uuid": "0b73eaa6-309f-4c15-93a5-4f87e7ac519a", "comment": "Malware payload", "value": "458c40554d96e56e679f5baffaf936f2", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688042116, "uuid": "96885505-0e37-4ddd-b515-abb16e860c28", "comment": "Malware payload", "value": "26a517115fef11c09ffa8b17734951f03958d0bda4f14652b0d136de5aecb2b6", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688042116, "uuid": "15d4c6ab-d89b-446b-a1c6-2e4612ccb0a5", "comment": "Malware payload", "value": "2ca5c9258b1194b2b3c7103e989f32ba39bfb3a7", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688042116, "uuid": "2c7c6c52-a16f-4d82-a639-ba3f68fa7817", "comment": "Malware payload", "value": "e7da697411fc3a1168398569ce28e83321da52bc3ef3a01d6e8848fc49a1103d1992260201f80136fe66c7a86b3f955b", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688042116, "uuid": "119b626b-6196-4538-9cde-8258bc957d46", "value": "T17F22B6765F9A0971D3518AF861BE790304B96B0647AC55E3CFE00C0E7CA42EA2D32AD7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1688042116, "uuid": "15c1acd1-79b3-4167-a3f0-27af06e62a9f", "value": "eed76f52bdfc4695e3635fd281dbe35b", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688042116, "uuid": "5b65ff54-4a01-4e8f-b2fc-9d97c8b969d0", "value": "192:26V2zATvBhZ7+5QnIQYe+qfaSdXIFwp12cu:NV2z+uiDiSdXP72J", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688042116, "uuid": "c04fcadd-a8be-4cd9-92ff-298b0405e981", "value": 10240, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688042116, "uuid": "ea9b9d5d-7cbb-49e9-b8cd-eb697e698a83", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688042116, "uuid": "476e1c50-5135-4ffb-9ba7-94eb8455298a", "value": "SecuriteInfo.com.Variant.Tedy.391406.817.32155", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "90b27970-167f-11ee-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1688044763, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688044763, "uuid": "143be25b-126b-468c-8390-da452b35933f", "comment": "Malware payload (AgentTesla)", "value": "b6a69beaf751fb553ce2703c55fdd92a", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688044763, "uuid": "9691d921-5594-4d50-8cc9-1faf8da67acd", "comment": "Malware payload (AgentTesla)", "value": "26d57bc7398db3952deaaa2b05481b5e59fb873d17124ce305069ea37811208a", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688044763, "uuid": "22b9f4da-f1a4-4c99-8f5d-d1d8042efb8a", "comment": "Malware payload (AgentTesla)", "value": "5795e2afdb1f35a543efc83f3c7424b7b455f811", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688044763, "uuid": "9125b969-7e57-4a5b-9ede-64eff61668fc", "comment": "Malware payload (AgentTesla)", "value": "fc5b56990aa073f005c80cb505638f461469f10f7b98ce74ee76b86864f05b2ecf5e0865ed81d275225d4bec833fe6fd", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688044763, "uuid": "5bbd8b66-ceba-4d46-9ef3-27788c67cd58", "value": "T1C6E4183C677D9A22C034C6B5CED584B3F2558F3AB411D922588A7BB52762B921DC333E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1688044763, "uuid": "ea921b11-1ad0-47ab-a0cc-ed818f8989ff", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688044763, "uuid": "55244115-b48d-42ff-9cd2-0c487f366115", "value": "12288:lcj6pITWjXMS4QTkTg94yI1r2WxSbLyV+QekzI2nDeB:KMIi14QTkTsQr2JbLIddY", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688044763, "uuid": "de046f3f-e8bc-4d53-a3a5-65fd6c3a3188", "value": 714752, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688044763, "uuid": "e51eab85-ea8f-4278-8ea5-b6cf870b7ef8", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688044763, "uuid": "7ee19a1b-d97c-494a-a47d-6a67a0e4d4f7", "value": "Payment Slip For Bank Transfer.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ad357230-1671-11ee-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1688038798, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688038798, "uuid": "4ba818df-d8a7-4a79-94cd-d1693c3209c8", "comment": "Malware payload (AgentTesla)", "value": "8fd890e857e7b501672427c895d2706c", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688038798, "uuid": "2681128e-0882-4fe8-b163-ea4d83f9add7", "comment": "Malware payload (AgentTesla)", "value": "2709e1a6c52eab0c4f125158219d0395a3a4244706b68d81b58b484079f4c351", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688038798, "uuid": "16fd70b9-0c74-4461-8c7c-2879c6b504b3", "comment": "Malware payload (AgentTesla)", "value": "02d9070476fb9a67f289782126749706b52430ca", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688038798, "uuid": "7d0f6a68-5315-4252-aee0-7b9d4da0b3f8", "comment": "Malware payload (AgentTesla)", "value": "7fd537dde720893f38ec41ce7b8201cac8a198e993441f08be07ff667d8503d34e210bf8cc2444b19699a92157480009", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688038798, "uuid": "5b85b119-56af-4081-b860-99f2cd56a73d", "value": "T1AC9423A7AB25E136101EC36A41CC791BCCAE2E32D15334EB36E12528757CB837B53796", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688038798, "uuid": "df56df68-587a-485d-9380-9e8b76c55fdb", "value": "6144:OIvgsPRKefqIq/e6U06NKHTimRhyuhZhstvclzeS3DLh/KPLYo4rlNGK2Muo62Iv:OuTPrxq/wbQHpyuhfjes3lKT3PKV62Iv", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688038798, "uuid": "58d6a252-1065-4785-a95d-4736a03a65fa", "value": 416811, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688038798, "uuid": "ff3a2864-4ae0-44c8-8ab5-5af82b067719", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688038798, "uuid": "6d3c840d-2e4d-428c-b570-b122d67dd68f", "value": "invoice.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "339dca51-164f-11ee-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1688023991, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688023991, "uuid": "22e9fc4f-cc6a-4f21-b808-d267a160eba7", "comment": "Malware payload (AgentTesla)", "value": "0be1c5894e7ff3044ed425a395e03737", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688023991, "uuid": "2879815a-cd51-4233-ab8e-9260e9e5a90e", "comment": "Malware payload (AgentTesla)", "value": "275ca87116de4245968d1cec7230dd3ca5e3bba68bbf120366b1f5299804fe93", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688023991, "uuid": "275a89f5-d33d-43b8-9aaf-35f97d33af96", "comment": "Malware payload (AgentTesla)", "value": "cd779025822b4a45633be4a59734858b8dd419b9", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688023991, "uuid": "43420ebf-e911-4bf6-a1f2-dbd71891d08c", "comment": "Malware payload (AgentTesla)", "value": "4b5cb48be0329002eb564b6f9a5e223329a55b8c664776f6b2f6bc372a77a36fef99653e94110f3e9cf8b0dafb39b5d2", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688023991, "uuid": "b4379320-faea-4f82-b660-8fc56b484e9f", "value": "T18944120965E0D427E1F14F703EFE56B59BD8E12E106EE64E27988F0EBA73652460F311", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1688023991, "uuid": "065efa54-ba37-49db-ac9d-640040765379", "value": "61259b55b8912888e90f516ca08dc514", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688023991, "uuid": "7ff2d00d-02e8-44f2-8f4b-b939ba2c9da8", "value": "6144:vYa6vW9ehuyF+FB9Zr4smlOH9acNAxy70BZiHrs9p2K:vYFduyKXxHF0BUraz", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688023991, "uuid": "ca43907f-2045-406c-8c66-9cbbdd2c7ac1", "value": 276240, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688023991, "uuid": "1083f36f-2e5e-43d5-b702-3651b4e198f0", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688023991, "uuid": "98bd6a02-f886-4483-985f-ba89810d9aa5", "value": "0be1c5894e7ff3044ed425a395e03737", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ef340a54-16cc-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1688077993, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688077993, "uuid": "a2797ae9-a865-4a07-b02a-021ba4695941", "comment": "Malware payload", "value": "7da400d22bae2f1cfbee4f2076ec595a", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688077993, "uuid": "5b162de5-7885-4faa-a25c-f9b964152012", "comment": "Malware payload", "value": "27c84189585703fd566325693b392b092a6818405dd92680bc9f24a4c5b60ae4", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688077993, "uuid": "3e3f219e-299f-4d19-86c1-27ac07bb5cc2", "comment": "Malware payload", "value": "f6eea1f40f6a45c9e5ada4efe740958bc7f88580", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688077993, "uuid": "68397909-fbed-4534-b4bc-4250b1291804", "comment": "Malware payload", "value": "41f3a6e4a39d0d4c036bdded46e4bcc16ef16f9abae6fa2df7014d404773bdc47398b2c6787df0f70a2acca84f090261", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688077993, "uuid": "a68040e9-83f4-447e-9ca0-ce042805f7ff", "value": "T125748D12629C7F20E8E5463E8E3EF6EC765DFA504F18775A22386A2F19B11E3C172741", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1688077993, "uuid": "e6bab650-259f-424c-9505-70a593c59259", "value": "7df7cd62d521a0373722870d17467bbf", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688077993, "uuid": "a2c38e4a-e950-4d3b-8892-2a71be3cb58b", "value": "6144:i9SJ8nEOA05JhrjYDDGmo0TYlUqN/UJ0arwJnjH:pJ8nEOx5JhrlmVTYlUqN/URrwJj", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688077993, "uuid": "142e6b12-2b90-4747-9648-9f719fa6bb53", "value": 363520, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688077993, "uuid": "f8de3bd4-51b0-4cc9-8afd-c285148b8a9b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688077993, "uuid": "11168aff-09ef-4182-89fd-dcdb1bb45a6a", "value": "7da400d22bae2f1cfbee4f2076ec595a", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "50d93445-1642-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Mirai)", "timestamp": 1688018457, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688018457, "uuid": "9b7f4fb2-fbd2-48c4-872c-2ddadfd15dd0", "comment": "Malware payload (Mirai)", "value": "45d92c240cf200ace32b92e4ca0d9433", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688018457, "uuid": "602daf29-ed4c-4256-b0a2-7f45268920a7", "comment": "Malware payload (Mirai)", "value": "2969a2b96edb2cb6d1f1568359676d7ba986bb70fd2244972f0269370ae3261f", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688018457, "uuid": "1f24018e-52bd-4ca4-acf7-dca888c4234c", "comment": "Malware payload (Mirai)", "value": "ed661df457b165c6563d1d1282510e1bdf6c9326", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688018457, "uuid": "d0d59bb5-0181-43f9-b0d1-f0c6a70cdb7d", "comment": "Malware payload (Mirai)", "value": "1956a8bd613d6b7d97312396fa8fe9578d76dc399af7eea94485ac774cb46e0787ae0c255675ea5f655e7525a1bf38e7", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688018457, "uuid": "52402167-d067-4f12-a638-3e5f2c5fe374", "value": "T1E4330A8EB8029D3CF90BE6BE54164E0DB93177C152830B2767BBFDA36C721945E02E85", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688018457, "uuid": "d24d0e98-8d07-4396-9175-179fcbdea478", "value": "768:gduPBFnHooqR8qOCKq2cH4/te+TK806MMUVjzkfQXObHud2oGX:r/hqaJMeteqK806MHdkfQX6HuCX", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688018457, "uuid": "3dee8285-5725-4c3e-a6aa-44e65732cf14", "value": 54932, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688018457, "uuid": "acb7a742-ee80-40dd-9950-85c1325df0f1", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688018457, "uuid": "f24aa42d-e5f6-4668-a2a7-df9d7c04fc05", "value": "45d92c240cf200ace32b92e4ca0d9433", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b08285c7-16d3-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Mirai)", "timestamp": 1688080895, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688080895, "uuid": "c93a67c3-0ce6-45f9-bcdb-2694076cef0b", "comment": "Malware payload (Mirai)", "value": "a1e217eb750a2fee8eca4e6c79f73879", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688080895, "uuid": "bd35479d-c283-4577-b312-c86a2582b9b4", "comment": "Malware payload (Mirai)", "value": "2a4dcf829c12ec95ba28dac2b86f81f07175d01062acf3d9d214cabc4c833329", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688080895, "uuid": "c47f9f5a-2e42-487f-9a26-f435b2056056", "comment": "Malware payload (Mirai)", "value": "d190fb87156e21c798e57abe13cfe18739dbefe0", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688080895, "uuid": "11738ab5-7e4a-4d4e-ad95-536b8523cd59", "comment": "Malware payload (Mirai)", "value": "2d46e8c9e1a4271383db15eb90494133be46c6d1ffa7f37365c4581368918c50e58988a09f7ceb0deecf60b692ab21cb", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688080895, "uuid": "8276f57e-7177-4347-b848-206fb1b4ce52", "value": "T1CC232A25B9761F17C0D1A8B521FB4B68B6F106CE26E8CA4E3DB20E5EFF619405503AF4", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688080895, "uuid": "d77a1ce9-85f3-4c3c-a82f-ee5224b83a2c", "value": "768:nxoZ6yf3xx1DEmtrBy1ZBJcI7s84AIQjCO+AW31WwWt:nxEjf3xPjrBy1/JcIA83IQjgjBWt", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688080895, "uuid": "c87d795b-de3e-45ef-a01b-96258db4b821", "value": 48856, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688080895, "uuid": "d2e22ce4-c01f-4972-8eec-1b6a820f517e", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688080895, "uuid": "d1159b40-a8fd-4293-a4f5-5d92534ae278", "value": "a1e217eb750a2fee8eca4e6c79f73879", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "20a39ec6-164d-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1688023101, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688023101, "uuid": "b8becb9b-3aad-4a61-9714-2c34cc3fdccd", "comment": "Malware payload", "value": "8124cbd4e785bc8cc5db5863ab5dc0c2", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688023101, "uuid": "885672cc-1ded-4094-8b58-65b6a5cf73c3", "comment": "Malware payload", "value": "2ad0a86a8c78c4ff669d22f8991b97be2ff8b9f43f70bca8edba49e7d9ca8c4d", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688023101, "uuid": "a830e550-c857-4848-83fe-88616575c658", "comment": "Malware payload", "value": "14fbecc66342481d66bf3e4cbd0ad2c285a2516c", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688023101, "uuid": "432f803e-b926-497b-b3c8-c4a35da67248", "comment": "Malware payload", "value": "e40f44f216b56b6cc7c39e761d126fcd3a24c97fdf325f34c86e354c4220be3b6f127f2d26b31fccfcc916b2d313ceb2", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688023101, "uuid": "cd2c1b77-91a9-4d46-9f43-6400905548b0", "value": "T13753B66806685FE3E7DE17F88006D50ADEF20CD3669EFBA98E64E4E55501B53E4010BF", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688023101, "uuid": "552a22ca-9100-4fd6-8d3d-2a80770e9b84", "value": "768:/Bw/obWAWtbWERSsVodTEh83EJdGiOFV+15dNtfcC1CDjL/DjLDt7CsP2tOfPm/X:/wlAWt1LodTU88o+1JtfcOtOfjq", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688023101, "uuid": "44d3cd42-d82d-4328-987f-84a2912893ff", "value": 64971, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688023101, "uuid": "1c1814d9-5824-4026-a88e-fff5b2b03bd3", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688023101, "uuid": "b0565121-0a56-4021-aa7c-27621e02cc91", "value": "8124cbd4e785bc8cc5db5863ab5dc0c2.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3130e3c0-1682-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Amadey)", "timestamp": 1688045892, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688045892, "uuid": "2902528b-9c7d-4ff0-b53e-d1734b139512", "comment": "Malware payload (Amadey)", "value": "3a380b107ad969ad47fbfe1ee879a046", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688045892, "uuid": "413d2461-7f58-4e63-8301-1813cad1b571", "comment": "Malware payload (Amadey)", "value": "2b29df675101b38c104b5736bd98a649743e6f2e784cf32bc0cf035de9adae33", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688045892, "uuid": "5604f4d3-51e8-45ff-845d-b9fa630721a1", "comment": "Malware payload (Amadey)", "value": "7890554687be80744ba61bcde9578a7b9728c076", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688045892, "uuid": "1e66af01-50f2-4e1d-a258-2a09e1d48547", "comment": "Malware payload (Amadey)", "value": "b607be3d248a7b46abd8878906581975c0a5a534f434682d7b160a14cf68035ae9ff48fed190b98c0d1989072266598a", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688045892, "uuid": "8142ec23-a478-4238-a0c1-c2d3be94243c", "value": "T13F75D034E601F027F4F214369C5ED3FAA4286B30675408EBB7D95EAAA7B56C1D230B17", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1688045892, "uuid": "0401c0f4-012d-4232-8032-4b66aeeb5e14", "value": "8eaeaee9e4e4c899dd50ffac2cff753f", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688045892, "uuid": "ce227614-7a26-4d7d-b2f0-256a390b3234", "value": "24576:QURfIl0jOz4hYXhTYsqjnhMgeiCl7G0nehbGZpbD:TVS0jOz4hYhTEDmg27RnWGj", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688045892, "uuid": "5a6a265a-7fbd-4124-b685-5a3678f87032", "value": 1626624, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688045892, "uuid": "c8243a78-e8b9-4022-9cf6-627268b19b92", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688045892, "uuid": "9b10b6a8-e202-4eb0-9c87-f1c22bb49d32", "value": "2b29df675101b38c104b5736bd98a649743e6f2e784cf32bc0cf035de9adae33", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1b018c2e-16a6-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1688061316, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688061316, "uuid": "8a535915-ee8c-4cc4-bf06-33e2b7bd4c92", "comment": "Malware payload (RedLineStealer)", "value": "a5d409cffd3f1753ed02dfd45c767174", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688061316, "uuid": "6eb60050-eaa1-4b88-ba2b-2e3946395b45", "comment": "Malware payload (RedLineStealer)", "value": "2bbb5ff89d0aa18fb45e667c6dc41c8ce72dd65afa0d1370673a069373cc59f9", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688061316, "uuid": "8ba6fc2d-1c12-49a0-a585-7a8f75200568", "comment": "Malware payload (RedLineStealer)", "value": "1a19dd94239b4b8ed7ffbe9b9ef48a1ccad1bc1e", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688061316, "uuid": "fec6e7eb-ed02-4df6-a8a8-49d5f734b8e2", "comment": "Malware payload (RedLineStealer)", "value": "08fc15090528ffcaede98509757c057fbddcfb57269d36062ee297d281463a35efcb890faff5b580110c456d2fb91aee", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688061316, "uuid": "e3b1b13a-519e-4e8e-8da3-2b3438832fcb", "value": "T146D35A9433D99929E5FD4B78A5B1002943F0F8136512DB9FAFC0B0DF1A31BC4B6266B6", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1688061316, "uuid": "a42f38d9-dfe9-45f8-a1d8-28198803a653", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688061316, "uuid": "8dbe86dc-6750-46f1-975b-14aa11fc5cd5", "value": "1536:jaCcnVHT1+/o8I52C+fbluaIsp8VuBGAhUjfNbV7OvOFgisYgibfbFDKsRQ:+CcZZZajluOiuRQdw2cYgafJlQ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688061316, "uuid": "c0f1aefc-b37e-4195-b4b1-5c37c685c122", "value": 130048, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688061316, "uuid": "7581d7fe-b98e-42ea-89c0-54e387d7ff24", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688061316, "uuid": "cd62eddc-83c0-4c45-836d-51b287ad232c", "value": "a5d409cffd3f1753ed02dfd45c767174.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "19172d4f-1657-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Formbook)", "timestamp": 1688027383, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688027383, "uuid": "e88ad9fa-7fb7-49e5-b514-cec009fa9508", "comment": "Malware payload (Formbook)", "value": "f600ebb3137a4895dfbc6e25c52e9c66", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688027383, "uuid": "f64185b2-e435-4e4d-a2ec-ba94c57bef0e", "comment": "Malware payload (Formbook)", "value": "2cea4635be71ebe2ff0d26948adfd11d7b8a945bce7ac4d459435f777bc4bf22", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688027383, "uuid": "af665873-cd6d-4c2c-b3f9-b37e6cdc3584", "comment": "Malware payload (Formbook)", "value": "7352188730f2bb56ca6dc5b9a45b8647f2f356f4", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688027383, "uuid": "78d25695-19dc-4f3b-bc6d-481e756a5243", "comment": "Malware payload (Formbook)", "value": "323fc3c71aa9657a49d007021dc463aa8483fb65e6baf1c5c0f1f9bd33601c92fcd53c4ffdc270125c7ca383471a1a25", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688027383, "uuid": "f173b210-1e0d-4fbf-b2ea-36f489b98a3e", "value": "T119E4383819BDA327D174C6F18FD18027F764D92B3025EAE56DC267E64726B112AC323E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1688027383, "uuid": "b28b6dd4-4ad0-49b0-9a2e-6844c29b8717", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688027383, "uuid": "be7bb8f3-46b6-43aa-bd53-b44aa9d803c4", "value": "12288:FVp0K8s6owpD0wKG0ZuHSAQI6kil0ndh3t2rKVdZMtbGMfX:FVp0K8s6owpDP0ASAB6pW3t+KtMtV", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688027383, "uuid": "00b41e87-ac15-4bae-8543-4db4e890dfe0", "value": 698368, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688027383, "uuid": "ead8448b-36b5-429f-bc33-60611468d71f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688027383, "uuid": "1aa63ea1-de6e-4c01-8ef7-d14f9b47527f", "value": "SecuriteInfo.com.Win32.PWSX-gen.23331.23869", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "62990ba0-1642-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Mirai)", "timestamp": 1688018487, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688018487, "uuid": "91f89bba-5be1-4f65-9842-5831156e30cf", "comment": "Malware payload (Mirai)", "value": "c9a71f43dcff55c75855984e179946de", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688018487, "uuid": "25670777-44ef-48b0-939d-bf2bab0306b3", "comment": "Malware payload (Mirai)", "value": "2df9e3072cfc1ebd8dac9c1e2983bccf2761261af4b0ee951e69adc853da756e", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688018487, "uuid": "ffa53964-fd29-43e5-a616-cb10fa28ea13", "comment": "Malware payload (Mirai)", "value": "d24a7b35cba49cff8dd2bb8b1ffa5fead2fdbd01", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688018487, "uuid": "35f18982-7222-4f0e-a1f1-6d40963b24ba", "comment": "Malware payload (Mirai)", "value": "5a8ce894764d3158b340dbb77c7ca30763eb50137032e0f85c2d4c465cd744fa3d0deb6b5e55592739416cdf71151778", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688018487, "uuid": "97a8dce9-4fa1-4879-a3bb-da92dfed4844", "value": "T175336C36E029DED0C6560134A4E88F751F03F1C883536EBB2AE546B2645396CFA19FF4", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688018487, "uuid": "72d6f42e-5fb9-4d9c-b0d5-d19f76f5d114", "value": "768:Oa2vU7eng2qGJert7LrLMU6fgatQh+YbT/9+m3CZQoV/bnmCozw:Oa4U7G7SvT6ftBTm3KVrmCo8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688018487, "uuid": "81c0fc2b-29a1-4fb3-b84f-cecd3a931d1b", "value": 50168, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688018487, "uuid": "abffd7cc-4310-466b-ad4f-10d8f207b1cc", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688018487, "uuid": "62be8c05-5ebe-414c-8cf7-9043a6ebeb94", "value": "c9a71f43dcff55c75855984e179946de", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "89c73d0c-164d-11ee-b3cf-42010a9c0076", "comment": "Malware payload (AsyncRAT)", "timestamp": 1688023277, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688023277, "uuid": "d6f42424-545f-496e-9874-950a6aa210d5", "comment": "Malware payload (AsyncRAT)", "value": "b73d3fc85dc0c30abd6b42264b63152d", "object_relation": "md5", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688023277, "uuid": "17aef539-2ae2-4109-8b66-4813185d9469", "comment": "Malware payload (AsyncRAT)", "value": "2e6a4680aa9b24612ca07e1492964a84e2fc9bdf5086e1311f05d8e3d034b65e", "object_relation": "sha256", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688023277, "uuid": "971c19c2-d8e2-4abb-a02a-932d630c8177", "comment": "Malware payload (AsyncRAT)", "value": "badb14d34d6d685bab54ceb55ef9b2c9b095e7cb", "object_relation": "sha1", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688023277, "uuid": "b10ed90f-625a-47c0-8048-eb501a131c88", "comment": "Malware payload (AsyncRAT)", "value": "0cedad738f2923cf74f24eac5716b8bfa39f313b0cf6948d428c988c47fe3250f4743bab0c050744064e39d550f54e0f", "object_relation": "sha3-384", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688023277, "uuid": "54ecb817-8bde-4b00-9b66-f0b37d9c1d33", "value": "T11804491433E85918E3FF9FB9F4B002258BB2F827A517D76F189458EE2D62344D910BB6", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1688023277, "uuid": "a74a0c0f-eed2-4587-8a8f-8cd5c947afad", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688023277, "uuid": "1010b147-fb11-4bab-a3c7-1f64e7b453d1", "value": "3072:S+STW8djpN6izj8mZw9900qX2lD9PvWqHPu/i9bxJ2cjEGp6+WpP:P8XN6W8mm997lDhOGPSi9bfa", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688023277, "uuid": "b21f5b35-6db6-4b5b-9528-a91952e65d2d", "value": 174080, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688023277, "uuid": "e68a8442-5164-4050-aec8-59cd92100e66", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688023277, "uuid": "1f3bcede-5240-486b-ac86-76c00b795b06", "value": "b73d3fc85dc0c30abd6b42264b63152d.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2f875f2b-1670-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Formbook)", "timestamp": 1688038158, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688038158, "uuid": "58a9ee4b-87f7-45fe-90ad-3b40753a2db5", "comment": "Malware payload (Formbook)", "value": "6fcffe0cce8f42a10d348e41cf397d6e", "object_relation": "md5", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "QUOTATION", "colour": "#75C1ED", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688038158, "uuid": "28b2d742-b292-4c78-ba93-7cef85f11112", "comment": "Malware payload (Formbook)", "value": "2ee6fb6a93174c53b1de3fb881ff50f06ff33a03337b6cb8d37bd562b18eda13", "object_relation": "sha256", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "QUOTATION", "colour": "#75C1ED", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688038158, "uuid": "473637be-be1a-42d4-b69d-d2bb9564abdb", "comment": "Malware payload (Formbook)", "value": "59861b819f0404d86f7465e1b57d7c866cc99004", "object_relation": "sha1", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "QUOTATION", "colour": "#75C1ED", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688038158, "uuid": "cd99be64-8cff-4212-a810-6411449a875e", "comment": "Malware payload (Formbook)", "value": "4606dc814f465fddb31bcccfebf0257407afd28a74b86c9b0df760f3a2775c11b6a8fd137408315a58ccf54970efd21f", "object_relation": "sha3-384", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "QUOTATION", "colour": "#75C1ED", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688038158, "uuid": "a4ee93c5-0c30-4761-b78e-30b8ffc08b04", "value": "T193C42361996AB78846864368B341F7810E1148E8F6798D92FFC193B36D83F7A6170F4F", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688038158, "uuid": "2064b79d-72dc-4abf-a8c6-6de67119618d", "value": "12288:NQIJj7vQP76tja+/V7Z0KYfoht7LBVdG/+pTNB8x7NshI+4ncRpQ:iyHq76tjN/V/gorBG/GTehEIZE+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688038158, "uuid": "2e9f65c7-eb28-40ae-829e-2ff50cf196c9", "value": 587367, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688038158, "uuid": "2867c51b-a56b-4453-a8a1-eb005a795e85", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688038158, "uuid": "9b7d76ea-8388-40d6-a78f-b6ce8d10a9f6", "value": "Quotation.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c8c15cee-162e-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1688010068, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688010068, "uuid": "5149a64e-43fb-437f-9cce-924d97fe07a5", "comment": "Malware payload", "value": "291c359b4ec28faaa6fe3a5ec6edc45f", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688010068, "uuid": "3f77e5f5-08ca-453e-a59c-bd4ae1eb873a", "comment": "Malware payload", "value": "2f57d812534fd35813cb94898779fd1e822e80629369dd59684ae70989d2371d", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688010068, "uuid": "70e82390-6d7f-4801-894e-cf97a238a820", "comment": "Malware payload", "value": "843b0abf4ef920ae0985ff660de82c5a870c78f7", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688010068, "uuid": "3e82b545-0c88-4c37-98b6-01ddf4c807db", "comment": "Malware payload", "value": "eeb6ebcf08966575d71ec3cc22b360e721ad8b7601598411e177bb6951bffcc29f5dfaf968d7ed367ab5abee28007b18", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688010068, "uuid": "fb3aca8f-d89c-475e-9fd5-8219c3b7dc92", "value": "T1B632F7761B9B0832D3514AFD24FE7A0389F9590217E859E38FD00C0ABCA53E72D36987", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1688010068, "uuid": "7f6f008d-375f-4e26-a9be-7f65c787ca49", "value": "6a2782b4240d903051f23421bea80a1b", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688010068, "uuid": "84aa4f3e-8c44-4553-96ff-5c6d218f0fba", "value": "192:y5e4z5TxDVI+aRtFDP+qfaSddz5rCt3fc5B1Q19Jo:yM4zmXPDiSdddHi", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688010068, "uuid": "377b82a8-42b6-44ee-b26b-bcb0f31dc8d5", "value": 11264, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688010068, "uuid": "e38ca4e6-aa33-40ed-a193-be2cda8cc8f7", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688010068, "uuid": "2f722f2e-3536-420a-9759-56cbb8cf8add", "value": "SecuriteInfo.com.Variant.Tedy.391406.18113.10365", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b05fac89-164a-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1688022053, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688022053, "uuid": "c0df66e9-2439-4be9-bea4-c115df5c3ba8", "comment": "Malware payload", "value": "cd90a41b05c173bfc36a9ecc1eda77bd", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688022053, "uuid": "0085ad64-9ec8-44e6-9885-b4714dbecf5e", "comment": "Malware payload", "value": "2fc4e01362a8aebe8cafc8872edb3d9597183c43a69fe79c63fd63754c77442d", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688022053, "uuid": "34a4e048-3e2e-4678-80b8-a9f616a3ec3f", "comment": "Malware payload", "value": "950e0f5fc7174bd6f204e4dd22cbe242eed052ca", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688022053, "uuid": "dfb6669e-bf30-489e-8e2c-8c4f911f97b3", "comment": "Malware payload", "value": "d8efa1a944302a0d2e632f3c2fe7c21275c1392f62b378fb0fdfb4f2d3c20ccf1b37cf913f3a60d499be6e2b7e26cc91", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688022053, "uuid": "ae32dce3-f3aa-4a76-ab4f-04b54d5b286a", "value": "T1BD24AD2223809039DD76DEB17C984BD8962CBAE2D7DFD1C733C8516E4BE178221ED166", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1688022053, "uuid": "4067939c-bdb1-4cce-9844-fcf884b6f8dc", "value": "9ef61842dd257cd165ffcf2d74517de6", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688022053, "uuid": "392effc1-2f30-4dad-a88d-af981cb1130a", "value": "3072:ThOTxBmCZZUM4ydpUF878xqkPRLQWR24Tb4YUCPq0xqx89hhSbcGFKi2OZmvbxI:Tix0CLZB7U1QWLb4ZEHg6VS/Vr", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688022053, "uuid": "8c6d9d84-722f-49b5-8eba-614d90945c26", "value": 228488, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688022053, "uuid": "71ee1d60-055c-452f-b520-fafbaf61846d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688022053, "uuid": "3ccd8681-98ec-4a0b-920c-763c6fac1a4f", "value": "cd90a41b05c173bfc36a9ecc1eda77bd.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "78fb62ab-1635-11ee-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1688012941, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688012941, "uuid": "c43a4943-761b-4bf0-bc55-700a110e28d4", "comment": "Malware payload (AgentTesla)", "value": "5452ebd4ac62c603d22998055e7534ac", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688012941, "uuid": "f50292f8-7b23-4301-8568-16f79bda50c7", "comment": "Malware payload (AgentTesla)", "value": "302ce92ae8d85935b145432eba8d7adafb095990dd1f7d873a2eeec87f413011", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688012941, "uuid": "64e4e026-ff37-4de5-befa-7da7b47832bc", "comment": "Malware payload (AgentTesla)", "value": "62194822e4618c021a6dea39f1ef49c62a5dc70d", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688012941, "uuid": "26657d19-51f4-43a7-b558-e4b2e6297bcf", "comment": "Malware payload (AgentTesla)", "value": "0a7865463bc7e01bdad423b62dc4af47c7f41fdd7fd0858365580003f2893172c081b213a7b9ae04a08196b8025c1175", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688012941, "uuid": "487f0b8e-262b-4a60-bccf-9b014532e53c", "value": "T13EE2B45AE79B02744F4112B6271E0AC9AA3DF63E735151B134AC837433E9C2E4676AFC", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688012941, "uuid": "9aa68537-39b3-4676-9844-62953fbd17e4", "value": "768:bFx0XaIsnPRIa4fwJMR/GBFqTzJYVjuIzaLoq3B9GquRiryZy:bf0Xvx3EMVGjWzJuuIC7GS2y", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688012941, "uuid": "af251752-2bca-4f8a-90dc-6f8d86a8c971", "value": 34206, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688012941, "uuid": "68cf3fa3-2eb6-42b9-9900-1611703be8d4", "value": "text/rtf", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688012941, "uuid": "4f568a18-2b9a-4222-92f0-5db1c122a875", "value": "5452ebd4ac62c603d22998055e7534ac", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "88118841-164d-11ee-b3cf-42010a9c0076", "comment": "Malware payload (AsyncRAT)", "timestamp": 1688023274, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688023274, "uuid": "cae28d1d-0478-463f-9e03-d67f61d4e76d", "comment": "Malware payload (AsyncRAT)", "value": "974da4d2df31e10572d18a321540443a", "object_relation": "md5", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688023274, "uuid": "6f422f0a-5f84-49f1-bc46-cfe079c1f93e", "comment": "Malware payload (AsyncRAT)", "value": "30e2726dee5186ddf54a1c5309aaa9b75d2710c39cc9a5e8500d73bec37149b7", "object_relation": "sha256", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688023274, "uuid": "8304b0ae-0f62-4595-b185-1e5e9127c649", "comment": "Malware payload (AsyncRAT)", "value": "c7e42eb35cd129d820555842ed9d92636f75d8df", "object_relation": "sha1", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688023274, "uuid": "e6971378-97b1-43d3-8fe6-ec7515871d3b", "comment": "Malware payload (AsyncRAT)", "value": "38a006c6ff764001ed7d0eac981a1bd1f9eceff812ade9803232757e4f3938574d579217d901c6785edd151c31bdea66", "object_relation": "sha3-384", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688023274, "uuid": "ef45e54c-8142-43ae-bc23-48253140df02", "value": "T16304491433E85918E3FF9FB9F4B002258BB2F823A517D76F189458EE2D62345E510BB6", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1688023274, "uuid": "b0c3f4d6-04af-467a-be7c-e701d51b5fe4", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688023274, "uuid": "3de9245b-9bf3-47ed-a69c-9c5997f1de6c", "value": "3072:S+STW8djpN6izj8mZwP900qo2HD9avlCIPu/i9bSJ2cQQNe6+WpP:P8XN6W8mmP9kHDYd/PSi9b6f", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688023274, "uuid": "62c1152b-d645-4f24-be7d-0ea4bf4bf484", "value": 174080, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688023274, "uuid": "81e9e547-a7d9-41b5-b99c-e81c04e3cfcb", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688023274, "uuid": "d33acace-018d-431b-ad04-308f19e68aa9", "value": "974da4d2df31e10572d18a321540443a.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0f9ff240-1688-11ee-b3cf-42010a9c0076", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1688048412, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688048412, "uuid": "9f345cd8-aa5a-4d4d-88ad-3f9253230021", "comment": "Malware payload (SnakeKeylogger)", "value": "4187fac58ac8acb96e30249e6119415c", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688048412, "uuid": "c02be025-7e98-4fd7-b537-c4ad90135bfd", "comment": "Malware payload (SnakeKeylogger)", "value": "3105a7886bb62b4a95672ed5a801e8063dfba87139195dfc5a7cfe32f3b4edf2", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688048412, "uuid": "a541c039-807f-4dce-b32d-ff8407ba6712", "comment": "Malware payload (SnakeKeylogger)", "value": "b9715cd2c6198c28a5282a283891b5ea2cf1efa2", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688048412, "uuid": "35f98449-8726-4f19-855b-3cad0267b468", "comment": "Malware payload (SnakeKeylogger)", "value": "42eedc0225d02abc44ac72d246e685797317d443b78a64bf943be8dbe9e72af3d4369e504f19d145bf711c3db04c9fef", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688048412, "uuid": "3a9b5d87-8b95-4bc5-a476-58c22d5127a9", "value": "T153C4F020733C5B97C2FD15F94891528187F4815A2CBBEEC67DE3F4DA24D2BC26A42A47", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1688048412, "uuid": "ca9b04e6-3ea1-41bb-8079-d8d0af62f24e", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688048412, "uuid": "57900368-dc7c-40a8-b68f-1f70756b6db6", "value": "12288:I0kxlOZcXtNhSb0cmElPsVtLbs+cq0QHuDFPNyfx:vkjZbhvi9sVRbsvyazA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688048412, "uuid": "3dd91c46-2903-475a-a0cc-969d8662fb72", "value": 567808, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688048412, "uuid": "b706a81c-8d73-454c-b6eb-8cb1c689b5d1", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688048412, "uuid": "47061ba0-499d-4647-9903-6017d7ff25b1", "value": "PR_405861 xlsx.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "30bec5c0-164b-11ee-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1688022269, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688022269, "uuid": "a18809db-2f1e-4ea8-a782-6c0a7062334e", "comment": "Malware payload (AgentTesla)", "value": "ec036cfc96616538058497ba059b969c", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688022269, "uuid": "57a45c20-7b2e-4dae-a9b1-a3286fb4e470", "comment": "Malware payload (AgentTesla)", "value": "326e9ddf345c6128976b27ddab85e060e612b5977fc733448b5c0d7d5fa64c8b", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688022269, "uuid": "efa092b4-a9b9-416a-8eab-5421af21d331", "comment": "Malware payload (AgentTesla)", "value": "6333415f9d8af0915605c26fb562b1a238c25ed1", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688022269, "uuid": "d7fe5aec-e8b8-4adc-b967-58d8dbb707b9", "comment": "Malware payload (AgentTesla)", "value": "d5ee2fe06246c55e3782d253d13da667c685f706bbc6a5512b66bf93507f48677bf581a50478eae7dabd550d97adad13", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688022269, "uuid": "31c7f2a4-b449-4254-8576-fdf45355be86", "value": "T1FE453A2533A0CB87E59F0AFDA335152483FEDD149992A78DA9CCB5F110B3B80A44DE5B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1688022269, "uuid": "f6804a97-3f0c-434b-a597-053bf6a9e4cd", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688022269, "uuid": "6245bf78-4a19-410e-bd64-d6e8c23d0472", "value": "12288:du6wl3YRpr8v2ezoIGUOrd79o1gj/9EfPfW2l8ATuIqXeA0jeWea+kHamJ/M:cJgRuMIi7d9+V8ATu5PNWeBeau", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688022269, "uuid": "1ec82b23-ca64-40b9-ac7e-02544ee6dd8f", "value": 1252864, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688022269, "uuid": "608c63af-af05-40ad-8eed-1d61a2a3083f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688022269, "uuid": "a7df59df-8643-4479-a200-1f7a501b3375", "value": "DHL KULI500796823__SCAN DOCUMENT.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "80fa45c5-167d-11ee-b3cf-42010a9c0076", "comment": "Malware payload (DCRat)", "timestamp": 1688043878, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688043878, "uuid": "619ab171-2866-4025-bd4d-8893e3210db5", "comment": "Malware payload (DCRat)", "value": "ffbeb794c83fccbeea2f4c0691df6ef9", "object_relation": "md5", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688043878, "uuid": "193d1660-c8f6-4e82-a63e-f4028955ad23", "comment": "Malware payload (DCRat)", "value": "33e08bef26c140a0219a93a0604549a82f98aafdfe198e8a4e9c2bbdfece6e5e", "object_relation": "sha256", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688043878, "uuid": "e437bde9-6f75-4487-b86e-53d173703aed", "comment": "Malware payload (DCRat)", "value": "89e4a53cd43260923dc7ed87749708352158c26a", "object_relation": "sha1", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688043878, "uuid": "d68a4244-0dae-4c67-a519-f4063c3e6ea8", "comment": "Malware payload (DCRat)", "value": "7398293a188836597801e56c210b99771c4647fe50b3490adffe87d0870b95eb31b4c82a98274c78681bd3013cb4f083", "object_relation": "sha3-384", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688043878, "uuid": "6ce35fd6-8f44-4582-9544-2f7cedd7a21a", "value": "T15D236C003BA8C136F6FD4BB4ADF292058375D6676903CA5D6CC810EA2B53BC596136FE", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1688043878, "uuid": "3f8a5685-a4ba-4a8e-a460-47f85cc02401", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688043878, "uuid": "fecdfc8b-bf79-4b2e-a193-144fa7db78e6", "value": "768:5OEuILWCKi+Diq2FxhLRaqiOqYbJge903bnvEgK/JTZVc6KN:5OtmqaxXjZbGEUnnkJTZVclN", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688043878, "uuid": "116675fe-0f60-4601-bb8a-8e0293a4e9c7", "value": 48640, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688043878, "uuid": "87e216b7-f355-4088-8219-7d1b2a841a86", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688043878, "uuid": "72f71557-2f56-47aa-8e19-ff4f39d52b44", "value": "decode_c7b716008b861a6f060148e1325a74cd6c1e2f5d2855221b388cfcc7f26b67f4", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3bd8f1eb-166f-11ee-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1688037749, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688037749, "uuid": "0c1716e1-abf3-4709-ac71-6e35f498af10", "comment": "Malware payload (AgentTesla)", "value": "bfa6a18ffe24e95c38dd85eb2e46d83a", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688037749, "uuid": "0032bd24-6dfb-4553-80e5-4537ea466187", "comment": "Malware payload (AgentTesla)", "value": "3422a906f00faff94c827b84f6458d211b9941271fc6b690b9e7c6bc1bef20f5", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688037749, "uuid": "142281f2-ab41-4f73-9088-5d49db7908e5", "comment": "Malware payload (AgentTesla)", "value": "5bbe03f0e399527e48559a70195a2d71dbe12461", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688037749, "uuid": "a57e97de-05b9-4c9e-87fe-477acdc7ff20", "comment": "Malware payload (AgentTesla)", "value": "10ffa6f1aa3f6d6ec58b39bb2c271fdb3080e818905e147c9f567dd712d758f65573aab1e69ed4bb275e953db489cc1c", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688037749, "uuid": "3032f3f9-55d6-4517-aee9-49963b24eebb", "value": "T11CB4232CB8A92C79AD140067DA7E4ED614783C31B47B6B6DE53DE237940B41BC235D4B", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688037749, "uuid": "9910edb8-5fe6-4d03-ac7b-5ed21af92c27", "value": "12288:/aVtvjzQ9KYlYdoV5tgb5cCc7XAtPSYJuA4rK/Mm3hx:CVu9KYSdoa907oqC/j", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688037749, "uuid": "5ac3413d-1364-4081-a082-d41497963e0c", "value": 536370, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688037749, "uuid": "3530f4fd-dfd2-4f73-9a17-8068931fab4f", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688037749, "uuid": "6ea70e58-3aab-4f4b-adee-4a0f703e8315", "value": "inquiry from Vibroser.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "573ad06c-1673-11ee-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1688039513, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688039513, "uuid": "f5c0a106-7ec6-44a7-b9ed-be89e7e39b28", "comment": "Malware payload (AgentTesla)", "value": "10ba685c607f707c855a92791c586aac", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688039513, "uuid": "a7402080-9e0c-407d-b72d-9700b68da1d8", "comment": "Malware payload (AgentTesla)", "value": "34839807546843707347c210daec798a19301e5d788f610260d87bd8e748df19", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688039513, "uuid": "2a4acb91-0183-417d-84cb-637355a807d9", "comment": "Malware payload (AgentTesla)", "value": "c7408b6a122bb4e7d60d2a706531efad8b056e7a", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688039513, "uuid": "eb6fe99a-9136-43f2-812d-decf525a2fef", "comment": "Malware payload (AgentTesla)", "value": "32a88f422ef3b6492f2cb18c2eef16efa7e0d055a1c9c93074e63e3edf166860e73e76481df8f8200f89e3d8e21a060f", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688039513, "uuid": "719a73d6-bc49-4443-8098-f1fff01d7707", "value": "T1074423D3358AC2277ECA44E2C446E807576307F8A97680E9E15BBBB62C7F0E14BD516C", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688039513, "uuid": "3dc7f47c-ab16-4d3e-99fc-1f64a91b96a7", "value": "6144:7oRHDaUJ5MppEFQNKQPmYggF97lGj7kn9ozk47:7o91CppEeige7kO7", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688039513, "uuid": "bad4fec1-266d-45c0-9ed3-e80c97bab86b", "value": 264158, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688039513, "uuid": "cba9ee66-540f-49af-b4dd-1db3e295cbe1", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688039513, "uuid": "643c6370-9dc7-4b75-9af9-b8b37fa94ab3", "value": "New order 500384851.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9c151d26-164a-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1688022019, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688022019, "uuid": "6a5fedd8-60d7-4a7c-9530-40ccb8c50104", "comment": "Malware payload", "value": "882fc9448c49bc40eb0f25e55635f989", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688022019, "uuid": "d2ccb72b-60f9-4518-b557-a66e3e52f5b0", "comment": "Malware payload", "value": "353147404756e51de5eab419d5963bb219fbe748b11273cc7aabcbaea78b2cb5", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688022019, "uuid": "33cd24a7-1a52-4f7f-b0f8-41cb7103cc82", "comment": "Malware payload", "value": "f8692efab14ce3e496d9549d04a9fc4ecb18625d", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688022019, "uuid": "040e7d8a-84d2-4d7c-b587-cdd7d8e6cb09", "comment": "Malware payload", "value": "d2d7d91be24e27d725bcade2efbee130b4671171b9e01220fa3440529ad20b671b68f83b256eb529188b81f366b78fa2", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688022019, "uuid": "2879dfd0-bc9a-4172-962b-0941546e7250", "value": "T1B935F0E5F8492CDEDD3E9CF715F1BBD97C6A6C26072202D4A39A761A833E520BD4C052", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1688022019, "uuid": "ab83a850-9ab4-45f2-af3c-f68435ccb0bf", "value": "b9083dd82a429a49d949568d3647ca0d", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688022019, "uuid": "7d2809cb-0c2a-4198-a10a-147928e90383", "value": "24576:9hloDX0XOf4lLZPs0RLX0DkOou268noAgCl3KF4LnPoD:9hloJf6FFRLX0DkOjz8o1ww4E", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688022019, "uuid": "0cf3e59a-d0c3-415c-a430-d3295abd19af", "value": 1154048, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688022019, "uuid": "6b827d11-9d1e-4484-a788-12ff39c874b9", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688022019, "uuid": "49308b4c-6e1c-4842-8c00-c2494773f66c", "value": "882fc9448c49bc40eb0f25e55635f989.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "36a41bcc-164a-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1688021849, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688021849, "uuid": "2be27517-1738-48bf-b37f-770130413a72", "comment": "Malware payload", "value": "fd6c1d53e33039b41973394dfc8b352a", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688021849, "uuid": "c28499c8-a25d-45b5-9f2b-bd77619db1ec", "comment": "Malware payload", "value": "35bcfd69dcfa8a03e82c1141d1138e26a2779527ec631d6d5c2f66a217548e05", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688021849, "uuid": "1abab019-bfcb-4f15-a414-5fb81492b368", "comment": "Malware payload", "value": "8f058eef494bb05e48b203255782c9e60fd1beb5", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688021849, "uuid": "5cb7cfef-f0c1-4ffd-8491-0fbc509da092", "comment": "Malware payload", "value": "16b44da1a6b726a8840540034af45278c9d83ad1dfb4817c391f077dae10487660f4a397e283a6a91517768be41bb72b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688021849, "uuid": "5fdd207b-6052-49b0-baf2-a6dcbf67c911", "value": "T1C0752210B6C48871E8A71D310BA1E7617B387C314F7A8EEB5B98692E8E305D1DE35763", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1688021849, "uuid": "42e98087-15ce-46c4-8d48-71d41ca2949d", "value": "91e96141ed5dbe3bc541c8aad7ff3c38", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688021849, "uuid": "a76ee447-74d2-4e0a-b817-f6e85f4dadcd", "value": "24576:WBqaS/LEMWamTRcKARi/u1V4HGRRxSrrdS5ExRU1cP6h3Tt4VCNx:WBqaaWaiRcXRi/uX4HG76dnROfea", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688021849, "uuid": "1b31f6b2-ed51-405f-8b6e-caa086fc7596", "value": 1590052, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688021849, "uuid": "eef262c3-082e-4ff6-96cb-add7f074a7fb", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688021849, "uuid": "c878e386-e88d-4c83-a813-c9ff938d3680", "value": "fd6c1d53e33039b41973394dfc8b352a.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e943a27d-16cc-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Mirai)", "timestamp": 1688077983, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688077983, "uuid": "c8b89898-5a55-485f-b28d-6b4aa557d1e7", "comment": "Malware payload (Mirai)", "value": "4a4ea65bf20f04b67a946d4a359e6206", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688077983, "uuid": "cfe0369b-6874-41a9-bed5-6045a4f0fb38", "comment": "Malware payload (Mirai)", "value": "3610316d9df78a1649b80ae2d243d9ccbee5ec292a4b35f6f638e4b328ab111c", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688077983, "uuid": "4c86bb27-3d71-4566-a9f4-7e5060432128", "comment": "Malware payload (Mirai)", "value": "a57bc65f11eabfe7a0ed135defb3f7cb1f4d2793", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688077983, "uuid": "477b356e-df76-43ce-ac0c-00e89029fbec", "comment": "Malware payload (Mirai)", "value": "8daabfd81cbff954f5b22fc0ac9c9bd417c8d156d7ec0fd78ca12f896928e276fde4afc9832d3497802f444648747066", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688077983, "uuid": "b20f6e77-288f-48af-8cf1-41333509ed76", "value": "T1D5330A8EB8029D3CF91BE6BE54164E0DB93177C152830B2767BBFDA36C721945E02E85", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688077983, "uuid": "e36b4b81-9a09-4a6e-8d36-9da661a0596c", "value": "768:gduPBFnHooqR8qOCKq2cH4Kg9e+TK806MMUVjzkfQXObHud2oGh:r/hqaJMDg9eqK806MHdkfQX6HuCh", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688077983, "uuid": "42258fe4-fdc7-4774-b0bc-8b405e30cca1", "value": 54932, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688077983, "uuid": "b7fba2c1-0259-4a4b-a422-967ccbb72a61", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688077983, "uuid": "e61a9ae7-1a61-4feb-bebb-cbbd68b270d2", "value": "4a4ea65bf20f04b67a946d4a359e6206", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "14139a07-1677-11ee-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1688041118, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688041118, "uuid": "eedbf111-b851-4877-b282-4728550757e6", "comment": "Malware payload (AgentTesla)", "value": "67441d5c2576beed1b3119791c1cd6d0", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688041118, "uuid": "c9703202-f7da-49cb-9ca3-13d2c567ce8c", "comment": "Malware payload (AgentTesla)", "value": "36ad46bb2f32753b712405eebaebd3d70728db89e20e7dd2e73cc6e82a64237c", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688041118, "uuid": "ff10822f-0877-4a8b-a77f-3a1a51c23add", "comment": "Malware payload (AgentTesla)", "value": "cd09033d19cc777861f7fb7412a838f8d812c51c", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688041118, "uuid": "84753193-4605-4a8e-888c-ca954d2e6065", "comment": "Malware payload (AgentTesla)", "value": "f06f3d38656de369f3b76a607b4721f845d43efa62427a937e96e0f6a107e7d3e13b703e6c3052554f1ef5dfe59d6e0e", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688041118, "uuid": "2f27472a-e814-4ee1-8b56-1851f4866b57", "value": "T1F70527AC321075DFC85BCD76CAA82D64EA60747B931BD203A02315EDAA0DA97DF145F3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1688041118, "uuid": "fdbc68cb-77e0-4ecd-b708-7d92ad24fad9", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688041118, "uuid": "d62c6299-790a-4006-8996-1dc617ac1538", "value": "12288:Gmx4qHZRCBJB0FfHVmXbLVFV+u410emz99hg7KSGah6I9dCXW4LDRvNpuK66wjOu:GmBZRiO5HVmXnVK0e8Mp", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688041118, "uuid": "88682143-0ec3-49af-ac68-6bd4f2b4095d", "value": 845312, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688041118, "uuid": "bc8304d7-f93b-4a06-8b2e-242bbc916c4d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688041118, "uuid": "2d112136-1974-4e74-bdb9-89266f8d933e", "value": "RFQ for Req 12465.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "77f7ff0f-164d-11ee-b3cf-42010a9c0076", "comment": "Malware payload (LaplasClipper)", "timestamp": 1688023247, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688023247, "uuid": "57d4e46f-7e62-44eb-a8f0-d43504d50871", "comment": "Malware payload (LaplasClipper)", "value": "b109489b8bb8ca8d3c5381dd2969ddaf", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LaplasClipper", "colour": "#5DA8D7", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688023247, "uuid": "703bdcae-1114-4af8-9da4-4286aedeab2f", "comment": "Malware payload (LaplasClipper)", "value": "379b9ee5c7de68fe8174c3f6668b2629ef40df26dfbb472deee14dbb79cc8fa9", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LaplasClipper", "colour": "#5DA8D7", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688023247, "uuid": "6b4b66ad-d189-4fda-8348-a886dc6ab9ab", "comment": "Malware payload (LaplasClipper)", "value": "d9579ddc7520d109cb04eb79e47effafb842134a", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LaplasClipper", "colour": "#5DA8D7", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688023247, "uuid": "fb2a4225-7195-46af-a55a-dc23ad07f5d8", "comment": "Malware payload (LaplasClipper)", "value": "9fc9d37b385e561056cf685aa57c71d1207a3879abdd15ba86af9f710c16804b0c5870d8aef1b95f36adcc6d18c4f069", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LaplasClipper", "colour": "#5DA8D7", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688023247, "uuid": "cc4d7b16-8789-4ec2-9ddb-e528abc06900", "value": "T1549512C3A2907D5CE5254F729E1EC5E4BA0FB9108E497BB69208AB1F14F11B2D2FB711", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1688023247, "uuid": "f884d32c-0129-4012-9106-a6e2056f20f2", "value": "c61bedf317f19d715278ea485f1b5899", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688023247, "uuid": "8b1aad5d-fbff-4de6-aca7-a5b3c38e35c0", "value": "49152:fcntI+Q5GuoQZyk0FXjlCt7JDjWPmMCr0fjYmzEm8SOD:0nT3TFAttXZMCr5muD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688023247, "uuid": "1e295e18-3627-4506-a86e-5567e60d053f", "value": 1982976, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688023247, "uuid": "d6b87217-7ea6-449a-97ef-9304e3825b70", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688023247, "uuid": "b7f266ac-d403-4e6d-a09b-f90fcc7c6311", "value": "b109489b8bb8ca8d3c5381dd2969ddaf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ab8a5850-16d3-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1688080886, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688080886, "uuid": "26a10c73-3d21-45c7-bfb8-8652717052d6", "comment": "Malware payload", "value": "ecbe533f5be541bfbc260f82d45455c3", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688080886, "uuid": "0d7481af-4fe7-4213-aebe-73dc92dd21e5", "comment": "Malware payload", "value": "37bbc32acb22dc4905bfd018c19499a5440495e360908ada4c12016dda7dd9fe", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688080886, "uuid": "8b858d60-bf18-448e-bee1-131a740a3cca", "comment": "Malware payload", "value": "060f7763135e7e7a0eec6f52721c58390d27fd4c", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688080886, "uuid": "61ec86e5-82c1-400b-aeee-38230bd60b16", "comment": "Malware payload", "value": "50b061ed7b65093533c6e8afd5e572c6c1d9306ce822a898f82369ee1d8810dccdeaf01338e779b0edc572a304b1d4ce", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688080886, "uuid": "21beeec5-726d-4dbf-a174-a5c75cdfbc2f", "value": "T10C432921B63A1F13D0E0A47D21FB4B59B1A15ADE26A4C64E7D720F4FFF11680A943DB8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688080886, "uuid": "afe3c9b3-7bcd-454b-b94e-39b26c4f5f4b", "value": "768:RqowmZPu9wtnfbltWgC6BSJsBcfDSTFIuQKqgESnmC/xO+KpAw1:RqtmZPuutfbltZFBSJsBcfDSTFI+BE1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688080886, "uuid": "170f4878-f244-468b-a58b-311fbfd89930", "value": 58376, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688080886, "uuid": "54aef356-b06e-488e-ba6d-31748298cc43", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688080886, "uuid": "68e5101f-67a3-40c6-ad9e-7cff9a12678e", "value": "ecbe533f5be541bfbc260f82d45455c3", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d2ec7554-1639-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1688014810, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688014810, "uuid": "3321a6bd-6d44-4990-bfc2-7a350f177dd5", "comment": "Malware payload (RedLineStealer)", "value": "58ab52a31b405e20d98bbe29b98d4dca", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688014810, "uuid": "64a16794-6821-4048-b4fe-d15e0dea36a0", "comment": "Malware payload (RedLineStealer)", "value": "38179b42eacc00e5924414079ea3945b76e19b5853f37e44c5844d13aad16edc", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688014810, "uuid": "fc5bacd2-1f83-4e0f-b9ab-eb4bd606bcdb", "comment": "Malware payload (RedLineStealer)", "value": "7e1763aa8e1c8c17f93e560348a9d541597477ee", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688014810, "uuid": "dab50c05-fb18-420e-b221-7c8211544001", "comment": "Malware payload (RedLineStealer)", "value": "e07f7ddc18e801903a0ad281f72ae81c13cae66aef23a7f89c90067bcc8ccaf81e765e316fc55f83a5945af602dcc769", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688014810, "uuid": "97691768-e8d0-4176-b8f1-4a11c04ba7d0", "value": "T13B945CD3A2A07C5CF5254F328E1E86E4BB0FF9504E1977AA92189B2F05B11B1D2FF650", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1688014810, "uuid": "9984dc9b-f5ed-4745-a7df-07490038292b", "value": "c61bedf317f19d715278ea485f1b5899", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688014810, "uuid": "4949c3fd-a0ac-4ccc-b639-9cd61ee0f6d5", "value": "6144:IHFl8l77eDiw1UFAvDxcWufbJre7aa0S2heEPQT6:IHFlk7uiwYAvtcWGJECheE", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688014810, "uuid": "05b081c6-e735-4aac-928b-375f9df7d1a8", "value": 414208, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688014810, "uuid": "1be8caa3-f12d-4212-94a0-7650ba6be93a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688014810, "uuid": "c691eafd-532d-4c2c-a2d2-0f85d4e4d9cb", "value": "58ab52a31b405e20d98bbe29b98d4dca.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6a1539a4-1642-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Mirai)", "timestamp": 1688018499, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688018499, "uuid": "9ea90f37-953e-436f-b357-da2930f2ceee", "comment": "Malware payload (Mirai)", "value": "73a4b71dda856c7ad6805f7f4a9df673", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688018499, "uuid": "ab7ebb0d-53ca-49b0-a521-3a2b74b6b8c3", "comment": "Malware payload (Mirai)", "value": "38efa3b9d6faad32aca6841c178d63a3b2fbd50b8daec16ac26578b658307263", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688018499, "uuid": "1f1e5d1a-823f-4447-aaa4-84428f1affe6", "comment": "Malware payload (Mirai)", "value": "00f91c68701f442d0ba0615251fff174db3505ec", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688018499, "uuid": "5906f1c3-e7c0-4025-ae80-0ab1b1aab035", "comment": "Malware payload (Mirai)", "value": "d290e31f5cfeb298977f80d17e99a1571252044e9812355131600c947a0e15ee6005a1da9d76476c20c924afba0b9009", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688018499, "uuid": "06661bcb-8290-418e-b5eb-b5009d7d744c", "value": "T108A2E11072632D56E3EC1C3DC9AA831BF9670BFCD0F6327669405620C94E20A3F39A4A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688018499, "uuid": "a9e767b6-eed2-475e-b4e6-4ea66a36e6ec", "value": "384:UvtIoZxrSniaXs+qx+bwqPX+VOcFd5fHq52lxjOwGLhymdGUop5hJ:UvQn4j+ZO5fKAlxMLs3UozD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688018499, "uuid": "d50fca0e-de0a-4b66-96e2-4737fb02a00f", "value": 22160, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688018499, "uuid": "4cd3d7b0-1161-4e2a-9660-3c26b0ee6ee5", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688018499, "uuid": "3f062ef8-7708-4fa2-ac2f-af7d58b1b8c1", "value": "73a4b71dda856c7ad6805f7f4a9df673", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5ca6fe66-164d-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Vidar)", "timestamp": 1688023201, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688023201, "uuid": "6f770ea2-2231-4f8f-ac66-162d267cf278", "comment": "Malware payload (Vidar)", "value": "f6b4a8962cc585e6b65c3ad0d0bcf398", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "vidar", "colour": "#BA40B3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688023201, "uuid": "f731a21d-045e-4062-a23b-d8f270ceffd3", "comment": "Malware payload (Vidar)", "value": "3a6e3f68752ee8c5fa7d30258933483662515190e5e199e8fbe1bd7ce96aded7", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "vidar", "colour": "#BA40B3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688023201, "uuid": "99ff3141-8ae6-490b-afda-ba6e9b2e9342", "comment": "Malware payload (Vidar)", "value": "81fd9655a608bd0fc464234794b0e781e62df0d7", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "vidar", "colour": "#BA40B3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688023201, "uuid": "af633822-665b-47ab-b011-28326689f56f", "comment": "Malware payload (Vidar)", "value": "c00b5aa8d2b1567ad31520988ba2c4ff1607722f9daecb5c2c74da113635c235f949563f6da0f4fa1da188bfcca53255", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "vidar", "colour": "#BA40B3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688023201, "uuid": "c48e0dbe-b322-4998-a7ca-7a5bd226e521", "value": "T1A57549D85A51B8CBD3EB4BF294F6B2B424356FD94C74FA1010F07A97AC3270D19A2A71", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688023201, "uuid": "388a87cb-a58f-46a1-a982-1297d5e89394", "value": "24576:hXZNrGaUmA0DWE+wMDOxUI4j0aOBt+YzPoX7DjH:hXZNiaLWE+VDcZuPOhPoL3H", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688023201, "uuid": "a7179377-3b95-452e-ad2c-bce512470488", "value": 1615464, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688023201, "uuid": "44f81515-bb58-495a-a9b8-191cd833190e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688023201, "uuid": "acde6c75-f5fc-4c95-a1b1-cae9f6475563", "value": "f6b4a8962cc585e6b65c3ad0d0bcf398.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cdbfa814-1667-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1688034558, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688034558, "uuid": "3676df0a-16ee-494b-b647-a20ae97afcbb", "comment": "Malware payload", "value": "de78b86ce2c8f6e5f88b9792a3d8df0c", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688034558, "uuid": "35dbbf33-c0bb-417c-b457-690304c5a6a9", "comment": "Malware payload", "value": "3aea338fbee5f3e5eba06e17fef4c086bb5c5fb25294ac592e39d673165ddcac", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688034558, "uuid": "17b52017-8239-4642-853b-d125e40445f2", "comment": "Malware payload", "value": "db02ff79bfde4f227cdd0e5f3474022c94e03755", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688034558, "uuid": "6d279474-5aac-4b6f-885b-9c7c6cde4297", "comment": "Malware payload", "value": "f61a058dec70143dafa3e00df6fbc10d0588ec5f19923e0943fde50ddf705f23b256220b34d07b9f161703f5fa37e735", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688034558, "uuid": "456ae1d1-f0b1-4436-adea-7e77d1901204", "value": "T1DE752221BBC084B2D56614311BE19732EB7C7C206F398ACB67841F2E9A785D19E39773", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1688034558, "uuid": "ece3e3ba-a1e0-4a5c-9501-9a4a908e6dec", "value": "91e96141ed5dbe3bc541c8aad7ff3c38", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688034558, "uuid": "34138073-0673-41dd-894f-cfa5fe2293d7", "value": "24576:O208/RKHuEBY0gNchXOVmFfL6VsPYVqu3qQ8oLfpOh9pVrBgdG2l:908/RYOAOVaLisPrs8ozAh3hadDl", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688034558, "uuid": "00b8dcbc-8ad4-4e29-bc3f-610d751e17e8", "value": 1586829, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688034558, "uuid": "feae398a-ffe7-49f6-9ce7-481dbac1595a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688034558, "uuid": "a1a7a98d-dd39-4252-8764-fa1b7ff44658", "value": "SecuriteInfo.com.Trojan.Uztuby.4.28297.11657", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f83d9d7d-1653-11ee-b3cf-42010a9c0076", "comment": "Malware payload (AveMariaRAT)", "timestamp": 1688026039, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688026039, "uuid": "c2dc3a05-ce90-41a4-b508-a8124043ca3d", "comment": "Malware payload (AveMariaRAT)", "value": "932634d0ab4a6ecd3b4493a52976138f", "object_relation": "md5", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688026039, "uuid": "6ffc5b04-a4b4-42ba-a99e-cd102fa0c456", "comment": "Malware payload (AveMariaRAT)", "value": "3e0a1d597d13ebdc99bce3f25e8c57920b556f2da35f433df02c04b2ad9ca150", "object_relation": "sha256", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688026039, "uuid": "faa9e8e2-bad2-464a-b670-5e3a9ad6b028", "comment": "Malware payload (AveMariaRAT)", "value": "a9663f72e71d7acef6f589d64cb1a9aa2e4c9824", "object_relation": "sha1", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688026039, "uuid": "dd08e7f5-33e4-4e28-a671-e77c26465703", "comment": "Malware payload (AveMariaRAT)", "value": "5bbe67219c8ca98ab6376f0c62a10dde52ede9a6236bbc7ec45d780991b387c9e7beeded93cdbff1ed6ed1e7aa88f026", "object_relation": "sha3-384", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688026039, "uuid": "9510f25e-5810-44e3-9874-11166dcdbd9d", "value": "T165C4F144BEA8BEE0DBA88078E1B1852C67F081BD404ADFEB2F9825B56DCB350734455F", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688026039, "uuid": "39013568-9aa1-4135-96ca-233a684660c6", "value": "12288:u97YutfZWY9f03rclZYnXvAOMwJDMp8S6QjvQFE335:C7YxYS3raZYnXvAOMkDMp8S5jvQFU35", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688026039, "uuid": "8645d24e-41f0-4ecc-892d-f08db614ac0f", "value": 558096, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688026039, "uuid": "480139e0-b892-4308-9c31-7dad173eb80d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688026039, "uuid": "ec7c4670-b33f-45f0-8eac-53d04291b214", "value": "file.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1a04bed8-1657-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1688027384, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688027384, "uuid": "855e9719-0ef1-4bbd-8e24-3842ebaa92a6", "comment": "Malware payload", "value": "c8311dd3d3421e1159a669be44e14287", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688027384, "uuid": "1c33b194-d652-4af3-9027-b8cb2a1d5e37", "comment": "Malware payload", "value": "3f64e635a811969032be1c3bd6d467b6edae118ea00996a66e56e9d798a4db03", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688027384, "uuid": "0dd471f3-2ba2-4b0c-9fe9-8d2bde004bcb", "comment": "Malware payload", "value": "82f8fa80e39202cd2388bfbd1482b8626008907b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688027384, "uuid": "e5097407-4ab9-49da-9b32-5378bb2a5eb5", "comment": "Malware payload", "value": "ece9aa9e578751b4c2d0793c6e64073fb8931ab8beb8396200e484dda658df4d6033885f63633a5117653dc920fda7ce", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688027384, "uuid": "edb41dd9-e81a-48ba-b6ea-267a8f9fbd56", "value": "T1A5952303B5C185F2D03728336A361B20A6BCBD301F558ADF67C9251E9E736D1AA317A7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1688027384, "uuid": "2bcb2e05-6dd6-4d59-ad38-bc50afa2cd23", "value": "aac51396886833dc961fcd7aab7711e4", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688027384, "uuid": "df57d2c6-8469-4f2d-9188-b1ba71045b42", "value": "49152:5FPDcoooVguPMjxqFmA1p3N5xeqEJPpP0o3CpkRzRJpi:5UMvPMj2P3N5xe/FCkzRO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688027384, "uuid": "52c9e211-0f65-4e45-99e4-c56306173900", "value": 1902871, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688027384, "uuid": "40f94fd0-4751-47be-b2fa-01729ac4b214", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688027384, "uuid": "42421198-9996-44d7-be00-fe7143709afc", "value": "SecuriteInfo.com.Trojan.Uztuby.4.25865.409", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ac46cd7b-16d7-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1688082605, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688082605, "uuid": "7d3ab675-accb-45d4-843f-0d1f796d7f45", "comment": "Malware payload", "value": "451f058d97c73ae2b54cef4c162f4176", "object_relation": "md5", "Tag": [] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688082605, "uuid": "6b0c29d4-cedd-4e33-9791-bc5930f27cfe", "comment": "Malware payload", "value": "4034ff4b19c196b37ee4dea9aa868c2e7d9d033678888bba08ba2e6ef68823f0", "object_relation": "sha256", "Tag": [] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688082605, "uuid": "50eb7544-05c4-4ac8-b778-cac1074c4729", "comment": "Malware payload", "value": "ed818ace75e705cfa9aaea14c3ffed21cd7d1cac", "object_relation": "sha1", "Tag": [] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688082605, "uuid": "1ddf5669-62d0-404f-a0fa-5f710983124b", "comment": "Malware payload", "value": "2fd5ca6b404f74523a19d5a1f039aa64625e5bda97d0d77574ec21834bf32cc688ed663d20978ba2798f3336212393dd", "object_relation": "sha3-384", "Tag": [] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688082605, "uuid": "15e52843-0d04-457a-b6d7-cdd059d84b2d", "value": "T1CEE33B46EA414F13C4D61776BAAF42453323AB64D3DB33069928AFF43F8679E0E63505", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688082605, "uuid": "cf8c4b8b-b252-40da-bd2b-a728f235b834", "value": "3072:NdtahDRZr+ANBtadh7sLjsFIvThZfhBvXR3pM/96lLezl:Ndt2lZqOBtadh7sLj4I/7vXR5M/9fl", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688082605, "uuid": "263a0e58-9f02-4c21-af6d-1ed09090caec", "value": 153172, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688082605, "uuid": "4762a57c-9db2-4802-91d8-f361f367a440", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688082605, "uuid": "6b0add31-c6c1-4b21-979f-48dff2a0dc8e", "value": "jklarm7", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "15ef4f5c-16c9-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1688076340, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688076340, "uuid": "2ce03750-b249-47f2-a776-fcc457cba84c", "comment": "Malware payload", "value": "c163f1d96519ebde35db986d57de7a62", "object_relation": "md5", "Tag": [] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688076340, "uuid": "cb8d4bba-e08d-4919-9a25-300ebf623c57", "comment": "Malware payload", "value": "41486f386fd93f8813889d0a13971917eb69389a2a4e57b09bcb793fab5eaccd", "object_relation": "sha256", "Tag": [] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688076340, "uuid": "aa5edb48-3946-4b22-9a11-3eeb71356ab5", "comment": "Malware payload", "value": "6e38d1fd93bd428c2274c9a49933a8101bbb4e89", "object_relation": "sha1", "Tag": [] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688076340, "uuid": "ce9c71c4-13c4-49a0-81b4-ba96aba1c736", "comment": "Malware payload", "value": "6d535df24f1956d45e0f5aeaf95605204c494852f6aa4d26151d81b5f5210e2d9298770a82ee4de9b7af22e133758705", "object_relation": "sha3-384", "Tag": [] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688076340, "uuid": "1aa7aab1-528e-49ec-a6da-e375616501f9", "value": "T110436BC4F643D8F5EC8705702077FB379B72E1E922A8D647D3B4D932AC52651E606A8C", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688076340, "uuid": "20e7c5a2-bdec-4493-ae41-83b98faffb10", "value": "1536:JeESt/basV2rcZhG6ySN7najlSR9zWOIaEjrqMZs:JeESt/basVTgS7najQRVtXESe", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688076340, "uuid": "ce656136-42c5-45a6-9f89-5ffcb423b1a7", "value": 55632, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688076340, "uuid": "1c9ff033-6d2d-4121-b0c4-997527bd78a0", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688076340, "uuid": "32ba30c8-1b4f-40b2-a060-eebe499f8cab", "value": "x86-20230509-0207", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "84ceebce-167d-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RemcosRAT)", "timestamp": 1688043884, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688043884, "uuid": "eca357e6-e941-4762-a464-86c1a17ba4b6", "comment": "Malware payload (RemcosRAT)", "value": "aaff912810ab1af3ca06067c96d9dcc0", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688043884, "uuid": "8e2cbb90-7b40-4347-874c-cc30dd8220eb", "comment": "Malware payload (RemcosRAT)", "value": "424a1c81f60681049180f9e1381a7482b5a67f10401a1537d2abf808664ac15e", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688043884, "uuid": "207c7c1d-63a3-4503-928e-7aecee2eff80", "comment": "Malware payload (RemcosRAT)", "value": "c53666935d362162928b5c0d891f3917edddf6d3", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688043884, "uuid": "3ae302ad-53b6-44ca-8483-9a425f0763a5", "comment": "Malware payload (RemcosRAT)", "value": "500be6e1d33fe3123265cdaf7b9f766054603e586511aeb4a72b411d1e1a6e517d0f1b264a0c0847e573ab83855771af", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688043884, "uuid": "1976ff10-b926-482b-99d7-5f7ae0bd67df", "value": "T145A4AF02BAC1C072D57651300D2AF775DAF9BD20183A457BB3DA1D9BFD70190B63AAB2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1688043884, "uuid": "58c78022-cb3a-4956-8467-90b478136ae1", "value": "04d77d421b8e5297898a3fce39d74267", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688043884, "uuid": "5337199f-919b-4c97-8127-4e6646dc2804", "value": "12288:vRXxReZj3WZfj/2eSseWFaIe2+f8CL47bs/Zf2aDU:vx7cyF2eSsewS8W47eZO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688043884, "uuid": "a03eec8c-75b1-4062-b15f-df1c05aa4624", "value": 492544, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688043884, "uuid": "8fc4a8c6-94b4-47f3-9dd6-bb5866c739b7", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688043884, "uuid": "dec59e63-f307-47c4-bf74-df47bb4c1515", "value": "decode_e760f2b2e87461b82c950a4afe1ac96807471ca59d6ee795bfcc70540ab5f26d", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "92d978e0-1658-11ee-b3cf-42010a9c0076", "comment": "Malware payload (TeamBot)", "timestamp": 1688028017, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688028017, "uuid": "9a2efa51-fb56-49da-bae2-c48bc09f9994", "comment": "Malware payload (TeamBot)", "value": "bbe1414c1e77d7ef7007904c43476c48", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "TeamBot", "colour": "#0020E9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688028017, "uuid": "703be170-7273-40d3-be1e-d6fa00ef7148", "comment": "Malware payload (TeamBot)", "value": "42c1f859ce3971eceea15036a500d7722554cc5d031e99da4c4eb184691ea76d", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "TeamBot", "colour": "#0020E9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688028017, "uuid": "8787a74e-c21a-4521-8e1b-e2825ef749ca", "comment": "Malware payload (TeamBot)", "value": "40da2eae1114696ab181cb7c1f64b25435ea993d", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "TeamBot", "colour": "#0020E9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688028017, "uuid": "d4a17b22-133e-4b37-8351-3df0a633ba36", "comment": "Malware payload (TeamBot)", "value": "79f57500b61ea3579f346f8d478f42f62898fa369f6fee6e9d0605219660fc8249e44ef7f7d72d9a19139a4e1357a898", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "TeamBot", "colour": "#0020E9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688028017, "uuid": "7390d70e-5866-4aba-bbe9-d586cf1cf40a", "value": "T16064FAC3A2A17C5CF5254E729E1EC6E8BE1FF9504E59776A92189B1F04F11B2C2FB210", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1688028017, "uuid": "b703bd92-82a9-4738-9a56-08e8332655ab", "value": "332b79ade2fb1784ab7f90ad74eb5cd7", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688028017, "uuid": "2fe02c24-baa7-41c9-9648-5bd16d104ab6", "value": "3072:dHo6gg1xUyKJ7MRFpdgJgL7ORqcySXMAtFsQcB8m6Oft8:xo8xU/7MJ6SL7+3Ux8m36", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688028017, "uuid": "cecd3fb4-eec0-4a1a-9ece-66670c2649f2", "value": 307712, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688028017, "uuid": "3e6467e7-3972-484d-af0d-e2134f7c18b0", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688028017, "uuid": "6a6d5497-5989-4781-80d0-f87b7a9fdeae", "value": "bbe1414c1e77d7ef7007904c43476c48.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c917e36e-167b-11ee-b3cf-42010a9c0076", "comment": "Malware payload (LimeRAT)", "timestamp": 1688043140, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688043140, "uuid": "9d4261c0-29c4-4c83-87a6-05f8cdd54774", "comment": "Malware payload (LimeRAT)", "value": "1b5eb1128b75b15cc036cf563c0cad70", "object_relation": "md5", "Tag": [ { "name": "APT-C-36", "colour": "#703ABF", "exportable": true, "hide_tag": false }, { "name": "BlindEagle", "colour": "#8C6B90", "exportable": true, "hide_tag": false }, { "name": "bogota2023-duckdns-org", "colour": "#6F1A94", "exportable": true, "hide_tag": false }, { "name": "LimeRAT", "colour": "#53EF89", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688043140, "uuid": "786e9046-c297-46e1-8c68-eec9307355d2", "comment": "Malware payload (LimeRAT)", "value": "4364a60cc5f7039a24528452680648850d7b3f434c25892d1b3b5e5aa14898fb", "object_relation": "sha256", "Tag": [ { "name": "APT-C-36", "colour": "#703ABF", "exportable": true, "hide_tag": false }, { "name": "BlindEagle", "colour": "#8C6B90", "exportable": true, "hide_tag": false }, { "name": "bogota2023-duckdns-org", "colour": "#6F1A94", "exportable": true, "hide_tag": false }, { "name": "LimeRAT", "colour": "#53EF89", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688043140, "uuid": "9b8f2d99-4480-49ee-8454-da585cba26fa", "comment": "Malware payload (LimeRAT)", "value": "47c8771519cbd4b457cabfcf2fa875d469517b9f", "object_relation": "sha1", "Tag": [ { "name": "APT-C-36", "colour": "#703ABF", "exportable": true, "hide_tag": false }, { "name": "BlindEagle", "colour": "#8C6B90", "exportable": true, "hide_tag": false }, { "name": "bogota2023-duckdns-org", "colour": "#6F1A94", "exportable": true, "hide_tag": false }, { "name": "LimeRAT", "colour": "#53EF89", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688043140, "uuid": "35fa8b7e-584c-4c96-a1ee-383e29e1078d", "comment": "Malware payload (LimeRAT)", "value": "b997258dbcbafd5cfb1c2844fa902a362db61f325ed160b5bc4e6488f46ba69ddb090eef04f5aae729ea9004ab2b76db", "object_relation": "sha3-384", "Tag": [ { "name": "APT-C-36", "colour": "#703ABF", "exportable": true, "hide_tag": false }, { "name": "BlindEagle", "colour": "#8C6B90", "exportable": true, "hide_tag": false }, { "name": "bogota2023-duckdns-org", "colour": "#6F1A94", "exportable": true, "hide_tag": false }, { "name": "LimeRAT", "colour": "#53EF89", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688043140, "uuid": "f6339d98-c85c-4658-9b76-95aa8ee29733", "value": "T1EA24811232E6112571B23B9DAFB2D1744B1BBB995A7E833D19FC250A0FE390084E57B7", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688043140, "uuid": "be4363a1-a2ce-4600-b8f1-be351541d9e2", "value": "3072:u5d6525555555e555555555555p55550uS555tE:D", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688043140, "uuid": "469a9f82-b33d-4b35-a1a6-5355e3d30ef2", "value": 218704, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688043140, "uuid": "6fdba6ed-b82d-4c84-96db-c3abc9f7f737", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688043140, "uuid": "46c14097-2e21-4053-b184-684c409df848", "value": "IMAGEN DETALLDA FOTO COMPARENDO ESTABLEDICO ACTA DE COMPARENDOS #2023-9996659-663201259-9659-JPG.vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3952356a-1642-11ee-b3cf-42010a9c0076", "comment": "Malware payload (DCRat)", "timestamp": 1688018418, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688018418, "uuid": "e90f558d-869c-4116-9bb5-c06b4fe21439", "comment": "Malware payload (DCRat)", "value": "c67469f96c18c686e513647b43846551", "object_relation": "md5", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688018418, "uuid": "bf462e53-3f04-47e8-93c1-dcb6b716edd5", "comment": "Malware payload (DCRat)", "value": "447b30735275aace87a610a1d1a993bd1d216477e9be2ca3a9345b488aeebd8b", "object_relation": "sha256", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688018418, "uuid": "ced7c06b-5f35-448f-a539-52ccfd707381", "comment": "Malware payload (DCRat)", "value": "289386964e81beccebf2cc67caa7bfe76c7c2aba", "object_relation": "sha1", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688018418, "uuid": "bc5d23a9-e26d-4b23-ad47-7a80f6060bb1", "comment": "Malware payload (DCRat)", "value": "092df0a4405104ea955e501a0cc1af4bf9312875d35cbaf4d4542a0fd0464ed719f8a019f7238f84299d5deb1fea7e25", "object_relation": "sha3-384", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688018418, "uuid": "b5ab993f-c623-4e75-aef3-a105d3dfdc43", "value": "T1D7B58C427E45CA09E009613AC2EAE43447B1AC5063B2E3577AFE7EAF71527D23C194DB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1688018418, "uuid": "b86c827f-ecab-40f9-ae87-2a7068c85a2f", "value": "d59a4a699610169663a929d37c90be43", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688018418, "uuid": "478c7a59-a924-4260-8228-c0f8128251c4", "value": "49152:RLpifBNOQ1aPa1jL/zZAneDGR5gfwhbXJSPDdY:RLOvay1jL/z6n95gfwhbXJSPJY", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688018418, "uuid": "eaeb7d92-fce8-42a1-a193-432bb0b53a44", "value": 2311168, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688018418, "uuid": "a2194d8f-2984-47c8-a618-68ca5a0525ab", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688018418, "uuid": "0c5950cb-bb7b-49f4-9b1c-8140a1c61273", "value": "c67469f96c18c686e513647b43846551.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a2d167a7-166f-11ee-b3cf-42010a9c0076", "comment": "Malware payload (CobaltStrike)", "timestamp": 1688037922, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688037922, "uuid": "aa005b37-eb5d-40ba-b35c-467be232866f", "comment": "Malware payload (CobaltStrike)", "value": "0af47a7efd9e6604d6e32f04bfa820b3", "object_relation": "md5", "Tag": [ { "name": "CobaltStrike", "colour": "#8E4D73", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688037922, "uuid": "c25c087f-3cde-4cfa-802e-48cdddbb0491", "comment": "Malware payload (CobaltStrike)", "value": "44a6bfbe74ebb6955080974ce84771dfbb353989fcb4109f691c9b33fca95cb9", "object_relation": "sha256", "Tag": [ { "name": "CobaltStrike", "colour": "#8E4D73", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688037922, "uuid": "ba810aa9-1689-408f-86bd-2d2031845ea4", "comment": "Malware payload (CobaltStrike)", "value": "1baeb94c6658a795dbcf3e0bff25484fcbdeea82", "object_relation": "sha1", "Tag": [ { "name": "CobaltStrike", "colour": "#8E4D73", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688037922, "uuid": "218a1635-5bfd-48c1-90b3-5c5055636595", "comment": "Malware payload (CobaltStrike)", "value": "8383036ae49da60415dfc644580f4643c2002a60c336ab0a89e910abdb9db130a178cdae33db22864b5f9d9ff5f1bf90", "object_relation": "sha3-384", "Tag": [ { "name": "CobaltStrike", "colour": "#8E4D73", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688037922, "uuid": "a6d3b604-a673-456f-af5d-66e51999bca7", "value": "T119653847B88190B6C4AAD232896692A27B31BC490F3163D33B50BBFE2F767D45E75314", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1688037922, "uuid": "af5c76ca-0a55-42e3-b5ca-3f3ba8a58bb2", "value": "9cbefe68f395e67356e2a5d8d1b285c0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688037922, "uuid": "7386bb1e-ed33-4022-a095-31e587d1522d", "value": "24576:DvsmCMre214y1V9Zv4IhlUg2QU2B1pOb1P:TDCMrf14yHGg2QjPpOb1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688037922, "uuid": "8fc98b00-f17d-40c1-943d-4dd5d5a1e1e7", "value": 1469440, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688037922, "uuid": "d186eb8c-4922-4f60-89ab-361346e2288c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688037922, "uuid": "042458d1-d677-4fdf-b5c4-27feeeb19988", "value": "44a6bfbe74ebb6955080974ce84771dfbb353989fcb4109f691c9b33fca95cb9.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5e1bfbf9-16ad-11ee-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1688064435, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688064435, "uuid": "07b32c85-7041-48d8-a5ff-76790f56d4b9", "comment": "Malware payload (AgentTesla)", "value": "ea440053d1b6cf1eba1b34631e3d73f9", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688064435, "uuid": "f48f1213-ecd0-47b5-ae81-b6b3c910bb30", "comment": "Malware payload (AgentTesla)", "value": "44d90ce8f8ae66d981fc6d7cbf4afcbe25233dfb820f0b61664868d0617c4f8f", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688064435, "uuid": "6f0f08e6-73f5-4b4c-ab29-e190a8d9c441", "comment": "Malware payload (AgentTesla)", "value": "12eb68fd3021756481f5d7cdf6f366c0289f4cca", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688064435, "uuid": "42b63541-4142-4822-a6fb-bc1fc35b6ba1", "comment": "Malware payload (AgentTesla)", "value": "94831d3b47b0f5ecdbb0246759e0a647ba5259860703060b6a951e0c69879c51307f7ec161a2ddfbf10d8188df930050", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688064435, "uuid": "5e11cd3b-d2d7-4e42-a27e-7123243c47e2", "value": "T139E4383D29BC6323C034D3E5CFE18723B225982B71629A765DC39B954796F4229C363E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1688064435, "uuid": "c7664584-61fc-4622-8601-158a903e2356", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688064435, "uuid": "804c0bfd-e002-46e1-85db-8b9975b06753", "value": "12288:9FCGzOjuVAjWvsPPAtNvkRTadRblGSk/W0/6S:/CQOuVwyqRTi2SU9/6S", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688064435, "uuid": "11fc4bd4-c6d5-43d9-93b2-6362cb4d2199", "value": 657408, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688064435, "uuid": "861ea70a-c463-491c-add6-7d4005938b8f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688064435, "uuid": "cc0356dc-5143-4e1e-ac1c-953d69af0e38", "value": "Purchase Order.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "12d14092-16b0-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1688065598, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688065598, "uuid": "8d0c01e6-11f1-42d3-8835-b80271f68dea", "comment": "Malware payload", "value": "eecbb881315dfa6bfb35b6a09f38a058", "object_relation": "md5", "Tag": [] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688065598, "uuid": "73f8902d-79eb-453c-a66e-c64f35cfafe1", "comment": "Malware payload", "value": "45412b19ec9f4e29129960fa3f1fc4e0e9e7c0b181356dd49221813894887765", "object_relation": "sha256", "Tag": [] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688065598, "uuid": "5d86ece8-29b7-4447-9b4b-bc4250c0821e", "comment": "Malware payload", "value": "c1ec551e98adbb299b74687203fd1c9934ad68bb", "object_relation": "sha1", "Tag": [] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688065598, "uuid": "9873be0d-a62a-47cf-99d8-f06358392cee", "comment": "Malware payload", "value": "6f09da993e1517736e3d680a4c89872db488c42d93fed9a18de440312615dde42aa00aaf447e21e94de38e02b54cc050", "object_relation": "sha3-384", "Tag": [] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688065598, "uuid": "c3bb5a81-6665-4f83-a5ee-ff3c7a34598d", "value": "T1C3A44962A7FE1248F6F7BF04AE7916654E7ABE92AD3DD01D0260114E4971E94CCB0B33", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688065598, "uuid": "d68fb1db-13cc-4590-b5e8-4bdeb1170932", "value": "6144:GoFaGRQRQ4xrXFFduHHSfsvdIBWekF3+JZMvOW:3kkF7", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688065598, "uuid": "634a99d1-29bf-4bb6-8d1c-f5bc4081a085", "value": 475844, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688065598, "uuid": "155cce53-886f-40f9-8554-db869b898b07", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688065598, "uuid": "c4732e69-f3bb-4141-bc72-b1a8efb6e141", "value": "data_29_jun_2388946.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ffa17a29-163a-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Loki)", "timestamp": 1688015314, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688015314, "uuid": "3ba73eeb-8e33-4572-bd50-d8fc57c0a6c3", "comment": "Malware payload (Loki)", "value": "7f6e2a0959481ac955ffa5c591a1e25e", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688015314, "uuid": "8d0b31ce-5fad-4836-99f9-660432d69f0e", "comment": "Malware payload (Loki)", "value": "4781b5ca739a280c011844dabab8fb008340ad82efa70486edc34e8de8a10946", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688015314, "uuid": "9e8acfce-9f2e-4954-9d0f-e217d41729c3", "comment": "Malware payload (Loki)", "value": "02ce117dc8c9b08e381aaccf102766f436166597", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688015314, "uuid": "d6cb0c58-4f39-47dd-bec2-fb0ae84392ce", "comment": "Malware payload (Loki)", "value": "35ff0d22f2cd2d2fb071c5599befb7b2a0cd96449cbbb8885a0f70c75a22363281a36e6bcb696b61f9459ea724920195", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688015314, "uuid": "a962ad26-0d72-48d1-9f4a-6d09289a92e3", "value": "T1C8B4120053E221A6CD994DB69D6701744DC1AC0398C49F53C38D733A6A77A86FDAFABC", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1688015314, "uuid": "dea5eb6f-8dd2-427e-9bae-2151135e4e29", "value": "e2a592076b17ef8bfb48b7e03965a3fc", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688015314, "uuid": "a148859a-561c-4fde-8433-f07cef42b7e5", "value": "12288:9FKBG73lOUG2H7zS8zjDMpOltJJCSJEM1oPa7XK:BrlMa7zbzPMWJJVv11a", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688015314, "uuid": "09523540-4d0e-414a-ad17-642eed21c382", "value": 520163, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688015314, "uuid": "a8671949-fa0e-4692-9511-f9be1aae69f6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688015314, "uuid": "af6d4cd2-2043-4049-8553-26c8226abf4c", "value": "7f6e2a0959481ac955ffa5c591a1e25e", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bed0b6ba-16b8-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1688069322, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688069322, "uuid": "93c464c5-7c97-406a-816f-a676d938f233", "comment": "Malware payload", "value": "67f5fafd75a67217bb7c238b1644626e", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688069322, "uuid": "0837e71f-1c3f-483e-9de7-ac42435d1d0b", "comment": "Malware payload", "value": "49adf9820b59552b50cec0177b657db6bd13561c1a6b2802bbc6112c7e34923a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688069322, "uuid": "be959636-cfb7-44aa-8bfb-98c09d3cf96b", "comment": "Malware payload", "value": "939af7558073144ab6e0bf6a6ccfa6153fb54ed0", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688069322, "uuid": "0da37f8f-f796-4f65-9ad0-5da99c33b16d", "comment": "Malware payload", "value": "e3edcabea11231e5f148b18d6144bfe86084d21ee51b12fd11f83f068d8857a9671e7a9d6243c8caf517e0eedd63e167", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688069322, "uuid": "bf170548-d48f-44c6-8c4d-dedda0890d5b", "value": "T1C756337053A848E2ECB74A3EC096C85AC5B4F8160354DD8B1274527A0F77B1A6E7FF92", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1688069322, "uuid": "70d05039-d9f4-4551-8110-01b1c7d37d08", "value": "0b5552dccd9d0a834cea55c0c8fc05be", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688069322, "uuid": "0a66fd21-1367-4e0d-8e81-0f9613b7bc44", "value": "98304:NiREtdFBmamaHl3Ne4i3gmtfXJOLhx9fZAzDJ4wzDgsRuGKCRVN0yjYsxGDbmuFH:NLFFeN/FJMIDJf/gsAGKCRVB8hfmuFsG", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688069322, "uuid": "6ef65cbf-bef1-4ad4-b904-945d5a4780f4", "value": 6328253, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688069322, "uuid": "11d38781-1c22-4ea6-87e5-b03b9d733041", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688069322, "uuid": "943da75e-6da8-46ce-8f7e-de9ee2314bd5", "value": "WiFi Update.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "36da30e0-16a1-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1688059216, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688059216, "uuid": "f954f1f6-9ea2-43ee-a411-febbb399ab2c", "comment": "Malware payload (RedLineStealer)", "value": "a0acc5a59eedffe5a70d9ce09ce1f7ad", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688059216, "uuid": "78278e89-2cff-489d-94bc-e854503fe91a", "comment": "Malware payload (RedLineStealer)", "value": "4ad2f2464d644f28c232da48ce6f109abacbc24201d4d3dd1a0b4b7168be2423", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688059216, "uuid": "cc6e0bdd-8f57-4fe1-a8dd-25c0efde2f2a", "comment": "Malware payload (RedLineStealer)", "value": "74c4db821fe8d244c81f35518f7544e0bb7530fa", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688059216, "uuid": "e974071b-be9d-43dc-a9c6-0769b66e872d", "comment": "Malware payload (RedLineStealer)", "value": "4a09129ff606e0cf516942577da269c25bb2f6d15b1ca4d481cd84ab833b046e10cce19b73ef9a2ff8241cc08729284d", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688059216, "uuid": "6ebe0435-445d-4117-972d-9658c142099b", "value": "T1AB4633C73C392728E37AD2FBF913D8C2E0805D398173156C4EBD4B1CA9E89616767A52", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1688059216, "uuid": "34311b6c-66cb-4097-a3f6-de625df863c0", "value": "2e5467cba76f44a088d39f78c5e807b6", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688059216, "uuid": "2cedb93c-2645-4229-b816-02dded73b731", "value": "98304:cYqErkiTiOFsLRj644JgGq8xphse9lydNaGR6mVHek+2f96gqwBGi1UVw4O:JIaFw04lSv9lWFYJk+2f939S", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688059216, "uuid": "e2a33de5-e143-47d2-9da8-c236ec7a4dc4", "value": 5774848, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688059216, "uuid": "688c924c-fc38-4c77-bb15-d3463c744efd", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688059216, "uuid": "71e1b7f6-116d-4960-88c8-85773a90c58e", "value": "a0acc5a59eedffe5a70d9ce09ce1f7ad.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2078a222-164f-11ee-b3cf-42010a9c0076", "comment": "Malware payload (ModiLoader)", "timestamp": 1688023959, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688023959, "uuid": "aec3fa94-4eb2-4c3c-b624-3552d0f22b75", "comment": "Malware payload (ModiLoader)", "value": "0bc31abc6c645d94bd76a975a3fd16cf", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "ModiLoader", "colour": "#54DCEC", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688023959, "uuid": "9e682d41-6ff4-4838-ad24-c767698998e5", "comment": "Malware payload (ModiLoader)", "value": "4b402fc22d549d386739470a310d2b3df617cea9667d950fe26fd58f49cd89e4", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "ModiLoader", "colour": "#54DCEC", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688023959, "uuid": "d7929706-43fe-4a7a-9969-8fafe71ef2c4", "comment": "Malware payload (ModiLoader)", "value": "c4e0836a122b0cb3699b2c3b3a09a07d1240c7dc", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "ModiLoader", "colour": "#54DCEC", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688023959, "uuid": "a6cc1037-bd7a-4065-86c7-6b448c000c18", "comment": "Malware payload (ModiLoader)", "value": "4d89bbb7c8bc0b64fc6ff8c57010ed1744ec7976cdc92e76a1310fce3e8c30f3ef8af116a1326eac759f90f5ce5945cc", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "ModiLoader", "colour": "#54DCEC", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688023959, "uuid": "2170ef02-16da-4eca-8103-65a7114344c8", "value": "T1CFF48C66B591883BD07315754D1BA264AB39BE30297C780CBBF5BE086F352D178393A3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1688023959, "uuid": "7c9b48da-e140-4138-b6a0-26a15037a82f", "value": "dc5722f660520f1aa61a7b10f2b53805", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688023959, "uuid": "f4236f6e-519e-41d7-aeb2-1198fc05d5b4", "value": "12288:3Dt13b/p8MfooHPV3LY4umBbErlpeJZuRWdotWH8Rmt9:3DX3DioFLkmBWlhW/z", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688023959, "uuid": "848d0da2-3235-43d6-a9a0-d8ed589ea8a1", "value": 742912, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688023959, "uuid": "7661a779-c3f2-43e9-a2f5-f4c9c19d5542", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688023959, "uuid": "f5d1fd74-362c-43d6-baf6-3e5315a2b5e4", "value": "SecuriteInfo.com.HEUR.10347.7143", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "09dc6c4b-168c-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1688050121, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688050121, "uuid": "e3102612-79fc-4dcf-a6d9-66c7db04c8c5", "comment": "Malware payload (RedLineStealer)", "value": "04aa05a9a637cdc44240c6e1cda33acc", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688050121, "uuid": "65999e91-4f96-4ec6-b7e8-75c6c154b78d", "comment": "Malware payload (RedLineStealer)", "value": "4c5c389d0f6cbdaf6fd89585559d71a37e061e7678aa1a5391d82657f8890569", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688050121, "uuid": "29f4ae07-6dc2-4671-8088-cc0d030c976f", "comment": "Malware payload (RedLineStealer)", "value": "21c383fc380f4a523ff90398396ad97fe31f376a", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688050121, "uuid": "d5fd7ba6-648a-4063-8086-3a33842eb18c", "comment": "Malware payload (RedLineStealer)", "value": "138dbcf9a3220966cbaaeb03876ae7f6e0dfbd5c293b2aa54515aebbe60784af74153b965ba02092370d66f7bf4515bf", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688050121, "uuid": "c7fd3329-4a8f-429b-8758-14be1ab77eca", "value": "T1875438213D6ED7DAE8E6D9B2C9BEBBB9B05A0DD161B4F387178500ADC9101D2813E2C5", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1688050121, "uuid": "4bb5428b-27b9-4b4c-aaf8-5c0fcec33fc8", "value": "bb1d8bfc6c51ca02a6f390c720552f6c", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688050121, "uuid": "6ef10ceb-0fca-4845-b276-4c3a288aacca", "value": "6144:21ea2GMpEl3Zcsmci25sndkzOYFwKBbvoEjypFm6QIBJ7ZuSyY80ZUE4UIn8zpF7:7a2GMpwbyLm6QIDZunYt2jUo8VFeixIA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688050121, "uuid": "d4ba42af-abfe-42ce-aabb-9ce0e0320c62", "value": 281224, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688050121, "uuid": "0075e72c-afb4-4040-a756-2ec9c94e4644", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688050121, "uuid": "618517ab-23a5-437f-b031-53273277c0db", "value": "f8.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b7eaeae6-166d-11ee-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1688037098, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688037098, "uuid": "99cfe5d0-f991-4c2e-bec1-b62262c17066", "comment": "Malware payload (AgentTesla)", "value": "68b63c90a5a1d416b94ad3ba27e949fd", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688037098, "uuid": "0e25396b-cc5f-40f6-9535-c0e1c403706b", "comment": "Malware payload (AgentTesla)", "value": "4dd90d33d60253c17602d8e1f0565ca9802e517b9416ca45e890b2c79b41a382", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688037098, "uuid": "7510300f-a7ed-4436-b91d-2b0c001a9f9e", "comment": "Malware payload (AgentTesla)", "value": "05e24269f513f8c0f19eed2a676eb99d22ca95b4", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688037098, "uuid": "c1e2eb74-ff61-4d8b-8dad-1dd3982ed292", "comment": "Malware payload (AgentTesla)", "value": "8d60a8ea23e33a7900e45929c1be7d5336294bbaa5145332a1a0bfd005b964b19bb14f32f4bf68607ef8d26eca8c949f", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688037098, "uuid": "a4d48487-7b74-48b0-b6f9-83327b60e145", "value": "T139F433AA50072B7133A04B73449376F831BEBC73FCA25CF9BE61907534BA68D4254A5E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688037098, "uuid": "074bcb00-4b90-4481-a5df-341c8c540d12", "value": "12288:YmWWBKzCmcl79KLstw711/ure/c6FPMd2dQAPk8c1wfNF8gps9Zn/PeLCCbso7Hi:YmWWBAbTLstw711/urmv9dzPkJwfNF12", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688037098, "uuid": "02f8345d-f6cd-4aa5-a537-084cf1a3f1ea", "value": 734383, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688037098, "uuid": "2ae10d32-6fad-40bc-832e-f27de61b22df", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688037098, "uuid": "48f7b1ee-3afe-4c79-b78b-ba41ca0e3cc6", "value": "PURCHASE ORDER.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6694425a-1642-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Mirai)", "timestamp": 1688018493, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688018493, "uuid": "dc717e9f-11cc-4894-9e40-33a0a6086f3a", "comment": "Malware payload (Mirai)", "value": "2839c5dbeb2538e181dfc36639da05c2", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688018493, "uuid": "47af144f-de36-4f2b-842b-200eb407fcdb", "comment": "Malware payload (Mirai)", "value": "4e700477e879428a51fa3b95aa20379a4e709dde355165a6fde8cf1b620403dc", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688018493, "uuid": "d0237d84-28fb-47ec-bc6e-ef94329ab06b", "comment": "Malware payload (Mirai)", "value": "a6178b95c313fdd5a94cfa7a41568aa95aea8120", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688018493, "uuid": "6b964122-5b64-463b-8eed-fae94b4be442", "comment": "Malware payload (Mirai)", "value": "09e381ed3de3c329d941b63e6ae84cecedaefb30bbdb90abf8de7883095b4ea01f7957465689a9832f4e0499f1cee0b9", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688018493, "uuid": "47541bdb-6d52-484d-8e20-f2a30a933106", "value": "T1F382CF3061AB35E9DBE10435FAADCEC6971A0BF8D0FC36A317586F78C94250615F92CA", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688018493, "uuid": "6170b5ad-7092-4355-9c56-901d3b8435b9", "value": "384:MjlzRV0P6iOwrkom0DRnVATuSlShu6NvmPWtUn+KMatFhymdGUop5h5lb:6/V0P6+kom0tVAoNvm+to1tFs3Uoznlb", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688018493, "uuid": "8ed8f656-1755-47dc-9414-ed62c00d4689", "value": 18488, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688018493, "uuid": "8d74ebbe-1fae-4191-900c-dc2ee9485f6d", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688018493, "uuid": "6c803154-b250-4569-ac8a-a78bb9f16a10", "value": "2839c5dbeb2538e181dfc36639da05c2", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7d61bdda-1635-11ee-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1688012948, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688012948, "uuid": "aced9535-b757-4754-80fe-4239173c13c7", "comment": "Malware payload (AgentTesla)", "value": "1740c5dae86b5948e6dd0fc2e99534a8", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688012948, "uuid": "8e8d0db0-8d22-4cfd-9876-b76a99bfe85d", "comment": "Malware payload (AgentTesla)", "value": "4ed2a8e2291ca6f9684acf27a278a2667b703af3c4c67f9bc92eeddb6dede245", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688012948, "uuid": "18b76d21-0787-42e3-af90-0e8daffc5d50", "comment": "Malware payload (AgentTesla)", "value": "42979979dc992a9d1649700d8d3b22c072631a43", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688012948, "uuid": "b69aa5ed-2b42-40a9-954c-44233ab7badb", "comment": "Malware payload (AgentTesla)", "value": "40a3ee531897a63f2062870908f70c52847d5e000bcce2505217f2d067f34f5dded7e2b38d671f82ca0149d358a1be0c", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688012948, "uuid": "660d54c0-9fa2-4803-b212-745f31a39b2a", "value": "T1C1C47A3D1CBD2A37C074D6EA8FE48463F550D43F39229A2668D797918706EA365C323E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1688012948, "uuid": "76a668ed-9946-45b1-8915-50898a36716f", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688012948, "uuid": "329d1a9e-190d-4dfd-a749-7d53f71e5cd6", "value": "12288:L2EO6nbA48Mkime2Sx+VedVWiNScxQUwNK:L2EO6nbA48Gxfx+Vef/NSczw0", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688012948, "uuid": "0959c042-c6c2-4e7c-91fd-99aabbf519e1", "value": 591872, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688012948, "uuid": "9517904a-a80c-4171-93a5-50a80585cac6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688012948, "uuid": "550e3ea3-1245-40f7-9250-b436dde32bbf", "value": "1740c5dae86b5948e6dd0fc2e99534a8", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "85c44dc9-161d-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Amadey)", "timestamp": 1688002654, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688002654, "uuid": "f6ff8043-4915-486f-a73e-b4420c556f73", "comment": "Malware payload (Amadey)", "value": "50a4f053e7d03653c4d4d6c16f7601fb", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688002654, "uuid": "2f237069-e40b-45da-a8b7-82db04cce246", "comment": "Malware payload (Amadey)", "value": "4eefe15812a6806769912c731f734edab166fbfa94b9734551ce04e47dac5acf", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688002654, "uuid": "7242b4f2-7431-42f2-a324-94bc1e218b1c", "comment": "Malware payload (Amadey)", "value": "ca6634cb4013949629b2997adbd0ca093e68f3f6", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688002654, "uuid": "5f4e6a8e-16b8-4280-903d-1a98d6f449b5", "comment": "Malware payload (Amadey)", "value": "5bf01d835c9dd167324b67458129a600133131366e136fe51c8f3195de53050acbf3dd1d7f6825bbb61136ccdef2d294", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688002654, "uuid": "7c19ded0-e4d6-4dac-bab6-146f4c8491b2", "value": "T1F616124DEFCF8CB2DFB440F40CE799E08D2C607729609C96268D2A6B176567D38219BD", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1688002654, "uuid": "c95fbf82-ae95-46ad-b183-ee272c3ca367", "value": "335c1a113789bbb917445f00d58e5071", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688002654, "uuid": "9e28fe69-607f-41bf-b928-f7d3a5d2341c", "value": "49152:RCRZX08k0advRvq09rjZMVj8Xs9kCnu/Gt:RcX0EadvgMruoXs9kCnsa", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688002654, "uuid": "510b004b-8931-4ea1-8298-db83037bae64", "value": 4088456, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688002654, "uuid": "c0c85009-ef04-4280-a043-779ab810b775", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688002654, "uuid": "5fc9ec7b-921c-4642-8a7a-582a19cb8417", "value": "4eefe15812a6806769912c731.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "672afc09-1613-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1687998308, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1687998308, "uuid": "867ce2fb-0abf-493a-91a1-7bd815be2d55", "comment": "Malware payload (RedLineStealer)", "value": "f2dfdefa6581e4016a58e6db0fe3927d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1687998308, "uuid": "5f8aac04-213d-4143-89cf-a78d1d266ad6", "comment": "Malware payload (RedLineStealer)", "value": "4f3029cc31b3be2414aaaf50fb8b5ad6c19b9d9a8d15e27ff0f6b8bbb7ce4ae4", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1687998308, "uuid": "d624c93e-502b-4b55-8ec0-03aa7e7a02ea", "comment": "Malware payload (RedLineStealer)", "value": "766cc632c2ba68b9822f3dc54926290f20e0926a", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1687998308, "uuid": "6cbe47ef-f7b2-4159-ab58-96be0aaae440", "comment": "Malware payload (RedLineStealer)", "value": "a7633a8189084f17cfbf4c3bc6c7dbeaae1677baf5b505b315ec12bbf0d5f17872f76e271bca2d35b053c443692da78f", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1687998308, "uuid": "4a2769a8-35de-4387-a086-28407cb643dd", "value": "T129846C439290BD94E927CB729E2FC6E8771DF6508E497B762238AF2F14B11B2D163710", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1687998308, "uuid": "80ba1ff2-ec7f-4e6f-b2c7-b2f02b4fdb69", "value": "10c92732e2f9b87d0a930bebb28e6cad", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1687998308, "uuid": "20846e79-db8a-4e35-947c-9590a7647179", "value": "6144:3JU3Ict7J9tvjXNgxxga4zQc0pMjMQkeoxc:i3IeJ91jdgzUzQcRn9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1687998308, "uuid": "48dbe70f-fdde-436a-8222-a2f66c878ec1", "value": 406528, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1687998308, "uuid": "b6dac9d7-09c4-430f-ab1e-d157fbe088aa", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1687998308, "uuid": "6098e240-d2e9-4a65-813c-7dd64151dccb", "value": "f2dfdefa6581e4016a58e6db0fe3927d.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1d869a5e-164a-11ee-b3cf-42010a9c0076", "comment": "Malware payload (GuLoader)", "timestamp": 1688021807, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688021807, "uuid": "3863de81-60c0-4caf-9ac2-c77f5a175bdd", "comment": "Malware payload (GuLoader)", "value": "5000b03d745b75332fddaf1b062419ad", "object_relation": "md5", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "img", "colour": "#F0AECC", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688021807, "uuid": "0fb3b79f-9811-4423-913a-0ca99355846f", "comment": "Malware payload (GuLoader)", "value": "4fc61d70877d2e16386ae1a7d4414ee547a61ac1ca794e7b39299c1ee8c84494", "object_relation": "sha256", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "img", "colour": "#F0AECC", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688021807, "uuid": "6b6a097b-7226-4665-b7e1-0bf32fe8df53", "comment": "Malware payload (GuLoader)", "value": "d793ccafbc98621bf5059c0a6e19dcbd3145de4b", "object_relation": "sha1", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "img", "colour": "#F0AECC", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688021807, "uuid": "c7a81b2a-e650-4e10-9ae5-dcce621c7c2c", "comment": "Malware payload (GuLoader)", "value": "1b670152c40604f6e48ff39554e230e9fa819f5910adbaf4f9165f5e32155ff3e6016ce8e58daa715992c53201efe585", "object_relation": "sha3-384", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "img", "colour": "#F0AECC", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688021807, "uuid": "359ba7ed-72bc-4759-8657-ef0a3876c893", "value": "T1AB45121666D09817D55857310DB2E73CB138AC29AE30921F33FC7F3E3BB56569A032A9", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688021807, "uuid": "9dfda602-c908-4cc8-a662-16f7b3291560", "value": "12288:38dDnMRISgnK/z9ekybwdfUg7s4t2qQE9xyBO1i6PbqmcY:38eRIBKb9qwRw4oEZvPO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688021807, "uuid": "770edbc8-f664-4ea4-a975-ce36a03e78cb", "value": 1245184, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688021807, "uuid": "35e0d74c-6a83-4106-bdab-7ac0e0918ad1", "value": "application/x-iso9660-image", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688021807, "uuid": "5e7c3ce7-8a78-48d1-9bbe-b26de9e97f97", "value": "Our_company profile2_1.img", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8cd45b96-1625-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1688006102, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688006102, "uuid": "2cc69ef4-f4a2-44d1-9f81-8b2496c8e48d", "comment": "Malware payload", "value": "31a3aed41a5dc1768e93e879d77e3008", "object_relation": "md5", "Tag": [ { "name": "base64-decoded", "colour": "#89156F", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688006102, "uuid": "a6211318-4894-49ff-aaf7-9b6ec17cf72d", "comment": "Malware payload", "value": "5191f253dac6048e343a1c5a9503ce9efe250b04e333f0f7c216bc9294ac8183", "object_relation": "sha256", "Tag": [ { "name": "base64-decoded", "colour": "#89156F", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688006102, "uuid": "2d3e45c5-5323-49c7-ba02-33b941ca33c9", "comment": "Malware payload", "value": "ace4a622ee943841d3369288e0058596b36de27d", "object_relation": "sha1", "Tag": [ { "name": "base64-decoded", "colour": "#89156F", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688006102, "uuid": "5c4bee74-041e-4ff0-a1f5-5a6118976f77", "comment": "Malware payload", "value": "b6a287decc1def25e12fecc39bb600359909de7b9d7584571f22c28e8cb9b2809f3dd50d07b7c8c36ccddec7027186a3", "object_relation": "sha3-384", "Tag": [ { "name": "base64-decoded", "colour": "#89156F", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688006102, "uuid": "9c40ab25-e724-4035-9153-e1c07aba28dd", "value": "T1D1E5AD46B696DD6BD3D4BB3EA05751288771D2223723B71F1F7801767CA23B809423EA", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1688006102, "uuid": "39cc3814-b4cb-429b-9261-ab1f8fd27662", "value": "dae02f32a21e03ce65412f6e56942daa", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688006102, "uuid": "12eb8670-4bf7-47e0-a3a1-be80bacf88cd", "value": "49152:gKs9SsNNO5W+OvpxgHYA62pr/+/jx63RSNFPLLIiSbrkpo5+BMzT:gKsagpWHt6I+/MhAFjLkrCRMzT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688006102, "uuid": "470936c8-e5be-47e8-b1fb-55ea68abdb6d", "value": 3248128, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688006102, "uuid": "f872089c-4dc6-4328-be01-bb2ca147ce60", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688006102, "uuid": "81fec6f4-3500-4c9b-a2c8-1ff3ef8c602b", "value": "16880060975b00a9f1526a077bab1dc9252eff60e7870e479073b09ff5df826533cab59a61952.dat-decoded", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "22a61d46-1674-11ee-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1688039854, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688039854, "uuid": "75243f58-7ebb-4ff2-8831-5b9a488dfb77", "comment": "Malware payload (AgentTesla)", "value": "de8984b400422aa94f9cb34d5f9c06cd", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "QUOTATION", "colour": "#75C1ED", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688039854, "uuid": "2541ae0b-ef20-4882-a520-56b9187de6fa", "comment": "Malware payload (AgentTesla)", "value": "51f801db0d98833131185353dd344e17d432aa84caa8ad27df9a5851cdb30f2b", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "QUOTATION", "colour": "#75C1ED", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688039854, "uuid": "cc03b1f1-9c90-4435-8678-da2a8f264b36", "comment": "Malware payload (AgentTesla)", "value": "e624632a8d66308af35714dfd9c5628800a6ea38", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "QUOTATION", "colour": "#75C1ED", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688039854, "uuid": "eb167b8e-73b5-4fb2-b20c-f1e9e5b2e1b8", "comment": "Malware payload (AgentTesla)", "value": "e01ea5024dbafcbc498f9e348dafc25f4149b64e26e3bdb18eb7c07f2a43f6b3a6172b646d914f5f6f1e7ccfe06a25d5", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "QUOTATION", "colour": "#75C1ED", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688039854, "uuid": "8917492b-34d2-4456-a6ad-18c8aac04145", "value": "T120441219B5B0C4ABE8A14332A9365776EEED641A15B4820F73800F1EBA56593DE4F333", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1688039854, "uuid": "316b0299-94fd-4785-8873-6e8f87219341", "value": "61259b55b8912888e90f516ca08dc514", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688039854, "uuid": "2839f75f-2d8a-4e8d-9c28-b4b53e699b08", "value": "6144:/Ya6BbS/RNTRelW4VCo0iIadFTxir9t26RrVTn4aqc:/YTGZelJA5oFgptlV74Jc", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688039854, "uuid": "d33e88eb-13a0-4e91-964b-9564392e8778", "value": 275959, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688039854, "uuid": "525f9110-97c3-479b-8ec5-7e01a63ca38a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688039854, "uuid": "ae60e4d2-1848-4270-905f-1b5d751421c7", "value": "New order.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5ee2575f-1642-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Mirai)", "timestamp": 1688018481, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688018481, "uuid": "fd16688c-875e-420b-ad12-6a97a3f74143", "comment": "Malware payload (Mirai)", "value": "3b701e4e7db43ad9076dea431b66f655", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688018481, "uuid": "bd0b7b9a-381c-403c-943c-6db86e616fa9", "comment": "Malware payload (Mirai)", "value": "52b4ff41909fc6bbecf5325016c70374fffc537a245a28f8783934e927a40a5d", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688018481, "uuid": "9d6f53d5-147c-4dc1-8cab-d024ac213658", "comment": "Malware payload (Mirai)", "value": "08896f5e8b7d73bd118c519944478077fac20fca", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688018481, "uuid": "3bbcf00a-ea3a-4625-916d-1ee0c3ed892f", "comment": "Malware payload (Mirai)", "value": "319c612524e7ff3da2dfff32f0dd927dc837c977d3680eb5cae999ee3494448802c39b40631310385ae66242e0c393f2", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688018481, "uuid": "9e83df76-25bb-4567-a354-62ead212f33b", "value": "T1ABB2C0CC61943084CA8D7C7C178D4A675F6C91C0BAED9B26E360CD9473BEA4B385D078", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688018481, "uuid": "a6f0f295-ccdb-432c-8ce0-44d93d98e692", "value": "768:obrQlS07dEv0UXqUhvQE+CXQKMQKCXBphbZqSWvh:4QlS07FUXqIYSXQKquDq5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688018481, "uuid": "157729f5-efa7-49d4-b311-67a53e05415d", "value": 24912, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688018481, "uuid": "1160426a-a37f-419c-89fd-d335025126ca", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688018481, "uuid": "cd1240e1-84be-49a5-b8a4-696e95ec82c0", "value": "3b701e4e7db43ad9076dea431b66f655", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "586bd0e2-1642-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Mirai)", "timestamp": 1688018470, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688018470, "uuid": "ce4e3d66-79cb-4883-a1c7-9e2125166a4f", "comment": "Malware payload (Mirai)", "value": "8b4da6ddf8b21d04defdf7b00c9ce0a0", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688018470, "uuid": "a1474105-3c4b-4e9c-987a-8a93e4793c1f", "comment": "Malware payload (Mirai)", "value": "572a4e95aa6c1bf7d74162f1390930d26e7dada0ef5ed16bf106cb8e32ef7e5d", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688018470, "uuid": "fc247c21-f829-4311-af4f-905359813b84", "comment": "Malware payload (Mirai)", "value": "76114b4d157f181468282ca1b50032a1a82c9e6b", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688018470, "uuid": "e9847cae-839e-4cd0-930f-c3afe7e071b3", "comment": "Malware payload (Mirai)", "value": "30c52b06c9a19ccbae75667d3f0383437f8e3e811cfcd85a6a14790cfdf948d2bc8a37ef6ac4bdcdd17bc9899d7dea7a", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688018470, "uuid": "d4c4faa0-b4be-4cb9-8054-59f7dee68646", "value": "T1E4230271890ADEB124703C76EF99D383B6E12AB1C6673123D5290A382F797131E57E4E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688018470, "uuid": "cd11ab48-a03e-4b6a-8c8c-9fc1f909a7b9", "value": "768:g/TYCoIxdEk+AxoTZAZHFeq8b3Hg9q3UELbUXfi6nVMQHI4vcGpvE:gECFd+A6YHAxJLRQZE", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688018470, "uuid": "d9411e22-9f76-4c26-b246-b3af859e6d44", "value": 46624, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688018470, "uuid": "9044afa6-4b6f-435a-b02e-ba979a9f1609", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688018470, "uuid": "67cfcfab-2ccc-4b11-a6ca-69149ca9442b", "value": "8b4da6ddf8b21d04defdf7b00c9ce0a0", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6ebe1560-16c0-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1688072624, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688072624, "uuid": "ce1e9bda-8788-4649-8f64-e3309f688a9d", "comment": "Malware payload", "value": "2f19e9fd398a00722ba3baa93a5611e9", "object_relation": "md5", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688072624, "uuid": "438bc089-8a11-4796-a8b1-e06b3ad3ced4", "comment": "Malware payload", "value": "58a563c0e7fe618bf4a9ed68000b7bd9b8f837c588536acda68c65c22427afe5", "object_relation": "sha256", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688072624, "uuid": "c7d94a82-9546-46d2-9e10-0e573aa07fd5", "comment": "Malware payload", "value": "3326854deadeec711ade5270ad038a6ed9e5d485", "object_relation": "sha1", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688072624, "uuid": "c8609fa9-c96b-4a28-ac12-ababc7ec6544", "comment": "Malware payload", "value": "1ed3586a8ced0d221d7c0eb30430efd8e6e8717ae486c0e88483b6f1841b6087295a5d4e7e558029af7003902ae7a9c2", "object_relation": "sha3-384", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688072624, "uuid": "cdfe3fb6-e240-451b-b3b2-b1db607da6be", "value": "T18E764A4AD2333F64D98F9DF69D772587F230833245D451FAB13C91A82BCE0486A9763A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688072624, "uuid": "73fe0271-f962-45b1-81c9-bfe0b1d27244", "value": "49152:jiCRD1L9+0O+MJ/SY9c1dALo6MyHEkxSHDiW4B2N+W+JYRdQFnFO5/FRr/2LYUyZ:F7p6ML+sy67QFnFO5XgDyM0nFFpIPm", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688072624, "uuid": "4929780f-a855-433d-847d-5af4b21355e2", "value": 7243174, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688072624, "uuid": "9d478e28-719b-4208-accb-5c3c9e034f22", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688072624, "uuid": "eead53b5-2c9e-477c-bc65-b73fd73596d9", "value": "mcassets.jar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0eaa0cef-1677-11ee-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1688041109, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688041109, "uuid": "86bd3072-0d87-4eba-a49c-40e62241c0f8", "comment": "Malware payload (AgentTesla)", "value": "bd5356459f0bf42d2530cc16e882afb2", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false }, { "name": "Siemens", "colour": "#EADC3E", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688041109, "uuid": "2a8ad66e-6c3f-4592-a670-9c712c004f6b", "comment": "Malware payload (AgentTesla)", "value": "59930f893ea97b7afe62de5a914e3386eea4cdc0549698660cf5c29b16fbfacd", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false }, { "name": "Siemens", "colour": "#EADC3E", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688041109, "uuid": "21ee16fc-2cc7-4895-9880-b1868f5602ab", "comment": "Malware payload (AgentTesla)", "value": "0cf347be60e27c5ffe56f43004b4bc700c29aca4", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false }, { "name": "Siemens", "colour": "#EADC3E", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688041109, "uuid": "14a1fed9-5756-4d23-a232-4b4d55a21378", "comment": "Malware payload (AgentTesla)", "value": "be371a624db98430b2ba928911ef6f5e59ffafb09bb5b19f0fca80d13628a6929970a22bd1e49f7315a6e61629aa7966", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false }, { "name": "Siemens", "colour": "#EADC3E", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688041109, "uuid": "6737a02d-cf37-46f5-8194-46eac2089f53", "value": "T1BAD4239A18F7F4D27737BF70F5406B494897947489E48B5ACFCA87106D32DC0266E06E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688041109, "uuid": "fe0f94cb-ddd8-4035-9d24-e0f15370d7be", "value": "12288:+bxyvEYppP4J70sN7HcSDkuVbLjF/i8M10QmNdPhgribxy9Dp0DY:+bTWCosN7HbDkuVnjy0QEHxq0c", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688041109, "uuid": "a0b07f7a-c852-4e4c-b5e2-e0530762b772", "value": 647050, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688041109, "uuid": "6b76db64-0292-49d0-a933-4790a085bab8", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688041109, "uuid": "ce9a8c93-79b0-45fc-89ed-94192a6ee723", "value": "RFQ for Req 12465.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cc348735-164a-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1688022100, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688022100, "uuid": "3e360102-1889-4609-9771-09c588e629dd", "comment": "Malware payload", "value": "27d8c23579018eff34ce61459e18f7f1", "object_relation": "md5", "Tag": [ { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688022100, "uuid": "b2f22b91-950d-42d9-8fdc-a957fc80d535", "comment": "Malware payload", "value": "5995f2e1327a4a820695aa97f9e18926ecc900f1a036d8b11573c572d0fd47fd", "object_relation": "sha256", "Tag": [ { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688022100, "uuid": "7360f209-1400-467a-a3bd-121c355f9cdd", "comment": "Malware payload", "value": "ad64565c41d3a3581621238ac4c65411e7cc30bc", "object_relation": "sha1", "Tag": [ { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688022100, "uuid": "ae0ecc11-550f-486b-b630-c8434a3c6d5b", "comment": "Malware payload", "value": "f4083b4b83fd0f22107daaf102fe807098ed0daeeea1ce81fd69d3cc8bdd90a09c09a9ae910dc237c193949739dfa31f", "object_relation": "sha3-384", "Tag": [ { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688022100, "uuid": "ef41b4dc-66e2-4980-bd3d-d873de646460", "value": "T1CEA58D1275DA8732EA7E8134A5AAD73620FA3FE01BB154DF53D4593A0EB05C242B2F17", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688022100, "uuid": "76ff285c-f41b-416e-b708-2ea2998029a0", "value": "49152:w/VDxGSFVtaN4AyK8tKk5ojmrhCMz5vk3ukDln/hFRFNUEekBIWsRkn4frUMXjDA:qxM4AeKknz5vqu0sRe4frUMXjTY", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688022100, "uuid": "423d1b75-7b97-4e84-a8b6-32c92d8be7f4", "value": 2252288, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688022100, "uuid": "08870a91-f499-4d0a-8744-8ac1e6679f83", "value": "application/x-msi", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688022100, "uuid": "b13483d3-bfd0-460a-84de-83c3ec2905ce", "value": "Fatrr_wakMkxp.msi", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "308dafa7-164f-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Mirai)", "timestamp": 1688023986, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688023986, "uuid": "bb2adce0-3cd1-486d-a703-a13357cf7e13", "comment": "Malware payload (Mirai)", "value": "4960677c2920e909724a331c67c1b35b", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688023986, "uuid": "d5f5e66e-fb7f-47d1-aeab-1f1d2f21eccd", "comment": "Malware payload (Mirai)", "value": "5a83f794d8df4f8bff32f9815afbb3ec4e8257c5ef17104c2ae20b8d302ada64", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688023986, "uuid": "afd95d87-ba07-47e5-92b1-b93cf744f491", "comment": "Malware payload (Mirai)", "value": "d69861d4d6645d7119caf3c1b6d76e524e0f7544", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688023986, "uuid": "e0e8d3ae-de21-41f2-95c5-949a94d19934", "comment": "Malware payload (Mirai)", "value": "92ce1e6a37361ec574ad30cccc1babb16d51d42182de369cd849d66b52cc1d92c266992ba20032943ffcbe4e9b553085", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688023986, "uuid": "0541ef56-3726-4609-9709-958d429365f0", "value": "T13363A61A6E628FEDF659833447B78E21AB5823D527D1D681E26CD6002F7034E641FFE8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688023986, "uuid": "a30af2e3-d7fe-4505-9fec-c4c0c94fca4e", "value": "768:YaDrpAYA0od2i+mbgRdggK8XomvQaQgdYHt0WsbrHroX1y/ule3fCdw/bImV:Y/GGQ58DfHtYb/AVevCW/b9V", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688023986, "uuid": "ae107950-f556-4ee8-8a3f-6b019f7ee3f9", "value": 72284, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688023986, "uuid": "1f27b0b1-d439-4315-838b-4f137a764146", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688023986, "uuid": "c472cd1d-3472-45ba-8414-cbe1702805ff", "value": "4960677c2920e909724a331c67c1b35b", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "27dea18e-164d-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Smoke Loader)", "timestamp": 1688023113, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688023113, "uuid": "ef94ae87-aa05-42bf-9a53-3d8ace5286e3", "comment": "Malware payload (Smoke Loader)", "value": "77dbb899047e586e2a07abd738fb704b", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688023113, "uuid": "749efd78-b737-4ce9-b99a-98db6173edd1", "comment": "Malware payload (Smoke Loader)", "value": "5be6593f4824f92d9609894ca4b13bad83039b0ca6d56f20f44c45f2eb9c5ec5", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688023113, "uuid": "380f0d94-5c53-4b6f-813a-c2a547a9df46", "comment": "Malware payload (Smoke Loader)", "value": "5fbc262aa694930ca468d34df36d96b3b63dc3c7", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688023113, "uuid": "5332d43d-72b7-4479-bcb5-55a3fe93e8ba", "comment": "Malware payload (Smoke Loader)", "value": "639f3df9902873b81dc9600ff849e664fa7e4165a4276285a6cfebce6c647511a30ebea2b1674d4ed3d6040bf53e8955", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688023113, "uuid": "91dd91de-a8b9-4b3c-ba3d-6c6c808ccbac", "value": "T112B4F11263809079CD77CAF138985BD8973CBAE1D7DFF1873388412E4EDA79225AD429", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1688023113, "uuid": "fe8de24b-fdb2-4347-be1b-afb5edc8b76a", "value": "9ef61842dd257cd165ffcf2d74517de6", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688023113, "uuid": "ddf4c8a6-fc16-4462-9fea-7b830c46eb66", "value": "12288:DFCabdB4JUZEH1aElia2Eh8mhSk45nRpHegZBW:DEabDQUZm1aI2w8mhSBZRpHegZBW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688023113, "uuid": "d6378234-7641-4f09-ba75-495583af2b85", "value": 540296, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688023113, "uuid": "81ddc7e0-ef5c-41cf-af3d-dc262d0e2638", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688023113, "uuid": "88fd4dd7-60a8-48c1-9073-24945167a7ed", "value": "77dbb899047e586e2a07abd738fb704b.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "afe2d673-1691-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1688052547, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688052547, "uuid": "a0ffc4fc-1de1-4889-b373-fda8fad7a45c", "comment": "Malware payload", "value": "7a2504d21a60af573655987b7ae53ea3", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688052547, "uuid": "99019937-0fee-4d0b-be03-6e9de76a6652", "comment": "Malware payload", "value": "5cf55c9824d5c162a1f18f76c5b146a5c703b0d234c984045ac5849026411792", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688052547, "uuid": "18e1a077-d745-4742-a81b-11af9320ee42", "comment": "Malware payload", "value": "1a9655499c10006513478c16f7d77052d2f7e6da", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688052547, "uuid": "09c70203-6dbc-494b-827f-2385d4127b6a", "comment": "Malware payload", "value": "6987b867cd058f55621c114ba65761238c69b7edf4120d72161261829719ab99f87380bb4b73d3508d4f5252cf48eee4", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688052547, "uuid": "ca8f9121-09e8-4df4-b2fb-af0d6bff46e5", "value": "T1769523027BC084B2C6735E336F66A3307A7DF9285F459ECFC791482DAE709C19236696", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1688052547, "uuid": "73f62d51-4eb7-4dcc-888a-4157ca19105d", "value": "0e806fd55a4f41060c8e206a25d6875a", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688052547, "uuid": "05e5c869-a2fc-45f8-a7aa-81101ab3a9d8", "value": "49152:W+Whq+BfJXAEEI/bX8aL7zaEa8tCzVNSxSlnsZ:W+Whq+BfKEx/TDvaEaSxysZ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688052547, "uuid": "de406ad2-edf5-481a-afdb-9b25b650e54c", "value": 1981270, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688052547, "uuid": "736e61bb-ed56-4660-aba3-0832efdb896b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688052547, "uuid": "e1029d88-7fca-4f67-a944-f4f7f8ccd369", "value": "SecuriteInfo.com.Trojan.Uztuby.4.25506.25923", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "25811331-164a-11ee-b3cf-42010a9c0076", "comment": "Malware payload (GuLoader)", "timestamp": 1688021820, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688021820, "uuid": "63a7ae73-352c-423b-8069-4c3d9dae3b6d", "comment": "Malware payload (GuLoader)", "value": "6443f0915e6432d3bd2d5c40e7f04a2f", "object_relation": "md5", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688021820, "uuid": "69ec188e-2896-4dbf-b88c-3c5ce6f3dbc8", "comment": "Malware payload (GuLoader)", "value": "5e355ecf2ec8b1fb01a051a95e5b5aaec04837e870d33d80cb73ab7e4183678e", "object_relation": "sha256", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688021820, "uuid": "abdba1a5-0346-4387-9f40-7253ad8a0822", "comment": "Malware payload (GuLoader)", "value": "08e05b728c1e02f6906346dadfa2823550f651c5", "object_relation": "sha1", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688021820, "uuid": "f9a5d8f5-66be-4957-a01d-c1af1b542424", "comment": "Malware payload (GuLoader)", "value": "98b99ac91e06e9cbee6c80a908617a08febff24e615ac80722c83c99e7e7da6eb0693ef6ce390558650491854ef446cd", "object_relation": "sha3-384", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688021820, "uuid": "ae3c0432-f09b-4cd6-a69b-2a4d4c8dfcc9", "value": "T1DAB4232F872CDEA46B9419DE015FCADC14001D4EE3A476E80F5DCA56B67CA43C9AE1AC", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688021820, "uuid": "c765798f-2c32-46bb-b3fc-b605af18afb8", "value": "12288:dp8YSfvuG8wCWx3sz7w9Id70dl3Gn5wGi6z1MS1/h:YYuvuGVCWfNv2E6z1dH", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688021820, "uuid": "21dd56bc-9452-4217-8469-2c2dc50cc779", "value": 515963, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688021820, "uuid": "b47a69aa-ac2d-4e7d-beaf-12645b2b0c6f", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688021820, "uuid": "ead4e423-43f0-4475-b7d2-e8cdf63e252d", "value": "Request for Quotation 0032118 doc_1.7z", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "826c799c-166f-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1688037868, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688037868, "uuid": "ff5fd80c-a505-42d8-b06a-b04399c6ab0a", "comment": "Malware payload", "value": "615c965f602d885048a7fc6cc3789fd7", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688037868, "uuid": "f444f6e1-1452-442f-814d-210d1d7c9881", "comment": "Malware payload", "value": "60be34370c992896dcaa917429a162e25e18130750c2a2312e8fe010b00a096c", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688037868, "uuid": "e9b1edcc-59f6-4117-b6df-60ebfef933ed", "comment": "Malware payload", "value": "acf23a697893f6405865be56728110b77227361f", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688037868, "uuid": "acd3ca19-e50a-4d70-af74-2a07153fbd8b", "comment": "Malware payload", "value": "b4d6af964d0bdde58070f3eb02704fc6b610490172fb5feefec76aa9a03a0be999b3bd0a812956121c03ce03517e3525", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688037868, "uuid": "462ea2de-530f-41d3-8fd3-4097f3bd95f2", "value": "T1DF249E3331E1C4BBC6A741304ED29FBBF3BAF9244F329A0763945B0D5E31A919627259", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1688037868, "uuid": "5a6541f0-3237-4914-8271-b24afef6674b", "value": "b65bb655226ef85b64b9b68e5667b089", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688037868, "uuid": "e89b0976-8970-4915-996c-7d5b8f99586f", "value": "3072:MD4lyywPwqeTY4XoUL0KK3H04v6VjCAUUoGfqCtdqGZS9:MsIwqezXTL0JCJCBTdG", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688037868, "uuid": "c36ec777-7dc7-4fd7-b7d1-882862c56b82", "value": 221184, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688037868, "uuid": "143d3e57-1eee-4192-aaed-950dce48e2a9", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688037868, "uuid": "37a1fe0f-5cc6-4b0a-9e73-919c9e44e581", "value": "6\u6708\u5168\u4e91\u00b7\u7968.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c70ebcfd-167e-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1688044425, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688044425, "uuid": "8d88c0df-e8ce-435a-b38a-e2a967b7cff0", "comment": "Malware payload", "value": "3175c016531e40e0e0078f80de722aff", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688044425, "uuid": "82c82c42-d36d-4056-a5c7-02344d859faf", "comment": "Malware payload", "value": "60ddb9d71d5d2822bd536fda383eb78e23f3ec14a841606259f35a9fcfe196a3", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688044425, "uuid": "f7fc4c14-5cec-4e4d-a71e-ae6bc022f822", "comment": "Malware payload", "value": "37aa947f06bda9c7dfd9f779a8b50f5e0fed312a", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688044425, "uuid": "760f0b71-f299-45df-9005-fb0a0c4e5613", "comment": "Malware payload", "value": "4400b478924c7b7f6960acf576c9b14a58434be01baa5d25e1c5f12d4eaed5746e8e434afb583fa93bbb79d1b5a7292e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688044425, "uuid": "19951a74-dcb1-4784-afef-bbe4c1b09307", "value": "T1A3B37C12358C8732CCFBC8F8D8FEFA64A97D912167913347335C11AB6A65AE1667C309", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1688044425, "uuid": "29bde55c-d35f-470f-af4c-d96b23fd0529", "value": "bb1d8bfc6c51ca02a6f390c720552f6c", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688044425, "uuid": "9b54692f-5d0f-4649-9c0f-b6632a1c23e6", "value": "1536:S3b80RDF/K8cncwEjAm9CHGub1FFkwlpm1vVunZ+W2OyTss6iBL7vgC:S3o0RHcncwEwNHlKIZiOyTss6iBfvt", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688044425, "uuid": "9ac48c1f-fc51-425a-b561-d3b8160326b8", "value": 115849, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688044425, "uuid": "cf271969-948c-4d83-befc-85b072235c58", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688044425, "uuid": "4cdb5258-5be2-4a2b-9101-6a235902d103", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "336ed60b-1697-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1688054915, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688054915, "uuid": "54daa4c8-8a05-4654-b822-5ab48d41796f", "comment": "Malware payload", "value": "b4c89f519625821ad10099d181949be4", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688054915, "uuid": "99296542-942d-4391-992a-0e88b3505f9c", "comment": "Malware payload", "value": "60eb185181f8b9a4e1d5d5dca23314a8c1cc7c20b9fb885b897709cab8b896d4", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688054915, "uuid": "50749374-d92b-4e4f-8c82-d48a30b15b15", "comment": "Malware payload", "value": "a296d2869d4a01448d30610ea4894f6af980975b", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688054915, "uuid": "827f8a45-a0d3-4b8d-9a13-82968b4fcc87", "comment": "Malware payload", "value": "8bb14695c8cc0a2db0e2c12a01ee30f319767657706af9e9fa0103d76061db11442fed27c5d46c7236040d83f0891a5c", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688054915, "uuid": "0da08c0f-6be6-42fa-a4d1-4a8cfbc28dce", "value": "T193749E1362DC7F61E8E54A3E8E3EF6EC665DF6504F18375A12386A2F09B11E3C172A41", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1688054915, "uuid": "d1336873-82af-4aff-a742-95216eb42066", "value": "0a5db6363a2820d393575c77f8ba89bb", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688054915, "uuid": "f7317bd5-bf47-46cf-bba4-715b272a3f11", "value": "6144:2TQHKtSp2oH0c65+qvTh91d/+z4B7SBtha/qmf0:/qMp2oU1+gf1S42aRf", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688054915, "uuid": "cac11129-aeab-4c20-ba77-89f3524a8851", "value": 364032, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688054915, "uuid": "77293870-81d4-4842-a843-2c325fc4ccff", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688054915, "uuid": "59fd3e8b-5db6-4931-b482-293d54314ad3", "value": "b4c89f519625821ad10099d181949be4", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "58e5987f-1626-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1688006445, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688006445, "uuid": "fcbbbdd4-c65d-4cf5-aec1-0527916264ab", "comment": "Malware payload", "value": "30cc7d5d4aa540bb27b5caee15e6c177", "object_relation": "md5", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "stalkerware", "colour": "#D7AE0D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688006445, "uuid": "541cb92c-de8a-4402-a722-3a0634bcfce5", "comment": "Malware payload", "value": "612683622ab49d8b52f893aa54b988e4badbcb4f0fae73d48c086e90f023d371", "object_relation": "sha256", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "stalkerware", "colour": "#D7AE0D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688006445, "uuid": "3e8837ae-c4de-4585-ac3b-ccb556110c5c", "comment": "Malware payload", "value": "30bb19199e6d61f7ecf10c2caa3111cb4593af41", "object_relation": "sha1", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "stalkerware", "colour": "#D7AE0D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688006445, "uuid": "df2251da-a0eb-428a-99c7-503fc5a7688b", "comment": "Malware payload", "value": "c5b07aaca43677452d53368501ea8515a365000418d405066f6bd2459073e4980bc229ceaab697a6c5d72a5d8727eb28", "object_relation": "sha3-384", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "stalkerware", "colour": "#D7AE0D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688006445, "uuid": "795e1101-3d77-48fb-885d-ef4873069387", "value": "T11FE5BE86F768EE2FC87770720DA65231566A4C128B83974775483F1D787B6E80F89BC8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688006445, "uuid": "15ea0cb6-d553-439a-aaf8-2b6d2c75d9d7", "value": "49152:FJZOgeKKOSbZ7aYE3w192tI+qphdE4mi7z758X6huTBLCrQVAS:FJcge1nF+YZms6YKBLCrQVAS", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688006445, "uuid": "8e8f1e66-b9d7-4859-9042-85e7eb37bce2", "value": 3061600, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688006445, "uuid": "4ab9c9ae-4eec-46c5-a4b4-61bdfbec474f", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688006445, "uuid": "0520f893-9ca6-4ddf-883c-48db7d758497", "value": "Cerberus_Wear.apk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ba783ff4-16d3-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Mirai)", "timestamp": 1688080911, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688080911, "uuid": "24e9856f-477b-4d3e-9761-fe6ddcc9702c", "comment": "Malware payload (Mirai)", "value": "5d5ed9a0685dff92bb293f2032bd92fa", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688080911, "uuid": "e59fa63f-c253-4a19-b1bd-9ec88996a3e1", "comment": "Malware payload (Mirai)", "value": "614fb3c144a6cda2f771020657f977795e53a1b1582e10ba36cf9d3000c59c3f", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688080911, "uuid": "228f53e5-7e1b-4f22-aedf-5c3e34c70bde", "comment": "Malware payload (Mirai)", "value": "2c544b192ddad2a2c299e80877dcf543b65058b3", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688080911, "uuid": "d0785ee8-cc56-4f7c-bb61-de476b832889", "comment": "Malware payload (Mirai)", "value": "9f132cc363249bb1778c5f83604402e3f886f81d79e3c264b22ac31e04a7e11cffc7ad60afe8b6a7c0e64b2b55ba3e73", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688080911, "uuid": "41ffe2a7-e757-4602-94c2-e3c20cc68fc7", "value": "T11E133C42721C0F17C4A34A70253F5BD087BEAAD032E4F285665F9BA68A75E371482FCD", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688080911, "uuid": "444bb69e-cd29-4a49-8969-fbf70020e040", "value": "768:U40J4bzio9RfQRW0qRGQ8Jt8h/VsBKltn2suslzFuMldW41LFfwu:P0JOC+Qqh/Fxj2MlddLGu", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688080911, "uuid": "7a329ad6-2e08-4e4f-b3b9-c3c7d90407f2", "value": 43780, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688080911, "uuid": "f04e0c08-efef-4ffc-9dc0-fa5bf27b3969", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688080911, "uuid": "031a4715-8c42-483f-9f0d-6cd620bdb6e6", "value": "5d5ed9a0685dff92bb293f2032bd92fa", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "edc055d6-1653-11ee-b3cf-42010a9c0076", "comment": "Malware payload (AveMariaRAT)", "timestamp": 1688026022, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688026022, "uuid": "dae3d53a-7f26-4658-ac9b-8bc1b4d433e5", "comment": "Malware payload (AveMariaRAT)", "value": "8beb93c13572476b46880401c5fcd8a6", "object_relation": "md5", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688026022, "uuid": "e02b1542-3114-481f-a2c2-2d6bd06bd93a", "comment": "Malware payload (AveMariaRAT)", "value": "6174638ee97b4984047d575745f84d6a41e286bca39f8eca1924860b0eb545ff", "object_relation": "sha256", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688026022, "uuid": "d86804a0-277a-42c1-9579-b1546a79dd1b", "comment": "Malware payload (AveMariaRAT)", "value": "ac23b2c48105ca6a723caab521ba5e47f3c48cbe", "object_relation": "sha1", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688026022, "uuid": "1bef1187-91a6-48ae-81c6-34d9d48674bb", "comment": "Malware payload (AveMariaRAT)", "value": "87c5f9b8d00286a0456778eceba9c3f19d803cf459a02f9dcd123ad9bdf3d8d12d2b02924606a58227eb6381c55c9aa5", "object_relation": "sha3-384", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688026022, "uuid": "171d519c-9bf7-4eed-a666-9cde26b9d7fb", "value": "T16AC4F138CB7AAFE2D6AE807644E5977C53E181F3A096DFA62F8445702E83340472569B", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688026022, "uuid": "68cba715-bbb7-4039-8843-5e95f7e8ee72", "value": "6144:sl7kiRNWeUPRc+JOhd3Ep8frPfDIzFnr4wOiMcRM8uHIZAmT9TDtlUbU7nuAavKn:wLRAcCOTEp8jrIVUwVO8ZRQvfNhAIbAJ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688026022, "uuid": "82f0e566-399d-4454-9334-b6f708713a40", "value": 558608, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688026022, "uuid": "f5116a69-3c32-4bec-8dce-512702e31cb2", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688026022, "uuid": "c02060ba-96f5-4f02-9c54-438f0581fb7e", "value": "file.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "34b16ce3-1674-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Formbook)", "timestamp": 1688039885, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688039885, "uuid": "01f28805-5696-407e-a145-6764565f278f", "comment": "Malware payload (Formbook)", "value": "3075d77e2950791830b12aef7c1832ec", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688039885, "uuid": "2e9bd01d-5097-414a-b1ed-1f5d97c166da", "comment": "Malware payload (Formbook)", "value": "61c6ffbcd2c7c685bf8e3f6181f28c0e5ffb915a382b5c5848ef71e13042b41d", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688039885, "uuid": "5faa3a7e-871b-4533-881e-d8d1e0dd6370", "comment": "Malware payload (Formbook)", "value": "85c5ff9f0e5b397949db5e7d9ab4abed1fb91f7e", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688039885, "uuid": "5719d98a-982c-441d-99c2-073491970360", "comment": "Malware payload (Formbook)", "value": "46f42f0af00a3a19ce5e1750b68d126edb239dbca523340b7c56460daf49bfbd8afe83ab8993c962f5d3669430b710ba", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688039885, "uuid": "87babc64-0b72-4141-80af-be79f8ef984c", "value": "T14044125832A0C5EBD9B647745EBF4717AEB4A91230AA434B37902B2C7936713DD0D3A2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1688039885, "uuid": "761af3ba-02b2-4c24-92ea-8fa0deb5927c", "value": "61259b55b8912888e90f516ca08dc514", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688039885, "uuid": "e8a0c20c-0e39-4535-b629-b4f6fb0dfd1e", "value": "6144:/Ya6KmdnjukKVzbaVslIRiQrg0szjr83UA3RV:/YcHvqVk8zr5ivODRV", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688039885, "uuid": "8aa0c667-3fe4-4243-a12d-16683f3c9f60", "value": 262762, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688039885, "uuid": "9087e6dc-1ded-4898-80c0-bd1055233097", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688039885, "uuid": "65c56979-aff9-4dc5-857a-0f526d42e863", "value": "RFQ # 1045981 - MAA_D Plant Project r01.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "17525644-164a-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Formbook)", "timestamp": 1688021796, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688021796, "uuid": "98e967dd-80b7-4f75-844a-abd80c6270de", "comment": "Malware payload (Formbook)", "value": "be8f61a62e6c55864219235e4fb7129c", "object_relation": "md5", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688021796, "uuid": "0fad3fd1-8d9e-4eee-bcab-6784aea67459", "comment": "Malware payload (Formbook)", "value": "631158b292787b26fa074faef145836183a8c4eb6c5b409605854f27203d2469", "object_relation": "sha256", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688021796, "uuid": "9b966af8-a974-45bc-9f3c-bb6ee6bddecf", "comment": "Malware payload (Formbook)", "value": "2ffafe71f94d09753d92f821bc0dd8f1edc17a46", "object_relation": "sha1", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688021796, "uuid": "176abe27-b51b-48ce-9c96-bae42ef7236b", "comment": "Malware payload (Formbook)", "value": "492fa30d93a26d72d6020a6383382caf023fc7dfc2a7f8612cba41d1481ba54ac9b45f5ad3e7d958a10bffd3ad064b84", "object_relation": "sha3-384", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688021796, "uuid": "e2b00a9b-a654-4d0c-9eae-20723ad5105d", "value": "T103D423BA29677C610652CBC5623105805CBDBC8E38EA41EB2D51AFD586FE6217CBE730", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688021796, "uuid": "c0ee28e6-3032-401f-a4d3-e7b384587457", "value": "12288:lUGTeUv04O5TYbbJ5lG6HGJ21GX9ykDsBWlh28Lqvr7glqxE:lUGKU8N5sbV5XmJ2QNft+T7gUxE", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688021796, "uuid": "54c75b4a-a4ae-4e38-941b-53d504a173f6", "value": 619606, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688021796, "uuid": "5346cab6-ff88-466b-bf5c-fbd662cce98d", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688021796, "uuid": "f6e4fe78-4973-4188-85d2-21a96f7a95b1", "value": "HKD0000000612050661-T01_1.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ef625872-163b-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Amadey)", "timestamp": 1688015717, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688015717, "uuid": "603f5548-17ec-40a1-9bd8-238257db3146", "comment": "Malware payload (Amadey)", "value": "08b091669ee7a3353c802ae8a2e68196", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688015717, "uuid": "56512350-12da-43df-8ad0-66331a3770ec", "comment": "Malware payload (Amadey)", "value": "6381a1919c49ef0c91bf7e157d62612741e27a5364a23df18e8925afb37f0994", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688015717, "uuid": "e54a9d4d-b05c-4e9c-a0c1-82a264eb1223", "comment": "Malware payload (Amadey)", "value": "900c45415e24a3a93cc435ee5eef56c7e3924e24", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688015717, "uuid": "e9ba78b5-4f64-4499-acd3-c679a9a0e5d6", "comment": "Malware payload (Amadey)", "value": "ebe9052c1bf1de40868c395762b8924e7f843f6dc6d76c4a59daec201b1c075465f4bcd524dfd32df16ea8042bce79d7", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688015717, "uuid": "ff14dea1-685b-4b1a-92e0-dfddc5cea812", "value": "T1FC640AC3A2A17C5CF5254F728E1EC6E4BB1FF9504E5977AA92189B1F05F21B1C2FA210", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1688015717, "uuid": "afed355f-d029-4d60-a620-1a5cad57bdc0", "value": "c61bedf317f19d715278ea485f1b5899", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688015717, "uuid": "0b12866e-98ed-404f-8c2d-3a6ee3b1f66f", "value": "3072:/FHG/qu/q677nxxJvP41/7uBoZQZk/3v0zsoaGcME7MuE8COft8:9HGSU77nxvva/CBoWk/3czsAuxP6", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688015717, "uuid": "801616de-70d5-45d8-895e-04b27f768759", "value": 314880, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688015717, "uuid": "47811813-d64c-4bde-a910-0c1ded2139e1", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688015717, "uuid": "38b6167c-4a42-4eda-8f06-3c0ae72ff2c1", "value": "08b091669ee7a3353c802ae8a2e68196.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "03384a54-1654-11ee-b3cf-42010a9c0076", "comment": "Malware payload (AveMariaRAT)", "timestamp": 1688026058, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688026058, "uuid": "f0ed4862-9e98-4507-b840-7900104e92f7", "comment": "Malware payload (AveMariaRAT)", "value": "ec3f70d0e92624c297963439994b8597", "object_relation": "md5", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688026058, "uuid": "8c872000-5f0e-4881-aa59-a147177d5b0b", "comment": "Malware payload (AveMariaRAT)", "value": "648278b0c127bfe2aa6668ad937735e2bbf55ab56fb0b4ef10ebbf9a824f60d9", "object_relation": "sha256", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688026058, "uuid": "4cf135d0-9be3-4d58-8d1d-3175d1dc6a6d", "comment": "Malware payload (AveMariaRAT)", "value": "c563b47d1ceba76b61762b1c045d855ec4c46ba6", "object_relation": "sha1", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688026058, "uuid": "7ddc3826-dcdd-45c0-983f-317238bab351", "comment": "Malware payload (AveMariaRAT)", "value": "ef033fb64edc2ec021e8efad2b49597f281cd17e587c93232901c407b13affb638ee7327e40c0efc40ea6a5d91baf0ec", "object_relation": "sha3-384", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688026058, "uuid": "74e83495-4c3a-4f7e-a655-7d064a4e29d1", "value": "T105C4023C2754DED0F5B9403DAAAEE47D17B0CCFA011BE7A3275051F46ECA285639898B", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688026058, "uuid": "1efac03d-6b32-4a3e-90ec-ac7b838ed5c6", "value": "12288:upBfc9FCsynEmO5X9e8JTYnzdr89sj+KYQSlgGQu9habj3lA/O:uBmF95NeSYJr8M+z79eb", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688026058, "uuid": "7b32f4e3-316e-4af3-a803-e6cfa324e0e2", "value": 558096, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688026058, "uuid": "b5e6dc49-be51-4a23-b54a-5afcd98f58d0", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688026058, "uuid": "e81f5565-54ad-4706-a45f-fc255e807102", "value": "file.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "70179402-1670-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1688038266, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688038266, "uuid": "4d4006fd-98f9-42c9-9afc-d011c7d6f0bd", "comment": "Malware payload", "value": "ec04e21f74e3531dced8858b4ca777f5", "object_relation": "md5", "Tag": [ { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688038266, "uuid": "ce3c07d0-2fef-41bb-8741-346b8b057ded", "comment": "Malware payload", "value": "6494f1e3f85cc7528a8de2d744722a8a7f5031846d05b0e116a472684e7eae8b", "object_relation": "sha256", "Tag": [ { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688038266, "uuid": "a5193400-7b86-4d39-b7ac-ef8be6acf4d6", "comment": "Malware payload", "value": "5fab7449c50490ebaae6b764dd49f8180840f82f", "object_relation": "sha1", "Tag": [ { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688038266, "uuid": "85789139-bf36-4b67-bf7b-7fd66a7b39ac", "comment": "Malware payload", "value": "d434fe8ea9ae415e3a2dad1e7b892508e7bb691edfbabda1ead9c774b33dfdcc6a72dec3c2c81e832e7e54342a50573b", "object_relation": "sha3-384", "Tag": [ { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688038266, "uuid": "142fdf2f-bcb0-42c4-a3ba-ce436b93c5cb", "value": "T1B3D18D65B9012CD6D33DD13EB119FC84A60C00C7E69C6CE7266097F6A2439C3642F99F", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688038266, "uuid": "d9643c89-be9b-44d9-8b14-a34932eb3e92", "value": "96:hsZnOyVAmqFgr+yq54zU2WdxmfgORmoZJwrNL/GZPYsfYe9F6A/Z8NDa4LrshbU:h0nOyqmqFgM0GpuZGrOP39FLZQ1QxU", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688038266, "uuid": "ebee9127-fe21-4a57-8ff9-7560923bf2e2", "value": 6219, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688038266, "uuid": "b741c073-332d-419f-a186-58563be5bf8b", "value": "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688038266, "uuid": "758f96bf-93cc-4ef7-a1e6-c42e3e7b6303", "value": "Braemar MTM Report.xlsx", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "00b267b3-1673-11ee-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1688039368, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688039368, "uuid": "c82778e6-e41c-45cb-bbe6-43ee1150ba35", "comment": "Malware payload (AgentTesla)", "value": "2bcf9595dc79bbec308772c180d1eafc", "object_relation": "md5", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688039368, "uuid": "179c33ea-a3e4-4a1c-8f15-771984547a65", "comment": "Malware payload (AgentTesla)", "value": "651d6d2737b4eb81c72dbeaf56b1c9a99672cf3b6bd529ff9c46886cee9408e5", "object_relation": "sha256", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688039368, "uuid": "9faefd93-5e7b-470c-99dd-9876140ae4ed", "comment": "Malware payload (AgentTesla)", "value": "9bbe10d44f95ce264445e555eae70c6a21f5a552", "object_relation": "sha1", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688039368, "uuid": "066900c4-6de9-4404-9f01-17f1f8f21586", "comment": "Malware payload (AgentTesla)", "value": "0b2cc3237f7a66fea523864a95c98e5df80a9b6b2c46109a07d4d869efd7569fbbd5d0b2d2043e44923579f4055a9c47", "object_relation": "sha3-384", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688039368, "uuid": "919e114d-ed07-41be-9554-9cfbfb62e9a3", "value": "T18E1533CDCD8CA2EAF522503E8B569332D32211F94D8908198C593DF67AC532DB1EAE57", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688039368, "uuid": "3aea0672-5fa9-4094-9fb6-b2565eac6dbd", "value": "24576:qXyhkizn/Sgcsn16Q/bVvcdKmDkcb4XNkzrEyWbg:kyhk2/StszBUdzD7bqkzic", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688039368, "uuid": "540b3f25-67b9-4e83-89cb-a34456ccfa3e", "value": 942642, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688039368, "uuid": "9836e147-4350-447c-86db-91d50315fed5", "value": "application/x-7z-compressed", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688039368, "uuid": "fe1a1c51-2fdc-4fe1-8926-70a60660593a", "value": "Payment_Schedule.pdf.7z", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "71f78368-16c0-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1688072629, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688072629, "uuid": "67b337cc-eacd-479c-a08d-ea7d0240edaf", "comment": "Malware payload", "value": "9f9170b7ba2c2665869c9068a5dba5fe", "object_relation": "md5", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688072629, "uuid": "376b8f35-fd11-42e5-927a-74a616ee54f3", "comment": "Malware payload", "value": "65e2499e2d7d0a92a2cbb3884f50df363d00856d8560fbd44ef0e04e7fcaabc8", "object_relation": "sha256", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688072629, "uuid": "ff01e442-0bc3-46a3-a337-6be2ded58146", "comment": "Malware payload", "value": "65974dfe36033365803bd44784f4c611207b58e3", "object_relation": "sha1", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688072629, "uuid": "1f44b3e0-8350-4fbf-9729-4b4029c8e12f", "comment": "Malware payload", "value": "17c68fcbbcc01be2044b3953f9018c8f58222ef4d5e91dc7f8fcda59ba53d172ef13f946682e71d6131dd1e6cf07c577", "object_relation": "sha3-384", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688072629, "uuid": "39798299-3b90-45c2-84f8-7d6161b62faa", "value": "T1E66533F68742E006E77E047AAE0A4D2D6EEF06BC18C517B18DA045566CF8D6E8732D37", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688072629, "uuid": "9ff0f665-c50c-4349-a052-a6662139fa5d", "value": "24576:p5qdXkiVBj6gtXp6JhlEtve2Xad4+OqaOzzsJ4r5ZYzmo/23NhF+qaPpJqFUbKUF:LqdXk0BjNtXpKEtvxqd3s2wJiXo/2dre", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688072629, "uuid": "28eaff83-2727-4e0a-84e7-8ec972d31f3c", "value": 1471133, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688072629, "uuid": "4a72fc5d-526b-4718-a4d2-3d46a5d47ea2", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688072629, "uuid": "0eb15a78-9ff5-433e-8310-68f3687d4deb", "value": "p13n-assets.jar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "18424537-16c9-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1688076344, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688076344, "uuid": "a88dc9da-18e4-418c-a11b-9b3147d2ecf3", "comment": "Malware payload", "value": "1ec31972ec65a65470d3b5d790c1f401", "object_relation": "md5", "Tag": [] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688076344, "uuid": "190c0325-29c3-4f5d-8986-cc18e77aa6c1", "comment": "Malware payload", "value": "664f2b1654c363a6348b688d5d475ed9ec0e7ef3c72f6f315f37fe97a2fe63eb", "object_relation": "sha256", "Tag": [] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688076344, "uuid": "2b58a4e3-6257-4e25-9ccd-ac8230fa8201", "comment": "Malware payload", "value": "ff246ff3f34725545777856854cd50034c1eba55", "object_relation": "sha1", "Tag": [] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688076344, "uuid": "1a37605e-f42a-4280-9fdd-a4a9e2dfc8b2", "comment": "Malware payload", "value": "2f085fadc3a0c1f73b83b3376c76935ef4a5dce6f39ab376522a8e4dddd218de9878bb394f389c30469a0ac840cea2c0", "object_relation": "sha3-384", "Tag": [] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688076344, "uuid": "ae4600c2-d145-4dc5-ace5-3bdce848b4aa", "value": "T14EE0208C911582A492D1C76027E17B835D61C38F68D2014DFD485443C39669DD49A3DA", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688076344, "uuid": "6476dd56-a7f3-4f28-86d6-cb1f2e7c6b45", "value": "6:TMVBdoIUnWn8FX0wa9Fgc4svquXsLwFcn4mc4sVI/iHIF0GObRBAEdOqkCbte4QL:TMHdoIWWnMEwKFcuX4wp57fGeRjdOLKQ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688076344, "uuid": "ad88d540-f344-4a2f-ad09-9831306fe842", "value": 341, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688076344, "uuid": "cdfceceb-dbb7-4931-92bd-0773663c2b56", "value": "text/xml", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688076344, "uuid": "643a9022-95f3-4cc9-90e1-9fdc60c89ff4", "value": "x86_64-20230509-0207", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a6634e76-169a-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1688056396, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688056396, "uuid": "62f61399-7de2-409e-b03c-ead334b1999d", "comment": "Malware payload", "value": "764a8fda682d69ad7e1abc4d66028bf9", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Jupyter", "colour": "#301341", "exportable": true, "hide_tag": false }, { "name": "Polazert", "colour": "#2F56A4", "exportable": true, "hide_tag": false }, { "name": "solarmarker", "colour": "#1340D1", "exportable": true, "hide_tag": false }, { "name": "YellowCockatoo", "colour": "#C3007C", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688056396, "uuid": "be9b12b2-a18e-46ad-9a24-aa7295649e17", "comment": "Malware payload", "value": "66e040a1606cff13966b4c33bd508979c2232bb9b750b4c6795eaa5a58153fbb", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Jupyter", "colour": "#301341", "exportable": true, "hide_tag": false }, { "name": "Polazert", "colour": "#2F56A4", "exportable": true, "hide_tag": false }, { "name": "solarmarker", "colour": "#1340D1", "exportable": true, "hide_tag": false }, { "name": "YellowCockatoo", "colour": "#C3007C", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688056396, "uuid": "bee16457-5697-4877-b160-54d80f44d7c2", "comment": "Malware payload", "value": "fcd134527c3c1ec56671d0983c67f76149f3537b", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Jupyter", "colour": "#301341", "exportable": true, "hide_tag": false }, { "name": "Polazert", "colour": "#2F56A4", "exportable": true, "hide_tag": false }, { "name": "solarmarker", "colour": "#1340D1", "exportable": true, "hide_tag": false }, { "name": "YellowCockatoo", "colour": "#C3007C", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688056396, "uuid": "e01331ce-7c94-4fa2-85e6-5e5187a59858", "comment": "Malware payload", "value": "eb0ba317fe5c4cc2478725911af36da091739977ebcf2d4ce9e6265c61ddbba9ffc70c7c0c28947cd337280f6d943beb", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Jupyter", "colour": "#301341", "exportable": true, "hide_tag": false }, { "name": "Polazert", "colour": "#2F56A4", "exportable": true, "hide_tag": false }, { "name": "solarmarker", "colour": "#1340D1", "exportable": true, "hide_tag": false }, { "name": "YellowCockatoo", "colour": "#C3007C", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688056396, "uuid": "3a7c4a89-1026-4c77-b75c-69f0db8b9491", "value": "T190B4EF003BA4CC909B2C56E969DB93078B2756A7EEFBFF0306A29531191B86357513CF", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1688056396, "uuid": "3bf81168-9b52-45c5-9882-54a965a15ab9", "value": "dae02f32a21e03ce65412f6e56942daa", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688056396, "uuid": "010b66d5-d262-4a60-9f29-1353f7608216", "value": "6144:qas9k6e1sKM57L6lfAwDESTcpByjZUtNi5hzTD6r7L2o:96eSKMVL6f3wyKI36r7q", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688056396, "uuid": "1db7e18a-6c6f-40a9-948d-de35b68ab142", "value": 536576, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688056396, "uuid": "6096ca96-c66e-4ffe-a6db-18a8ec414334", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688056396, "uuid": "f67c6728-eb70-4b79-88af-b0640bc3454b", "value": "cABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZHVlqSXLOPMY04WTDRSYhHSPViWTgyYAVKU6XKCUHQAZfPBJ.dll", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "20d4459e-164a-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1688021812, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688021812, "uuid": "10a6a9e4-e0b0-4ce9-b19e-369766b6d2bf", "comment": "Malware payload", "value": "9492441e5fa508f136e2a12803da162d", "object_relation": "md5", "Tag": [ { "name": "r00", "colour": "#8408D8", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688021812, "uuid": "16cd1c7b-5f85-4eef-a461-ffeca687924c", "comment": "Malware payload", "value": "67f6b0f365a54e03912e90eff1982a127902f5e8ff45de23e00e29d2ba063259", "object_relation": "sha256", "Tag": [ { "name": "r00", "colour": "#8408D8", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688021812, "uuid": "3de88210-33a3-4dc3-9753-c4957a53e63c", "comment": "Malware payload", "value": "e84c782712ab288bd137e1d7bdc101982ba4f491", "object_relation": "sha1", "Tag": [ { "name": "r00", "colour": "#8408D8", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688021812, "uuid": "bc32718c-4b86-456f-bb67-d55f09054af3", "comment": "Malware payload", "value": "17fd43afc7bce249de6b6bf70771c22c5dcb38741af12d806bafb03a724a0181586ef445c236ddc806ea2eae728e6108", "object_relation": "sha3-384", "Tag": [ { "name": "r00", "colour": "#8408D8", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688021812, "uuid": "f40be37b-9450-4e4b-8c59-46f103fa88ee", "value": "T1A7C42312EDE2F914CEA78C266E0AFB71144F52DA9B5BD621474FE81DBB6CC7C09D0482", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688021812, "uuid": "003aaf53-5c6c-4eff-8d14-c47e858317d6", "value": "12288:AVnuCnV5LxMP/qrU89i1pHhnhhq11FnNH7bQrsUReyKCC:AkCnvIqrD9ApBhs1fGrsKeGC", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688021812, "uuid": "ef64caa4-ac89-4cbd-ab6c-934a1938b2e0", "value": 549057, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688021812, "uuid": "d6b3f6b9-4f7f-4d77-b0de-af6c71f56d66", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688021812, "uuid": "c91df29c-b0f6-4b7f-bdb2-30d3074b783d", "value": "Payment Slip USD$78,985.23.pdf.r00", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c0f181b1-1682-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1688046133, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688046133, "uuid": "91d87c81-6ee6-44bf-8f81-b2d099f50b5a", "comment": "Malware payload", "value": "4b654cce8e3a96f8cd6a8c80a41af84b", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688046133, "uuid": "8ee045b4-78b9-41b7-a2f9-c5674b38658e", "comment": "Malware payload", "value": "67fae5a52c5920f4eabb29229eaf5ce35572f4be29f1477ec2355a13776058fb", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688046133, "uuid": "8331c05d-df62-4841-884c-f57f4fd89c5f", "comment": "Malware payload", "value": "0d1f88f3543d53089e898f69be3bb1797c4549cc", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688046133, "uuid": "485c0222-bb24-4355-9e2e-ef19a498fe1e", "comment": "Malware payload", "value": "b77ffd38cd9f059e32d45f642612e2b0ed2043f755724ef3c938d6e3f39a4da7229ef161c2dc85551ec14a004bdc240c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688046133, "uuid": "43b20687-4f25-4bf5-b53a-ef05b1b8c21c", "value": "T1A675E05273DE83A1C7729133BA56BB02AE7B7C2906B1F19B2FD4093DE920571421E673", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1688046133, "uuid": "e70c9284-cde6-4758-9ecf-d4f3695c3ea3", "value": "fc35a0089284ff9c7c45866438ea8a25", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688046133, "uuid": "321aa3fe-7192-4df4-a43b-d60f10489daf", "value": "24576:+4lavt0LkLL9IMixoEiUdbvibYEgX0DkOou268noAgCl3KF4LnPo3:pkwkn9IM1UdzivgX0DkOjz8o1ww4E", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688046133, "uuid": "494e4128-5fa3-4008-ac79-f4123730017c", "value": 1611264, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688046133, "uuid": "8f6afea7-8aec-4397-befc-5c0b7f67e8d2", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688046133, "uuid": "0f34408f-f65c-45c2-a7a7-0971eb68c1d7", "value": "1-deupx.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b1e734cf-1671-11ee-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1688038806, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688038806, "uuid": "e91ecc2b-4d7a-48b7-933d-7aeb6878adaf", "comment": "Malware payload (AgentTesla)", "value": "1ed60c409911b3f875a41dfa617f3770", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688038806, "uuid": "fb8e54fc-5dd3-4483-9c96-fcd62f0cbfae", "comment": "Malware payload (AgentTesla)", "value": "6869f0f539a85f4cfc6ed95c779d3ec8f91e3baf2b55442d083ce605880c84cf", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688038806, "uuid": "18eaf1fe-421f-4d64-8e27-20e212a57c8b", "comment": "Malware payload (AgentTesla)", "value": "e31fbcbf16aaada304455033fa2f6dafd3f903bc", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688038806, "uuid": "5b0143bc-3f0e-47d8-9e7f-88a522e0e9ee", "comment": "Malware payload (AgentTesla)", "value": "e800279076b111b7d921fd41825040d1840d097a9757b894df816fefa134658bdeaf57c1eaaf0ca8440b3b9ef98a5b9c", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688038806, "uuid": "6faad865-be16-4023-973c-0909614b9b32", "value": "T143F451BD29802E97D475E5B2C263088DF67F7032BF138D6B26D252C5862651E37ED80E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1688038806, "uuid": "2ccf9cdf-b2df-42ea-a6fa-d5b2db753787", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688038806, "uuid": "9f77e959-433c-4880-9631-d60f59e3d68b", "value": "12288:UanS31S0T55q7ZM+VrXSbTkqUUNQPhzWCIY34:3wA72+ZiMqUH5zWCt", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688038806, "uuid": "6f26cc95-f602-407f-99e4-ebf3ea3122e8", "value": 760832, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688038806, "uuid": "ff963a38-ae9e-4080-9b47-b853d62175bc", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688038806, "uuid": "0f3e6a42-a785-4509-8855-1bda3c7b44c9", "value": "invoice.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8b9fd3a0-168a-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1688049479, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688049479, "uuid": "1bb892b5-e576-4f2e-a2d9-5414dd20ba17", "comment": "Malware payload", "value": "a50a5fe1deb0f2ec7459d1caebe94776", "object_relation": "md5", "Tag": [ { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688049479, "uuid": "036b7797-7e83-41af-ab11-2bd2c6013a16", "comment": "Malware payload", "value": "698540af0fd9e35fa63bdee0e9f5565cf8d81edd880015afd2d737040a018bb5", "object_relation": "sha256", "Tag": [ { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688049479, "uuid": "f8b720c5-8b23-4b50-8195-f0790569324a", "comment": "Malware payload", "value": "7b79778d719c4c774c1472c6ee16e3b7b98ac6af", "object_relation": "sha1", "Tag": [ { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688049479, "uuid": "d123bba5-cf01-4ed7-94e7-84d03ac171b3", "comment": "Malware payload", "value": "0533cf902c33593bc53d4dc4c1c34c4e6bea5821b5d7db98808a2e45d4fe365a60f4cb19d6802d64b4f48f52b60def5d", "object_relation": "sha3-384", "Tag": [ { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688049479, "uuid": "08b9789c-71f4-4e96-8a8d-e191169e99a9", "value": "T16BF37C52FE45CA4BC554DF318DA2D2FDFA32FC1A9E4683037150B32E6DB6A94880F646", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688049479, "uuid": "dad2ce80-0d91-4129-b083-54471a34f020", "value": "3072:Bck3hbdlylKsgqopeJBWhZFGkE+cL2NdAEBgvanz3JFuUJDoYlAAelS0zZs+bFSm:Wk3hbdlylKsgqopeJBWhZFVE+W2NdArC", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688049479, "uuid": "aa1bf9e1-bdfb-4184-ab8f-85f72dfeed22", "value": 171520, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688049479, "uuid": "39f71ec1-fdbe-4304-8bc8-d2fc334a0d95", "value": "application/vnd.ms-excel", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688049479, "uuid": "ae616104-6560-44f1-92a2-de7aaa9c9c62", "value": "SecuriteInfo.com.Trojan.Generic.30356294.28393.19626", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e1e8cbf9-16cc-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Mirai)", "timestamp": 1688077971, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688077971, "uuid": "cab747f4-16c0-4342-a60b-f88280019d29", "comment": "Malware payload (Mirai)", "value": "7adb08538e2770caeea230c2cf35fb13", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688077971, "uuid": "ba95f49c-b288-4e65-845e-ccd3dd4e0478", "comment": "Malware payload (Mirai)", "value": "698ad3cf447ed2c0110f86c62e869549a38928119723a378b265aa6e7e7913ad", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688077971, "uuid": "ff1b6086-c856-4dd2-a1fc-ca7aa7663544", "comment": "Malware payload (Mirai)", "value": "3a684d164c74a35a65d5dc81203c1a3378aec8bf", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688077971, "uuid": "430906d6-c843-4be2-b421-323b9e5f2887", "comment": "Malware payload (Mirai)", "value": "4314f81f451f80fba853903c26c03ac98f017ac523a1f4827a962499f700179a702b8745fe49dc037947d4b0c70f2c24", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688077971, "uuid": "6549b3bc-5fcc-4f4d-b7ca-48ce35a840f2", "value": "T19AA2E059BF1C82CBC836393955D9EAD61352FC61F2ACDC4D2940C11FB1A33A96874F46", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688077971, "uuid": "507728cb-a870-407e-b9bb-76841ba79567", "value": "384:M0sLpj8s/qPui8uZxoIA57RWQjJiEVi+ZkXadmTb+502F2vwA9dWuMW21bAK1oTo:k98o08kxofBE+ZkXaITbp2F2TWul0c5E", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688077971, "uuid": "9d2a5ad2-ef2c-467a-89cd-3bb9d0313139", "value": 21492, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688077971, "uuid": "8310dc75-9dca-4930-9782-9091a620f404", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688077971, "uuid": "0c590887-f663-4ef0-8708-474f7843c10a", "value": "7adb08538e2770caeea230c2cf35fb13", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b3ee1adb-166a-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Amadey)", "timestamp": 1688035803, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688035803, "uuid": "6ce4c2c7-4b11-4c65-b583-b76ea761b237", "comment": "Malware payload (Amadey)", "value": "5afc6111908fca00d93b74b0357b9994", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688035803, "uuid": "502a98d1-0f33-493d-9261-bf74432b44d0", "comment": "Malware payload (Amadey)", "value": "6aa14b8612361f8cd34a86edcf341aaee819fb9a0cc18d51165e52afdcbe5e60", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688035803, "uuid": "1a024cde-4b16-4f75-9ff5-663fdceaf091", "comment": "Malware payload (Amadey)", "value": "6f9a09cd6970c9797b33025968ccec1d4256159c", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688035803, "uuid": "794a29cf-0387-4491-ae96-41a112bbb428", "comment": "Malware payload (Amadey)", "value": "3f3334f1ef3b55d8e78e57906f80b728812865f24ee9988c69c26a542191e5d8201f5028efe5cb10d5f4a17bb11ac9da", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688035803, "uuid": "cabc0fef-e4d8-4d29-b28b-1641575992f1", "value": "T109B49B65ED08145287738E38BAFABBFB914330F77D6073B8F09A623129D8195F4E2456", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1688035803, "uuid": "08313a9f-2dc0-4e75-817a-20eab4704caf", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688035803, "uuid": "83e4156f-4497-4cf2-a3d6-49898492f22d", "value": "12288:z0kY/pqltvGEwhcDhDxHvkAbefOcg6I0rOLIZ6:z0nxqtvqhOXv0rOMY", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688035803, "uuid": "6f3cc332-1a3b-4912-8ea8-724941230408", "value": 526848, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688035803, "uuid": "00c9b38d-fec4-4165-88bd-f52c8f01d978", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688035803, "uuid": "d629cc14-982d-4ee9-99d0-e28ccd1dc03b", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3b4683d6-1634-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1688012408, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688012408, "uuid": "1772d7be-6436-4482-9319-7645363590c7", "comment": "Malware payload (RedLineStealer)", "value": "52b755ab6e44ea73b01a28a3b357029e", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688012408, "uuid": "ce430de1-9ba0-4ba2-bc92-673d1702453a", "comment": "Malware payload (RedLineStealer)", "value": "6da475ac175e61bf1658bb90de341b2f9642dfcf911dbfd44885239483050e1a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688012408, "uuid": "eafe9532-00e3-47db-aee6-97c6117dd6a7", "comment": "Malware payload (RedLineStealer)", "value": "7c3696f5c8c1e193269e5bee11a5084b349292ba", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688012408, "uuid": "6af89e8f-885b-48d6-ba0d-b0816d154475", "comment": "Malware payload (RedLineStealer)", "value": "627df906f3c2867d405fc7187b98706b6627ec128dafaa63c7dd4a385e9b8daf2ceba1513ce2010a5e6b72bb999eba2c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688012408, "uuid": "2d18f003-318e-4834-bd06-eca81a73f7a2", "value": "T136847D4392A1BD94E9258B729E1FC2F8771EF6508E493B762238AF1F14B11B2D273711", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1688012408, "uuid": "280162c5-94a8-407a-8b7a-56b194b8f4e3", "value": "10c92732e2f9b87d0a930bebb28e6cad", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688012408, "uuid": "d3642170-645f-4ee7-9cc8-66502616a858", "value": "3072:jmGBuxhMocHW6B52SBLONzGXQcoymkW8lRiBcx3dYFlA7BRFFimA4ew1uP5H41Tg:jhgvc5GSBONEQim2QaBBXkm1dW+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688012408, "uuid": "488130da-2878-44ea-9330-782f797ba35c", "value": 407040, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688012408, "uuid": "7b474439-079a-404c-b03b-630a3c2ab422", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688012408, "uuid": "dc075f0f-c01e-426d-a0a7-98e7a63d287b", "value": "52b755ab6e44ea73b01a28a3b357029e.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "05039804-1673-11ee-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1688039375, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688039375, "uuid": "c55374ee-7756-4108-8842-07c05338bc8c", "comment": "Malware payload (AgentTesla)", "value": "db6f01f9d723218f397cefc9a6e539eb", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688039375, "uuid": "f13fc052-3121-4752-ba16-62dcd8ad0c2c", "comment": "Malware payload (AgentTesla)", "value": "6e5b3d70130810f2fc0e9625bc16331d75a1406f890e8abd97c2579809f1630f", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688039375, "uuid": "e621cf20-93ae-4a7c-a023-0a2b30081da4", "comment": "Malware payload (AgentTesla)", "value": "f0fe40b37ebad2ade43c1cb48fee7205259e7e9a", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688039375, "uuid": "f85a7af8-8f6a-4d37-8496-fea9476452e8", "comment": "Malware payload (AgentTesla)", "value": "567f0b2d922375342aa094c993aff6b0b4386bd4d7e7ff9042f5eb27e19bc62e8c894cf1500bb2cec6378b80b3e8ff64", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688039375, "uuid": "b9c54c92-1332-49ba-9218-a93739a00d3d", "value": "T16F458D3C6B7D9A23D030C6B4CED584B3F2554F3AB811D92258867BB52762B925DC332E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1688039375, "uuid": "3d6331db-88fc-4c00-8f6e-8a38c6594756", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688039375, "uuid": "1b5a5521-ae58-4ec2-bc74-a6b287e80115", "value": "24576:+QL/h9iz+ZygM3n16QYuP6f9VCcqpkY4MI184XNNzcy:rzh92AyN3zRQ9Vtqzza8qNzh", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688039375, "uuid": "fcc7042e-c0d5-4f34-9207-2843a26ac02e", "value": 1238528, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688039375, "uuid": "6e5554be-8ee8-4a4d-87e6-38fb7fbc2e09", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688039375, "uuid": "424b29e6-3865-4901-9e55-2b6736011267", "value": "Payment_Schedule.pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "51226e13-1663-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Gh0stRAT)", "timestamp": 1688032631, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688032631, "uuid": "f32655c0-67d3-4ede-919f-c063904ce846", "comment": "Malware payload (Gh0stRAT)", "value": "24bc29301059a1ceb4ecce433440cba2", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Gh0stRAT", "colour": "#8BEA32", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688032631, "uuid": "8a18e799-3a95-4b0c-9556-978ba51eae72", "comment": "Malware payload (Gh0stRAT)", "value": "6f03741eb6362adf2360b93159c1e9f254a51682cecfe7f41c0c6c98a2581a74", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Gh0stRAT", "colour": "#8BEA32", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688032631, "uuid": "7931eb2a-5166-4cc7-a3a2-31504a60b2dd", "comment": "Malware payload (Gh0stRAT)", "value": "e1db3ebff33a534fef4250bfc694232fac809940", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Gh0stRAT", "colour": "#8BEA32", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688032631, "uuid": "eee9f891-38a5-4f27-b801-876225b89fc6", "comment": "Malware payload (Gh0stRAT)", "value": "4396e033a173d6ca9d8d419137ac46425a6ba821a649b065fddd6a81befd2cdd44cfc9f41f6b124eeb736f4ae9b0bbb6", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Gh0stRAT", "colour": "#8BEA32", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688032631, "uuid": "ea63cff1-169f-45c1-8af0-a2b26318b249", "value": "T15B959F317791907AC6A33930961A43BDA675AE305B3942F756902E3E3F301D29A3C76F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1688032631, "uuid": "0d1c33c7-59ff-4d54-b0ba-05bd841b9f35", "value": "cd150323b20b7f56253b57c7dfed5620", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688032631, "uuid": "36c7b964-9398-4c47-a834-3cb0ec343711", "value": "49152:QeRQnqqqNzJAuOcNxkufoItcFtNiaYv241l/ywplyLsd+RN8SzoKPfPbg8DWs:jwqqClucNxkuzcFtNiaYv241hblCsdwD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688032631, "uuid": "79180ced-1fc2-4855-89c4-86745fcad41f", "value": 1914368, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688032631, "uuid": "b673bd89-bba7-41d7-992f-2ab5599c176e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688032631, "uuid": "fba25057-c57b-4291-a451-e078ecf5050c", "value": "takumin.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7d7b2f2b-167d-11ee-b3cf-42010a9c0076", "comment": "Malware payload (DCRat)", "timestamp": 1688043872, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688043872, "uuid": "acef2862-4c27-4ed9-b100-5bdfd172f3a5", "comment": "Malware payload (DCRat)", "value": "4d8f961dc3396fa19c5e39e4314e84f7", "object_relation": "md5", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688043872, "uuid": "481b08d6-2098-4a68-bf05-1d498ff423cf", "comment": "Malware payload (DCRat)", "value": "715f6f9aeaae1d34865039204dde4be900555a8e6c573d884707f6dc39ffb7c7", "object_relation": "sha256", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688043872, "uuid": "2b8adf85-d022-45b3-8a7d-727f6bdc1eaa", "comment": "Malware payload (DCRat)", "value": "ae760973e2ddf7e0be1b268301ccbe584bb81678", "object_relation": "sha1", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688043872, "uuid": "9328cd07-0201-46f9-9b26-0aebfaff2807", "comment": "Malware payload (DCRat)", "value": "d7880a9d70fa477fa7028be44aad7240c6f03b06f6d29cc736a390289c891804055899ac7cc5e31a1d3fd5bea44e452f", "object_relation": "sha3-384", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688043872, "uuid": "f13a8d70-8c5d-4753-a5d2-0b1d20536883", "value": "T179236C0037E8C136E6BD4BB5A9F3D1058375D66B6903CA5D6CC810AA2B53BC996036FE", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1688043872, "uuid": "8cec3db1-64b1-4273-ac52-b57d4e49c627", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688043872, "uuid": "dd4e2a7c-6637-4fef-9df7-5f8db41c2323", "value": "768:5OEuILWCKi+Diq2FxhLRaqiOqYbJgePHtbMYZevEgK/JTZVc6KN:5OtmqaxXjZbGORBEnkJTZVclN", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688043872, "uuid": "175d2882-b900-4a3d-8b10-aad08aef729f", "value": 48640, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688043872, "uuid": "d6fb3484-6b88-4824-a916-8a50bf879656", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688043872, "uuid": "55eb6b77-165e-44fb-8e6c-f1d1858f6f70", "value": "decode_902fce6202c040a512c62fc4a5b36683cb78e09f76fb47ba371d2e1cea1429f3", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6336229f-1679-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1688042110, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688042110, "uuid": "918e112e-7593-4b42-a575-de7cc0901c9f", "comment": "Malware payload", "value": "6890c2ae1d32cc782384c28e9091edbf", "object_relation": "md5", "Tag": [ { "name": "Redline", "colour": "#71EFB8", "exportable": true, "hide_tag": false }, { "name": "SectopRAT", "colour": "#1930F1", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688042110, "uuid": "30250177-a649-46d3-9b35-fd2358bb030d", "comment": "Malware payload", "value": "7229ba5bc6ceb845def35a355ad71b22ef2ff57238944118c2ab68b5055a60ee", "object_relation": "sha256", "Tag": [ { "name": "Redline", "colour": "#71EFB8", "exportable": true, "hide_tag": false }, { "name": "SectopRAT", "colour": "#1930F1", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688042110, "uuid": "d7ffb757-d939-42d3-b2fe-e49c6ff3c8eb", "comment": "Malware payload", "value": "aa377e36e39551e1f492b7e2d490a0b64d68ab5a", "object_relation": "sha1", "Tag": [ { "name": "Redline", "colour": "#71EFB8", "exportable": true, "hide_tag": false }, { "name": "SectopRAT", "colour": "#1930F1", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688042110, "uuid": "c843c853-d5fd-48a9-98da-ddbf3d983316", "comment": "Malware payload", "value": "3ecfd492b629721427f84eeaedd96d9870cde4198fa7a8e98122364700c1f9ff86fc906293d378fabf8b557caa938f20", "object_relation": "sha3-384", "Tag": [ { "name": "Redline", "colour": "#71EFB8", "exportable": true, "hide_tag": false }, { "name": "SectopRAT", "colour": "#1930F1", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688042110, "uuid": "86ea6154-62fc-46e1-b1fb-1d4fc1d400e3", "value": "T171D5C7E055ED6B96227DAD8BFF1C3A784DD02543958AFC4BE7DCE5850288F80D6E8231", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688042110, "uuid": "d1cafb3b-f4d6-4180-9810-fb3aea0eaa04", "value": "6144:k9yLO7TO+WuftCJiwkbTH52VuSgk6PFtsYk:8yLMzo", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688042110, "uuid": "6d6ebc29-cdcd-470f-bf38-8d60a2620118", "value": 2833520, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688042110, "uuid": "180db1b9-967d-4720-91df-2e5e7abc82e0", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688042110, "uuid": "8f152678-c551-4a3c-b8ac-a37b64073a8e", "value": "FRT_INV_QAIM0215404_1.vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b8cff70d-1671-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1688038818, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688038818, "uuid": "b708b68f-9f72-4d09-ab89-293f26c5ac7e", "comment": "Malware payload", "value": "60ba4592cf47ee49a814a48581a8df15", "object_relation": "md5", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "docx", "colour": "#0DD1A9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688038818, "uuid": "48bdd35f-8a77-4e49-9171-b0a7e9ffbfee", "comment": "Malware payload", "value": "72acaa0468b3a760a784c8c78169bcc71cf489459b1d86b6e5120662609f41f0", "object_relation": "sha256", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "docx", "colour": "#0DD1A9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688038818, "uuid": "6702d230-d4f5-4423-ab16-637199b36558", "comment": "Malware payload", "value": "4d5d996999d61fe7bcaa803d1eede2c84592c557", "object_relation": "sha1", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "docx", "colour": "#0DD1A9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688038818, "uuid": "8688479e-8d94-4c62-8850-2fa1d1c7090c", "comment": "Malware payload", "value": "bbc9c04b7b51523159874e7ecbef970264980fa8eab8e32d0ccdc8cc6bba501df1bf73247eba55e918444963d23a5f3f", "object_relation": "sha3-384", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "docx", "colour": "#0DD1A9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688038818, "uuid": "60f02265-5563-49a8-9d4b-681851fd8457", "value": "T197D3DFC645332C28E43CBD3DE21337B6B1E29FE1A479272EEE4932469F855429E8C457", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688038818, "uuid": "7e3df2fb-ac42-4027-96d8-f910fbfc43b8", "value": "3072:OviMUxbwuTyDBdevc5555aX9//5qvgrEZ:4iMYbTy1dA//gYoZ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688038818, "uuid": "ce679d84-2d31-43df-8020-41ef21cbf0a9", "value": 136216, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688038818, "uuid": "d84a17f8-4166-4f32-9d3a-d948198b79f9", "value": "application/vnd.openxmlformats-officedocument.wordprocessingml.document", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688038818, "uuid": "afd18dce-70f7-469b-9257-3b628fc1e569", "value": "FIS_Bio_Keely Edwards.docx", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fce010fc-166d-11ee-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1688037214, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688037214, "uuid": "db211c5c-f8f7-4fb1-8a9f-84c72e0cb6ce", "comment": "Malware payload (AgentTesla)", "value": "181e65e203134c826dee1b6c102e620a", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688037214, "uuid": "7f14b287-7e6c-4131-8cb7-c810c6b378fb", "comment": "Malware payload (AgentTesla)", "value": "73db29d98c5841eb7ef9051bb1e0b45406ea2aa092f88037d2f9165f2eb56083", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688037214, "uuid": "a28f99e6-db7c-4afc-9262-c5ef83f59ac3", "comment": "Malware payload (AgentTesla)", "value": "b089f236907ed4d589a9b3d322adb83d80bd659e", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688037214, "uuid": "a4183a2a-b021-42c4-8981-8c6699f6745d", "comment": "Malware payload (AgentTesla)", "value": "1f88113d649d44567c2dab0b8ead441b56f9b171221e2bf3d531114f9456da56a498e34cb5ec489cd9063e4f7191e8f3", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688037214, "uuid": "11eb0db3-b3b4-4d38-bec6-5a375985e66c", "value": "T193B4237528596BC96EF068C30B5ECBFA7D4F65E13A4EEF08F0282CE8D5C77086196116", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688037214, "uuid": "7d57c78b-66f7-4efb-bd5b-f83dcfe63038", "value": "12288:k/4ItObXnRzWguEUWeO1IBLQFI8WOMHiLvK92jxlr:W+XorxO1OiMCLvK92jxp", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688037214, "uuid": "0110d600-26ee-4d4f-a15a-ecc943f9d962", "value": 529953, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688037214, "uuid": "284f291b-ef7f-4806-93f8-06b26faf3732", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688037214, "uuid": "bf26b3fd-3ce5-489f-808e-266d19fdf49a", "value": "Ordene FC22068032478332.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "152974a5-16c9-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1688076339, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688076339, "uuid": "1706af3b-ac89-44fa-becd-8bd1877a3311", "comment": "Malware payload", "value": "2594a62538919cd3451047238cb2938c", "object_relation": "md5", "Tag": [] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688076339, "uuid": "09350312-2321-4e9b-95f2-9ed156fbb4fd", "comment": "Malware payload", "value": "73f3fd2407bdc476faa9e15657988ed10435e6756b7ffe55f04c8b493996772b", "object_relation": "sha256", "Tag": [] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688076339, "uuid": "dd3fdbf0-985a-412e-ab4f-8106833300f1", "comment": "Malware payload", "value": "61d150a045c483d2f651208338f23b3643b1150d", "object_relation": "sha1", "Tag": [] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688076339, "uuid": "24cf3a19-ecec-4ffa-8d6d-de4070f91d3a", "comment": "Malware payload", "value": "cef1904ed667968be39ef614e45d3661ecd212ff380069d3c5eb131cc9662922d18f58fb9f262977ffa52241711f0795", "object_relation": "sha3-384", "Tag": [] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688076339, "uuid": "da9b21eb-19bb-4899-8b74-14bf30f28a71", "value": "T1EAA2F907588710B9CEB9D33145A6B739E527323D0236E23967E97636AFDB9318E2D301", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688076339, "uuid": "db9bca7d-20fc-404c-8c1b-1aa4f705cb8f", "value": "384:HWHQTDplADWHtGa8ZmF0AIl7XLwXvR6c3OG7XL90LsPIVxOy6jt1wwwwwwwwwww4:HWHEtGaXFpL3qwPQE7t1wwwwwwwwwww4", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688076339, "uuid": "9a0383de-181b-4cf8-bbb3-195c1bc6babe", "value": 21984, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688076339, "uuid": "bc0071b2-434f-4bee-b84a-673a76b3de2c", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688076339, "uuid": "c4804219-a21e-4dc2-a1a3-2c9296fbf023", "value": "boat.x86_64", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0c6f90f0-1673-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Formbook)", "timestamp": 1688039388, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688039388, "uuid": "d32dbf22-74b6-4a5b-aac6-44648fb281a9", "comment": "Malware payload (Formbook)", "value": "9ca7d42a21d8392bf94b09cb840cba38", "object_relation": "md5", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "iso", "colour": "#ED4E86", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688039388, "uuid": "5d4c325c-45c2-4e68-97b2-37f7151fd8ff", "comment": "Malware payload (Formbook)", "value": "745a6ee99c1f144b0e059d0b83eaceea30ec3f40a22b8379970b3f3f75ba83a5", "object_relation": "sha256", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "iso", "colour": "#ED4E86", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688039388, "uuid": "da0fe199-a265-45f2-a43c-d2ab71b5c98a", "comment": "Malware payload (Formbook)", "value": "59c438ce3b30850eba2364ce8943cbcc10db3c69", "object_relation": "sha1", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "iso", "colour": "#ED4E86", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688039388, "uuid": "0aa1452f-c774-4d57-9ce0-5c314f975588", "comment": "Malware payload (Formbook)", "value": "45882bbbf0f011ef7e559d82749f434943fa8ba697af624bae37d3afd4a168e7e96fa070e36f327d0b76bd77e8613c44", "object_relation": "sha3-384", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "iso", "colour": "#ED4E86", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688039388, "uuid": "d58a68e3-3295-4b7f-b3b1-39b00d06f0dd", "value": "T13173FB185EAC0527E8A747B856B263C00B3BBA7372B3EB2F7ECC71552B532541911372", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688039388, "uuid": "57208b14-51d0-421a-955a-844187f031f8", "value": "192:m3tY6+qZZqwFkb7H0rKTW2eOdAZTza3kepns6XB5V87W1tfZGD4fJdq6myRRW35E:ui6LLUTcOdYTd6XBSsRGDPHBHN", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688039388, "uuid": "b1046eeb-102b-42e1-a7df-fedc496578cf", "value": 75776, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688039388, "uuid": "6091b297-d95e-446b-98b8-3be009aff2d8", "value": "application/x-iso9660-image", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688039388, "uuid": "08920782-5736-4d13-b8a7-cb94ed2773ad", "value": "doc08910120230628102641.iso", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5e723df2-1673-11ee-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1688039525, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688039525, "uuid": "ebcdcbfe-903b-4c2c-9908-d409e592708b", "comment": "Malware payload (AgentTesla)", "value": "249fd99eb0f892d009d8bc8269f52b97", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688039525, "uuid": "2d8da9e5-2580-4476-89f3-ccdef4b322cd", "comment": "Malware payload (AgentTesla)", "value": "747aebcb58dfe7048cbd515d1443f1d14f367fee553f112fc04dae24fd9c6ec8", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688039525, "uuid": "22a39818-5b95-45cd-969d-4bc6d9a420c2", "comment": "Malware payload (AgentTesla)", "value": "783514f822eb35d60a7e01d239459bb3395ce9db", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688039525, "uuid": "6c880a70-076c-45f1-b983-1c73bb6028b3", "comment": "Malware payload (AgentTesla)", "value": "9edf09a8a72d97d28557b628f89e8a18c23eb4bc4a1f145c8ad3e1c3dbb22b85d030a533ed8e70bdb749214037304472", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688039525, "uuid": "89291973-834d-4bfb-9efd-4ec4eec52ba2", "value": "T1CFD19FCD4BAEB9C2E4BA1A3054E91C19A7F4F26B29E580FC05D0C77CD40E5524A0AAD7", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688039525, "uuid": "d3bdf879-82d6-4f79-b437-b3d8811af42c", "value": "96:IKYSBoI5olrlEk8IEEymc3/NK5ZtZnV6Nx8K5/EYFbLLfDyGf93Q2270JLeg:HYDDCA35Z/Vsb5/5bLXyY9Af73g", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688039525, "uuid": "e19b8752-5b81-4953-ac18-e1513f81160b", "value": 6482, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688039525, "uuid": "8ecec141-fd84-40a1-b657-fab94abf0d19", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688039525, "uuid": "7514f226-0a17-4aef-b6eb-376d0738c2f1", "value": "DHL_AWB_NO_#907853880.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "54d9cce8-1642-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Mirai)", "timestamp": 1688018464, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688018464, "uuid": "d2ded091-d733-4ece-af96-475b11b45bc9", "comment": "Malware payload (Mirai)", "value": "00add8c177369de56716c6994c17dd42", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688018464, "uuid": "0baf8081-02c4-43ad-95dc-be031972f79b", "comment": "Malware payload (Mirai)", "value": "747ec31cc36d0c5eafc2c613b6c5517437530e9c0399feaf0106786228506fb9", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688018464, "uuid": "df08601b-1b65-436f-b81a-cf69a941123f", "comment": "Malware payload (Mirai)", "value": "dbbe8a625fff147c562eaa83b0c5e76c2b519674", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688018464, "uuid": "44e1da7c-2c40-42e4-af6d-c9ad4e495e15", "comment": "Malware payload (Mirai)", "value": "641abce71d9edc1953201fd2f1fce694d195b92674cf52b3c899fdaba0c81fa7072d4b434617c58d974de9d90f3bfd31", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688018464, "uuid": "72be72ae-9c17-444f-8a10-6544b6f866b4", "value": "T1AEC2D1E07726ED31C420AC3DE52B4D8A3A51077C91FF353664158C359FC269A67F48BA", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688018464, "uuid": "2bae6524-5e6a-4658-8c4e-440b9566e217", "value": "768:eMKyhegCCMqfizjoNpd2vJdX6vwrp9q3UELu/b:NKy4qfqoeJdXWgcLKb", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688018464, "uuid": "fc4dcd30-9b41-463f-bca4-9e2561f893b7", "value": 27300, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688018464, "uuid": "504ea3f8-d7ba-43ad-9c30-72d8f299783e", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688018464, "uuid": "8c388d22-bdfb-4c31-868f-3a17538f836f", "value": "00add8c177369de56716c6994c17dd42", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "820e7c3f-16bc-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1688070938, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688070938, "uuid": "34dc6fe5-e517-4688-bf7b-d0d2f230b5ce", "comment": "Malware payload", "value": "e69f3d5f0cca3afe805ae07953af3ce9", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688070938, "uuid": "88d31cb0-8619-485b-b5eb-3a51f538ca1c", "comment": "Malware payload", "value": "76a735834d4172e73f97cc5bbeea76a088ff2161a10374598059b60f4ad8e15e", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688070938, "uuid": "7661e981-a645-4759-9448-4f12fef151bb", "comment": "Malware payload", "value": "b4f4d091e9295d6295ae05d24c613a1812e85cc5", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688070938, "uuid": "3fa9bd6e-5e43-4ecb-8a27-6aaa3cee108c", "comment": "Malware payload", "value": "880b393d5a46ca8f55bd60701c2e29e6bffb19ea39c6e3b01f3615c075e9d5da0db0aa5efb9768940bc6080ae97b119e", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688070938, "uuid": "afb9546c-07b7-4a4a-a88c-0d2b6c0463ce", "value": "T13A357D0DEA42DAB2E1B19171028FE33655318439C633E567EF5EBA7CB476310AE0D35A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688070938, "uuid": "39724f12-1e84-4e4f-a896-fd24fa3ddd18", "value": "24576:fP5BJQTi+B8fbJMGjseDpPzVnpWjc51PH/gtviRGcrTmHBtYT4f4edzD:DJQSHQePpWjAfRTmHBn4Q", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688070938, "uuid": "28165185-0087-46f4-beb9-7506dd2be6dc", "value": 1137112, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688070938, "uuid": "2e9fe9a9-fe53-40b4-8ce3-8483c8a73afc", "value": "application/x-sharedlib", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688070938, "uuid": "b6f97c36-386e-4b5d-9bec-af733c164266", "value": "shell_x86.elf", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6e475e51-1676-11ee-b3cf-42010a9c0076", "comment": "Malware payload (QuasarRAT)", "timestamp": 1688040840, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688040840, "uuid": "97aa2eb1-6c5a-4cfd-a0e6-0be46961d2a6", "comment": "Malware payload (QuasarRAT)", "value": "2ee3aa9bc2da3fce27fe025356ae13b1", "object_relation": "md5", "Tag": [ { "name": "crazydns-linkpc-net", "colour": "#E3E4B9", "exportable": true, "hide_tag": false }, { "name": "QuasarRAT", "colour": "#359B0D", "exportable": true, "hide_tag": false }, { "name": "TA2541", "colour": "#201A5F", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688040840, "uuid": "8483b097-f783-4e55-8355-3013a081e4a9", "comment": "Malware payload (QuasarRAT)", "value": "77cc8d160dfa2efa3a75e52a620e3f8a6cc2665e94ed56aa1ddd97a61b59a5d1", "object_relation": "sha256", "Tag": [ { "name": "crazydns-linkpc-net", "colour": "#E3E4B9", "exportable": true, "hide_tag": false }, { "name": "QuasarRAT", "colour": "#359B0D", "exportable": true, "hide_tag": false }, { "name": "TA2541", "colour": "#201A5F", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688040840, "uuid": "122f7b28-2923-48f8-ae00-e5faaf87f84b", "comment": "Malware payload (QuasarRAT)", "value": "d6c9f20fbfef8b1dca77e002c4ad2b9f7cad13c5", "object_relation": "sha1", "Tag": [ { "name": "crazydns-linkpc-net", "colour": "#E3E4B9", "exportable": true, "hide_tag": false }, { "name": "QuasarRAT", "colour": "#359B0D", "exportable": true, "hide_tag": false }, { "name": "TA2541", "colour": "#201A5F", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688040840, "uuid": "aa2091b5-38d4-4b74-84a9-0d499c44e5d7", "comment": "Malware payload (QuasarRAT)", "value": "0ce63b469b64859d73aed8a6092bdad780d197fd4a817f577a34084e8565c8f5c4c856810831543b7480fadbd4eaec75", "object_relation": "sha3-384", "Tag": [ { "name": "crazydns-linkpc-net", "colour": "#E3E4B9", "exportable": true, "hide_tag": false }, { "name": "QuasarRAT", "colour": "#359B0D", "exportable": true, "hide_tag": false }, { "name": "TA2541", "colour": "#201A5F", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688040840, "uuid": "a59d0860-6108-4489-8d6b-cbcf09e167b0", "value": "T17924711232E6112571B23B9DAFB2D1744B1BBB995A7E833D19FC250A0FE390084E57B7", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688040840, "uuid": "8d395735-db1a-4851-8bd3-ddcab061f496", "value": "3072:u5d6525555555e555555555555p5555+Ji555tp:R", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688040840, "uuid": "a15e8700-5daf-432c-a0f7-4735a699c200", "value": 218432, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688040840, "uuid": "c456991c-cb63-41ad-84bc-814d5656e1a8", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688040840, "uuid": "56f81f23-c82f-45fb-a3cf-0cfba10c7999", "value": "Trip details.pdf.vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4f73580a-1670-11ee-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1688038212, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688038212, "uuid": "53614962-c076-4169-b191-8bb3ecb20727", "comment": "Malware payload (AgentTesla)", "value": "fa5c90b63bca3da7686150e7c8740cf8", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688038212, "uuid": "01e45824-9667-4142-8723-5220ff2bc374", "comment": "Malware payload (AgentTesla)", "value": "78e80d199c8f83ca374149845bdec0967e1008604b453f7f4dc28cd91540868c", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688038212, "uuid": "41dd0ce5-fb18-4e7b-8ea8-9187bf067f93", "comment": "Malware payload (AgentTesla)", "value": "43cc0b204d482bd25b67a2a4b2e7de80a6b7cfe4", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688038212, "uuid": "f9e3bd91-3af4-448f-9f79-413ba64ba3ec", "comment": "Malware payload (AgentTesla)", "value": "755d92d38380a88ba24fcf732a11b94cef4401ec4625806f4c0d1a9a973617e689d279637ce88a2aa29176599ed52faf", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688038212, "uuid": "c4546f56-5b7c-4f8c-b059-8a69b8999ac5", "value": "T13DB42387F9715B728CC22E8485E9D3D274AB51250687FAA26E27DBEFCE43F050374212", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688038212, "uuid": "f8040b9a-9ec9-442e-bbd3-85386c3d1cc8", "value": "12288:SpOxz66may33v8VJQWZAkb8rqaojXRNtPr3lVfQePS1:AOxW6Ty33v8VJQWiU8rq/jXR7/E", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688038212, "uuid": "afe5bafa-f167-499b-a5e0-e2e4736dc46e", "value": 525205, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688038212, "uuid": "32aab10d-5a84-41f2-ab86-53dc162de736", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688038212, "uuid": "aff2f5d4-0397-4aad-aa60-a9eed2a3aa6d", "value": "packing list.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e6a55be7-16cc-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Mirai)", "timestamp": 1688077979, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688077979, "uuid": "eb2e60e7-fcb5-4292-bd09-ba10e1c4babc", "comment": "Malware payload (Mirai)", "value": "0798dc1180988b6d345afca81b03dc73", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688077979, "uuid": "9a3ded28-834a-4e65-a1d7-9b8ec33ffa0e", "comment": "Malware payload (Mirai)", "value": "79b8fc769451f34c70b09daa9842d78c926bf1821ed22b70f968261a00bc60bd", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688077979, "uuid": "727187f1-d212-4046-9105-456550576d18", "comment": "Malware payload (Mirai)", "value": "0cba858bed569f68df11642f8bbc2e9fca5632c9", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688077979, "uuid": "a4e3e7f1-4fcb-49fe-be7b-3956389f0946", "comment": "Malware payload (Mirai)", "value": "61eeff0542352fd75d39805d2df7c1128a997c9575bc41cfc2b6dde3afc2ee48369cfbe5ad62ef5fcbe8dfa81067eff0", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688077979, "uuid": "56d204ce-bff8-4ff0-a68b-76f655e2efa1", "value": "T188A2D025D3496EF4DFAF9D9053C1C2C276E547C62786C8E340EEAF013516046BB49D59", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688077979, "uuid": "a8e85209-4d2b-4120-82b9-2dc7aef2382e", "value": "384:9/JywWc84Tp2YshxqlDeAkSqjGJLeCE5zRW6C5H9VM4uVcqgw05VxJd:9RxsSVsMD6xiJJE5zRWN9U4uVcqgw09f", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688077979, "uuid": "1457f3c4-7b3c-4a4a-bf4d-30f818e51334", "value": 21884, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688077979, "uuid": "12663f5a-6c25-49b1-aab8-8df4389468d1", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688077979, "uuid": "0e8a689e-a219-4d4b-ba52-034d9f4c71f3", "value": "0798dc1180988b6d345afca81b03dc73", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0fc2910f-161e-11ee-b3cf-42010a9c0076", "comment": "Malware payload (njrat)", "timestamp": 1688002886, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688002886, "uuid": "01326020-fb54-4568-a085-3d7dba08a4fd", "comment": "Malware payload (njrat)", "value": "097de0afe9c3cb4bb0b145755b03c4c3", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688002886, "uuid": "ecc2c311-0f23-4376-b076-5ea7ed497fb9", "comment": "Malware payload (njrat)", "value": "7b489b2c0652daa155af036c9ff79d55c69815bec3eb3e5d0f8489195ed16af0", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688002886, "uuid": "7fd48ff1-fc97-4c2b-9303-b01d1d280f00", "comment": "Malware payload (njrat)", "value": "a8814d5bf9a3549ea52f0ddd65a7ad20cdeabd35", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688002886, "uuid": "4519dd7f-b7c2-4eed-865c-b9f9302e9024", "comment": "Malware payload (njrat)", "value": "a6681cefab4cd13260290a2989e9d8e843c0c905e2eb3d5b550c5afa65fe246b85369b3d1000099be24bc6ff429c88da", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688002886, "uuid": "7abc9a0f-4c94-4ec1-9585-cb4590c4bbca", "value": "T1CE93E84977E82524E1BF56F75872F2004F34B54B1612E39D49F219AA0A33AC44F89FEB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1688002886, "uuid": "aebee0c4-d24c-468b-a827-cef5b5497571", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688002886, "uuid": "b208f826-13df-47a4-98c3-71bbf3a2606e", "value": "1536:oUh3wHyNxrBhh5YLg1jEwzGi1dDyDwgS:oUkyNxrBhLggCi1dUZ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688002886, "uuid": "4238a45d-58eb-4726-b36c-d70eef13e579", "value": 95232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688002886, "uuid": "ed8e119b-2925-4189-93f1-d71bb50d5583", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688002886, "uuid": "d2db9cd4-1349-4c90-94e2-8df83ab4522a", "value": "file.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ac87d17c-167f-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1688044810, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688044810, "uuid": "5ef06c04-bafa-48b0-9761-f99c5ed5ee62", "comment": "Malware payload (RedLineStealer)", "value": "f647d269f72f03b02919ff736440d81f", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688044810, "uuid": "ed32c20f-326e-4722-aa3a-9b7654da1a7c", "comment": "Malware payload (RedLineStealer)", "value": "7d5a1acd402b5d1e7cc72fe0d7b947d2bb1a3123dce15c9ce5c286f1efa10ca8", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688044810, "uuid": "9757b7ff-dd2d-425e-8c50-99b1374e56d9", "comment": "Malware payload (RedLineStealer)", "value": "daef24a3376f0751f17237c239da603391443444", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688044810, "uuid": "2bc84d25-aa7d-4f1e-8545-440200808fee", "comment": "Malware payload (RedLineStealer)", "value": "ef818558422fca956caf6920015dd3d3deb52a940abce64b120e299ae5aab3dcd178f79bbbac4ac94555c4eafb8a2171", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688044810, "uuid": "9b46bc8e-7359-492c-b559-367271f2736e", "value": "T187848ED2B2A07C6DE5254E328E2EC6E42F1FBD114F55ABABD2185B2F05F11A1C5FE210", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1688044810, "uuid": "b7f66bed-a7d3-4bba-928e-45d4ae5a8fc9", "value": "4ef5c5864141626e44cf96ed52dc90ca", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688044810, "uuid": "0d70e13e-6909-434b-b3f4-24b170fc2174", "value": "6144:MIp27aTvnGl717GxRohRSyo5OoUm1Px029XD1shE:MIcaTvKXnSl51x0i5sh", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688044810, "uuid": "39786aa7-aad0-41c9-a6fd-e35e7163b0f0", "value": 385024, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688044810, "uuid": "bfa0a160-8068-4f50-bc21-6b1d3f9c9b09", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688044810, "uuid": "e7128f8e-952e-4d5b-b8be-77156ce4953f", "value": "f647d269f72f03b02919ff736440d81f.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "44e59058-1642-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Mirai)", "timestamp": 1688018437, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688018437, "uuid": "4e1cedfd-2b2d-4b7a-9faf-c3a4e4f19b2e", "comment": "Malware payload (Mirai)", "value": "31873e8c95f585dd35a1e4b294e0b2cf", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688018437, "uuid": "facff33d-0701-4e11-9009-3d59dfb29099", "comment": "Malware payload (Mirai)", "value": "7e3554ccb28aa16e169ed9bdeaee0183e070f0089d44694bbf4019391ff4346c", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688018437, "uuid": "3756a506-b900-4e50-a79f-c087466d32db", "comment": "Malware payload (Mirai)", "value": "fe665610076dd2d5c272e106c5d41668889efd53", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688018437, "uuid": "09ba7d7e-18e4-41df-98ff-5a4b1b838f61", "comment": "Malware payload (Mirai)", "value": "25064a4c52bfbef793684ec92200fbf79fb1b2031d538c86563429b5814cd981eaf4a0ca1394b36be3d169b227c8d62b", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688018437, "uuid": "59638e70-c528-481d-91df-bbbe50be2e34", "value": "T157432921B63A1F13D0E0A47D21FB4B59B1A15ADE26A4C64E7D720F4FFF11680A943DB8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688018437, "uuid": "9784e012-d33e-44d2-a28b-aea9dd19f28c", "value": "768:RqowmZPu9wtnfbltWgC6BSJsBcfDSTFIuQKqgESnmC/xO+KpAwj:RqtmZPuutfbltZFBSJsBcfDSTFI+BEj", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688018437, "uuid": "d18fca01-c8a3-49fc-ad06-c4dc07e1f897", "value": 58376, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688018437, "uuid": "78cc44b0-fa4d-4e72-a5aa-c1bf8f89c03e", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688018437, "uuid": "8d49c724-817e-471b-ba5c-8799e3465604", "value": "31873e8c95f585dd35a1e4b294e0b2cf", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f04f61b9-1681-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1688045783, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688045783, "uuid": "939d9b2f-d2fa-493e-a4b9-92ed14f8e711", "comment": "Malware payload", "value": "f33fb23f24a0a59312858944306d03e6", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688045783, "uuid": "5a4f9f01-fe6e-4a19-9889-ced911e33f75", "comment": "Malware payload", "value": "7f0d516e63837d5dc637550b0b4855ba2d26d5d0352e5b5afdfb6cbc0444576c", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688045783, "uuid": "ddc84275-6fd8-4848-a530-56b63e98b5de", "comment": "Malware payload", "value": "e74feda60d1172c3dbe4a1444ae78cf0c88dbedc", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688045783, "uuid": "e0b35854-aa25-4a30-b737-b88f94391f51", "comment": "Malware payload", "value": "91e08870f87c240d725693393434bad7214380523f40fe6282f22a037d9a91b013482f24680e9a7b77dcd8ae85306512", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688045783, "uuid": "e420773c-6cdf-4a6b-a1f3-217bffe7191d", "value": "T12E3533F11A8948B7EF2BF43512D38F7FB42E5C168837075CE2689A0E4357E7886944B6", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1688045783, "uuid": "e7df4f96-7d69-446e-9ae1-a9dd27a31bbf", "value": "b9083dd82a429a49d949568d3647ca0d", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688045783, "uuid": "b3358e18-2f3a-4faf-9690-e6944fec570b", "value": "24576:VlhloDX0XOf4lLZPs04vibYPX0DkOou268noAgCl3KF4LnPoq:VlhloJf6FFQiyX0DkOjz8o1ww4E", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688045783, "uuid": "3ffcda76-f9cf-48a7-98d5-7a1fbf144285", "value": 1126400, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688045783, "uuid": "3a1e9f6f-39bb-4eff-9f47-5f9388ef0609", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688045783, "uuid": "ebe50a07-0834-4a2c-b6f5-eb98cd72a440", "value": "1.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ab2a2290-16c0-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1688072725, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688072725, "uuid": "ab353a56-5c68-4e7a-aa1a-bab37be1d9db", "comment": "Malware payload", "value": "9afad5d8a3aee6f5496261f6f0573015", "object_relation": "md5", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688072725, "uuid": "9d842614-974b-44e9-abec-566cb74bdde1", "comment": "Malware payload", "value": "80797ff9dcd172a55dbdc7ff26d43afc1104634213c482ef72794fbdef449540", "object_relation": "sha256", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688072725, "uuid": "0541c956-ad82-4de8-be82-c158e767499c", "comment": "Malware payload", "value": "3307e73a9005296aa880d19274daea3172328531", "object_relation": "sha1", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688072725, "uuid": "0bac0cb3-5dd1-4da2-b12a-4fc49a81e5bb", "comment": "Malware payload", "value": "d7bb8c2c122aa803a3ee82a63df317b1b61beacaaa7a3054ad7e17e1d1f04f0be700fce9e5af3116199d77166276b167", "object_relation": "sha3-384", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688072725, "uuid": "ab7d1ab0-8f11-4353-b0de-9bea93092e36", "value": "T14F16E0967ED3C83DE027D03900439823AD7951EDA14AB5A71BF4088B5C34D9A1B7BBDE", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688072725, "uuid": "5476194a-04aa-438b-ab95-18c3068e9be8", "value": "98304:Qir4cR3u+RwNZUcLYnT7V8UZKMlIGTJLtpeEzRGCu1:3rRkSQY7+ULej1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688072725, "uuid": "b21bc03b-2bf4-4f7b-8faf-201ec374c078", "value": 4325936, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688072725, "uuid": "ffa11af1-2add-49c7-9b29-4b331f264988", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688072725, "uuid": "39114213-c195-4400-8c7d-4d0011be3f84", "value": "minecraft.jar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7ae616d8-166e-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1688037425, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688037425, "uuid": "a1f04e0c-a494-411d-8dd7-4e9d7ffe9ef0", "comment": "Malware payload", "value": "29f94f94a85c28e61a89f8f3580169e0", "object_relation": "md5", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "docx", "colour": "#0DD1A9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688037425, "uuid": "a8385b30-1b73-4247-a4e4-3f3a49d341bc", "comment": "Malware payload", "value": "80eda9c564b4184a2e3d3869a63406ed04b773e72d170de77536f570ecccec4d", "object_relation": "sha256", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "docx", "colour": "#0DD1A9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688037425, "uuid": "4d03d730-5bfd-4ba0-b028-eec6fe313567", "comment": "Malware payload", "value": "9739289c48423a04067b08e857babbf441977464", "object_relation": "sha1", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "docx", "colour": "#0DD1A9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688037425, "uuid": "4ab92ec1-a747-4a00-bed1-3881536a443d", "comment": "Malware payload", "value": "6ee38420ef272f13bf750a19a4042dfb4073812a3a1e7c2c28d663e3550262f56d4fb58a777ebf2616924aee7611a7c4", "object_relation": "sha3-384", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "docx", "colour": "#0DD1A9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688037425, "uuid": "3d43324a-002f-41db-97ef-a0da4cc73e49", "value": "T14472C038D08D7C2AC51A89BDB16A41E3F81927868A3C79CA5512B7E7C741A53B33316E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688037425, "uuid": "dc7293af-ee0f-44b2-a03f-c2982c90650c", "value": "384:axO7kXLQX29C8mLIkLlJdXwaqXGxcVBa/Gdnu:38LkIkLlJdAXbBa/z", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688037425, "uuid": "68169a0e-65c7-4741-8535-656ae3395ad8", "value": 16453, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688037425, "uuid": "1269c638-4265-4772-8d4f-a5d6cb45c337", "value": "application/vnd.openxmlformats-officedocument.wordprocessingml.document", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688037425, "uuid": "4fda70ba-b6c7-4a8d-9ff0-713f71644483", "value": "MFLEX-Feature Article MortgagePoint.docx", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "24d0926f-164a-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1688021819, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688021819, "uuid": "aa165cc3-b465-460f-8d94-f983992ba75f", "comment": "Malware payload", "value": "48dbade1d2444883d6b46a55b4fc3751", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688021819, "uuid": "e7daa72b-a9ef-4070-86f2-3f9ffdebd250", "comment": "Malware payload", "value": "811566c02b85bfff2c60105b3638aa7a7d906658c1fc1fd0e2f5112dfcb492be", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688021819, "uuid": "6c71b5d8-d271-4678-a5c7-e5915987c254", "comment": "Malware payload", "value": "65446f06c1cf830771ea438a18ebf8970e1c4a6d", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688021819, "uuid": "a2dd33d8-1f29-415b-bb66-4101efba6a80", "comment": "Malware payload", "value": "c67cd6903c42ec139f0ab8d0aff26fc5e9433e8cf442f9c0ef45f00c587b63ee10f7d821b90d22b87669a4f94c357bca", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688021819, "uuid": "87c29bf8-db44-40e2-a0db-72f0934d417d", "value": "T11D7523027BC486F3E26125336A35AF21963DBD315F328DD7A3946A5DDE321C08732B66", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1688021819, "uuid": "aff87c87-7fe3-4ece-adb4-bcd4955c46bc", "value": "aac51396886833dc961fcd7aab7711e4", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688021819, "uuid": "175721cb-b5c0-456a-8747-36e28e5892d1", "value": "49152:zea3qszM4W5dvx/WfaQfXS36HgZxhPxCDNCkBuUm:zHvDq+vXS3UAuNCuuUm", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688021819, "uuid": "3ba8600b-9284-495b-b11d-b084e3991d63", "value": 1677176, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688021819, "uuid": "b87573a8-ce8b-43d3-a9ba-76197d52ac6c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688021819, "uuid": "6b865aea-2c1f-47cf-bf5f-0d50f02ac27c", "value": "48dbade1d2444883d6b46a55b4fc3751.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5a418abb-1675-11ee-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1688040377, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688040377, "uuid": "b97b4094-629b-41a8-8f5f-ce2be0c432ff", "comment": "Malware payload (AgentTesla)", "value": "0650675ab376d40d2dcad50e3efbceff", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "QUOTATION", "colour": "#75C1ED", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688040377, "uuid": "5940d37e-4062-4c8d-9d7c-64f41e70af49", "comment": "Malware payload (AgentTesla)", "value": "847c2e91f8dffb163ee7bb60417fc8b66f4a828627b720c74cbf5eba2ce1d242", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "QUOTATION", "colour": "#75C1ED", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688040377, "uuid": "9051ec76-56b3-4dd5-b06c-185d23d3784a", "comment": "Malware payload (AgentTesla)", "value": "cdbbf59c6c9220e43514771b12faea896bd41aed", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "QUOTATION", "colour": "#75C1ED", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688040377, "uuid": "066ca8a1-2c16-408e-8d7e-8b42c1af34d0", "comment": "Malware payload (AgentTesla)", "value": "39d7b18d865d6022918a430dc60c545e9775bcb4a2f6b722d8b37c744d4491db5a9ec7892d52d54d2f157da7767de6c9", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "QUOTATION", "colour": "#75C1ED", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688040377, "uuid": "16627de2-0242-41e3-bbb7-72206435242c", "value": "T196B423CC77218DC6C7EEF57D920519A8B1C1CB4D86933E21E9E5A851C92034E9BB0F6E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688040377, "uuid": "51d4a59d-6179-4ca2-bbf5-efba61930772", "value": "12288:+Pt9HngkjW4EYFyPXqGi2I7Kgv60sphCqivmJjTBdwU:yrHndK4VOaGPXgGhCqCmJjTB1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688040377, "uuid": "f2647e88-4a2b-493f-89be-c17552b38569", "value": 527514, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688040377, "uuid": "77272eb1-1da2-4ea3-b3de-4fed8bf279f8", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688040377, "uuid": "814aea50-1a44-4d77-b599-bbd31218d82b", "value": "Quotation.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3eee168f-164b-11ee-b3cf-42010a9c0076", "comment": "Malware payload (StormKitty)", "timestamp": 1688022292, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688022292, "uuid": "8b6d6fcc-3192-485a-bc14-f4cebb654740", "comment": "Malware payload (StormKitty)", "value": "f46c79fd3ebe680154ff88979778870d", "object_relation": "md5", "Tag": [ { "name": "StormKitty", "colour": "#922AAA", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688022292, "uuid": "7187592a-b336-4e24-9892-75a4a5a7c6e6", "comment": "Malware payload (StormKitty)", "value": "8684657c74fb8ea7e7d34cd23501e2eac0ea5165f92143b5468209725190bffb", "object_relation": "sha256", "Tag": [ { "name": "StormKitty", "colour": "#922AAA", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688022292, "uuid": "ffc305fb-e750-4673-8198-cf8a4b486159", "comment": "Malware payload (StormKitty)", "value": "3aca849cbf6219b166d6388293bf06fad88e55be", "object_relation": "sha1", "Tag": [ { "name": "StormKitty", "colour": "#922AAA", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688022292, "uuid": "24dddec7-f79f-4987-82af-74d9ea0525f0", "comment": "Malware payload (StormKitty)", "value": "1df1a9bf0e6f13f9bc272e0c7a93ae315f382b539f28077860cc4250b4201911df516d98c13b30a457a433c3da0728b5", "object_relation": "sha3-384", "Tag": [ { "name": "StormKitty", "colour": "#922AAA", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688022292, "uuid": "556cb0ca-e6d5-442d-82b4-9fe2a378ea65", "value": "T16D16CBD3D7ED1B96227D2D8B373C0F4E4D1025C2D58BF85BA7A5E58B0298E80D6E9231", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688022292, "uuid": "5e942ddf-0bb3-4fad-954d-bba174b73eb0", "value": "6144:zocsGPLYBciclsEveCx0ewEvagIXOJl8zjmQagZTR4RQlLCKqshj4Bz78i7DlxrI:kcsGP8BciclBeq0envagzNmmm3", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688022292, "uuid": "62986b80-0747-4607-bce1-95992e0eb689", "value": 4186540, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688022292, "uuid": "618a18f9-742f-4e49-b724-328f61cc9987", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688022292, "uuid": "a034adff-90b9-4c20-be9a-9dfa7dd9fdd8", "value": "00178439238--ENQUIRY..vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c45d5810-1649-11ee-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1688021657, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688021657, "uuid": "b446ef7d-591f-4475-8729-1359ef4a186d", "comment": "Malware payload (AgentTesla)", "value": "1a2cfd318c11427f0ce1b0cfac83480f", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688021657, "uuid": "61f8f269-2667-438e-80b1-22357e837459", "comment": "Malware payload (AgentTesla)", "value": "877dcc901ba5abacac399a8f33ccaffa321eb4306a3a10f16fa9a2d183374cd7", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688021657, "uuid": "7f22ac52-7056-4429-91a1-43db47af787a", "comment": "Malware payload (AgentTesla)", "value": "4bdcf9570cb252ee93e8da3888a70d7825e65a1b", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688021657, "uuid": "dd922a21-d3d5-418d-9793-6cacfe925409", "comment": "Malware payload (AgentTesla)", "value": "a4cd08ffbfb9d379584d11a7cb8e39d77938bf17d6860e344dad9fd14ba906df46d9d881b735d12c9f3bfe2597d1dea8", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688021657, "uuid": "1fdb6a54-d283-4c98-8147-7ef1f0aea9c4", "value": "T164A4F13C57A9FED0E29CD138B0BAAB6C57B1D079A14BA7E62BA505F11EC638503144CF", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688021657, "uuid": "a7aa2508-8207-47ae-9520-7d2318d2033f", "value": "12288:uIFAplx5LmAFNaxAqm/OMqgcG2IWIvvwZUN9XPc8l51VGWAxX3dkcWCiFoG5:OtfNaxAqm/OMqgcG2IWIvvwZUvPc8vec", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688021657, "uuid": "44a88bee-1d64-4637-8f1b-52c6194b6ece", "value": 474640, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688021657, "uuid": "edc1992e-05de-47d8-b8ff-55866c0b357d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688021657, "uuid": "f2d34da0-c53e-4c85-b63f-03dff81f9c7c", "value": "file.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e43ebfa0-16cc-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Mirai)", "timestamp": 1688077975, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688077975, "uuid": "6d58cb6e-6a48-4364-8679-b4b41e947a41", "comment": "Malware payload (Mirai)", "value": "15ec234e32c4c68178306990ef0b963a", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688077975, "uuid": "c395e7bc-1a00-4a42-b456-140858c07d91", "comment": "Malware payload (Mirai)", "value": "87eecc542422e2e58b272f8462709284670256759e0412acd99f4af330a91586", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688077975, "uuid": "2a0c871d-162a-4ca8-9d6c-30b2c3a47f68", "comment": "Malware payload (Mirai)", "value": "fe531de97dc403140f37e89c81e0c5bf55b2fb05", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688077975, "uuid": "9d79df2e-84e7-4318-9b07-93dfc05c158f", "comment": "Malware payload (Mirai)", "value": "c32c3d47bd278f2edfd2098d6017de5b7f9ffa4bb61338fc15b09a91724f6817b326036f69304496447e443c7e0ca697", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688077975, "uuid": "c8bb8edc-bbcc-4b83-a295-7621990e5bb2", "value": "T1B4336B36E029DED0C6560234A4E88F751F03F1C883536EBB2AE546B2645396CFA19FF4", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688077975, "uuid": "25504322-f766-49e7-8353-4809447f9d17", "value": "768:Oa2vU7eng2qGJert7LrLMU6fgatQh+YbT/9+m3CZQoV/bnmCozw:Oa4U7G7SvT6ftBTm3KVrmCo8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688077975, "uuid": "b3bf8ce3-6ece-4049-8a15-5f2834572a45", "value": 50168, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688077975, "uuid": "a8ce24da-3149-4798-9ea5-de73ef81b5a7", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688077975, "uuid": "8841b5cf-6b22-4f93-9690-0ef63dc6de8f", "value": "15ec234e32c4c68178306990ef0b963a", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6cc2bb38-1676-11ee-b3cf-42010a9c0076", "comment": "Malware payload (QuasarRAT)", "timestamp": 1688040838, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688040838, "uuid": "918ecff4-ec4f-493d-9274-7313e6cedb98", "comment": "Malware payload (QuasarRAT)", "value": "9f44b3fbf182ad7676b0f2f2a8e75195", "object_relation": "md5", "Tag": [ { "name": "QuasarRAT", "colour": "#359B0D", "exportable": true, "hide_tag": false }, { "name": "rick63-publicvm-com", "colour": "#D579FD", "exportable": true, "hide_tag": false }, { "name": "TA2541", "colour": "#201A5F", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688040838, "uuid": "1fe79f2a-e64e-483d-bc3c-2637265af622", "comment": "Malware payload (QuasarRAT)", "value": "888dc17f63eb7b61713327994a126c3ce5ca2b69e2643c8f6b7caa34235e972f", "object_relation": "sha256", "Tag": [ { "name": "QuasarRAT", "colour": "#359B0D", "exportable": true, "hide_tag": false }, { "name": "rick63-publicvm-com", "colour": "#D579FD", "exportable": true, "hide_tag": false }, { "name": "TA2541", "colour": "#201A5F", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688040838, "uuid": "7ae97122-3507-4ba4-90fd-54ebec5b4255", "comment": "Malware payload (QuasarRAT)", "value": "9d81ea57b89fa7452331df1b9383d97ea9539d73", "object_relation": "sha1", "Tag": [ { "name": "QuasarRAT", "colour": "#359B0D", "exportable": true, "hide_tag": false }, { "name": "rick63-publicvm-com", "colour": "#D579FD", "exportable": true, "hide_tag": false }, { "name": "TA2541", "colour": "#201A5F", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688040838, "uuid": "bcc64c9d-c29e-4e68-91b3-1bd02974b9e9", "comment": "Malware payload (QuasarRAT)", "value": "a602e495ac8ef6208281aeccd5602740b94b816d2616e670dfec1badd3a9a6b7c6896fb0e726e030cbb3eb37ca913aea", "object_relation": "sha3-384", "Tag": [ { "name": "QuasarRAT", "colour": "#359B0D", "exportable": true, "hide_tag": false }, { "name": "rick63-publicvm-com", "colour": "#D579FD", "exportable": true, "hide_tag": false }, { "name": "TA2541", "colour": "#201A5F", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688040838, "uuid": "2e4edc43-4455-4c49-95dc-2ba9707e5b54", "value": "T12524811232E6112571B23B9DAFB2D1744B1BBB995A7E833D19FC250A0FE390084E57B7", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688040838, "uuid": "7ff31ad2-61f9-4ab9-8a69-07d8d045f387", "value": "3072:u5d6525555555e555555555555p5555nun555tN:8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688040838, "uuid": "189f4833-9254-446e-b3ed-73b23e8fe7de", "value": 218432, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688040838, "uuid": "923845af-c1d1-4d43-bc74-4167f5733961", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688040838, "uuid": "97d094da-f6fe-4fe0-9293-0443ca86a150", "value": "Purchase Order_PN135787.vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ad1fab14-16d7-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1688082607, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688082607, "uuid": "77d29352-7658-45fd-86a9-d81e0ea90b08", "comment": "Malware payload", "value": "92172760c300dad99b93c05d31791bcf", "object_relation": "md5", "Tag": [] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688082607, "uuid": "beefdb9d-03a1-46e1-9c6b-7742a30debbf", "comment": "Malware payload", "value": "896e3ce450aca51f13b0103371e4fc5ab43865b627f6fd017a85b6709c630b85", "object_relation": "sha256", "Tag": [] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688082607, "uuid": "6568856b-be40-4a5e-b9c0-8e29323563f1", "comment": "Malware payload", "value": "84e3423c07662b90e975a75dfaf79ab6d8dfaa93", "object_relation": "sha1", "Tag": [] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688082607, "uuid": "5494464d-c8d7-4580-be3c-c91babeb93d1", "comment": "Malware payload", "value": "722abb75f0e2873aec2805196be1048305d8ccdc78b4593e58e08d0488dec59d0ad9e647fc1b96210e7dd7a4579b60d7", "object_relation": "sha3-384", "Tag": [] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688082607, "uuid": "1a7897a7-7f27-4346-92a2-153b969273e2", "value": "T157632995BC819B17C6D462BBFB1E418C332623F8D2DB3207CD216F11778A92B0EA7655", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688082607, "uuid": "16b999e7-a43d-4892-8c30-5b61f831e9c6", "value": "1536:e5ZbYKECky8QdCQ1yWb+9tQ8t5fHZU8ukZxYgWPvnR:e5ZbKFQcQ1FythbBU8BSJnR", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688082607, "uuid": "9e87541a-3956-4b2c-8248-9940fc2913fc", "value": 72368, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688082607, "uuid": "77f16a42-7708-4195-8ddd-0070560e5bea", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688082607, "uuid": "f0f7bd69-b392-488e-9b41-e8cc08c88c27", "value": "jklarm", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "83a12ad4-16c0-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1688072659, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688072659, "uuid": "43e1d7fc-5828-41ff-a657-e8df4e907a8d", "comment": "Malware payload", "value": "33c483e7e9ad044b3ff553d19b93b22b", "object_relation": "md5", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688072659, "uuid": "32003226-b6a7-4368-a838-11b10e27da73", "comment": "Malware payload", "value": "89b5c7f9836817b8ffde304780068262a5e7c0e5111d25725b804afe70e81500", "object_relation": "sha256", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688072659, "uuid": "9c4a822e-f5c6-496c-935f-97eb5028889a", "comment": "Malware payload", "value": "5df945fedd4f0743ee2d51f5f6f5abe7404496e6", "object_relation": "sha1", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688072659, "uuid": "dd32911a-8c94-4801-b9e9-3783236975ca", "comment": "Malware payload", "value": "c09603699540eb55e44666a3e465f8babb2c4a59ca189688814a0c2b14678a94b667da55d31f72d4f27bd8a93b557384", "object_relation": "sha3-384", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688072659, "uuid": "cdfa9c45-1140-43d1-8f62-a8d657af7994", "value": "T116D4E015BDD2DD7DE11744330543D723EA79A0DCE08AA62BDBE9088B8C21C592B67BCD", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688072659, "uuid": "4aa4ad10-256f-4abc-a216-dc3a43315fce", "value": "12288:irtXBkAcd7M8Ya6bNccOB3ELCeKFJ5DYDip1fldtpA5rs:e8AoM8Ya6fOxELIDYDipGrs", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688072659, "uuid": "989965cf-bee4-401b-86b7-01d0d7803fc7", "value": 599423, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688072659, "uuid": "55f1c52c-77c2-4b5e-8827-c9661cfd1d6e", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688072659, "uuid": "fb873486-8725-48d8-819a-d2692f62fb03", "value": "p13n-minecraft-mod-1.12.2.jar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ab655ed5-16d7-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1688082604, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688082604, "uuid": "d827fe62-9262-46a9-99cd-08d0494e5616", "comment": "Malware payload", "value": "af56a1d9928725bd58f6d5c32d059a89", "object_relation": "md5", "Tag": [] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688082604, "uuid": "4940b090-6578-4813-b01b-b48a97523be0", "comment": "Malware payload", "value": "8d7fc020f22c5f6a3245ee348bfceed2edf8c50a1294401e3f44e95cac650d65", "object_relation": "sha256", "Tag": [] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688082604, "uuid": "3d2bb3d1-145d-43bd-a5ca-c3af718651f6", "comment": "Malware payload", "value": "d44f103d1fb3f6f61207a5869f7fc48c2c8aecdd", "object_relation": "sha1", "Tag": [] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688082604, "uuid": "d9cdfaa5-971a-4ba4-abb7-5ee28738d1fd", "comment": "Malware payload", "value": "0121d5be39cdad7fd2d90be7596dbaef2d7a3c1d8768b00c273e79e57db5cea3cbfdc17afdb5b23dce3ec728710edfdd", "object_relation": "sha3-384", "Tag": [] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688082604, "uuid": "7307c4b2-0db6-4a01-8702-d86110e232d6", "value": "T12D535BC4E693D8F5EC1705712077F7329B72E07A1125EB97E399A932FC42A11E62728C", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688082604, "uuid": "9e65dbc6-8c34-4ce6-bbc3-83e8f718ed39", "value": "1536:MicZnAM0YGK4UV1tRGi7SQ3hfBis61sYou+Vk5Ddsx/Gvd3vvvvvvvvvvvvZYli:Mi0AM0YGK4M0i7r1B/ms+uklE/Gvd3vV", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688082604, "uuid": "54dc0937-da2f-4332-9f1f-b39d7a1e9f3c", "value": 62492, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688082604, "uuid": "b940a6be-0d21-4244-9519-b20c3074de7c", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688082604, "uuid": "a3e79e75-3728-4821-9077-1a75a7a8042a", "value": "jklx86", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7adb01ae-16bc-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1688070926, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688070926, "uuid": "9f822eb1-fa43-49b5-96d7-794aec3187a8", "comment": "Malware payload", "value": "cb415ba3356a02c59695ce3cfd1941fb", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688070926, "uuid": "ad982f29-ee7f-47f8-b77c-9beb07eb6a8c", "comment": "Malware payload", "value": "8e52ae8f15cfd4a9b6729c46d930be659b547bf4cd57876287ba67884e850647", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688070926, "uuid": "eeddccef-6191-4bca-ad89-8a29de10460c", "comment": "Malware payload", "value": "772a95580846c38b4c576b306c9fbf224ebf21b3", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688070926, "uuid": "826f79c2-9a5a-442b-9124-3c7f8faf9c27", "comment": "Malware payload", "value": "489852a5ec75e53b943e837e82f7d89e4a9e4ab05cd5ddc00aaae99dc27e4c8c084dfabbf44068f0115e8531b6fbe043", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688070926, "uuid": "3653a994-c46d-444c-92a9-71ffb35e1c13", "value": "T187357E07AE9104BEC5D5C570876FD133BF31B44D12223A7B36D8AA343E66E246F1E692", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688070926, "uuid": "2e820c89-5434-4bec-94f1-d2f046e3cfc0", "value": "24576:+nRmhdOvfPqA4whgwXrwZcrTuIhQPbhq77Cw:ymhdOvfCShgwXs2TunqF", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688070926, "uuid": "d6a355ad-bcc3-43ea-aaf9-609d1e7bf127", "value": 1068640, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688070926, "uuid": "ac0aa79b-1853-47fc-9ba1-4da1bdad2d23", "value": "application/x-sharedlib", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688070926, "uuid": "a757ff7a-3991-43bc-afb6-5219bccc8efd", "value": "shell.elf", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "655d6e99-1679-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1688042114, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688042114, "uuid": "a77c25d9-572c-4e02-abc2-9fe7b40e23a8", "comment": "Malware payload", "value": "2e8e103585a4ac49263cdcdcb30d5718", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688042114, "uuid": "fe66f62c-5bbf-4840-a129-658d702f1126", "comment": "Malware payload", "value": "8f9efffba7c859c753edb8682b53fea3d39de1a0b199b5cac8e8988bca7c5119", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688042114, "uuid": "83effd76-484f-4c00-9d69-d553f42138fa", "comment": "Malware payload", "value": "8e6a4ad280fc912aa5c9bfe28f991da9eaae8af5", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688042114, "uuid": "3c644c7b-736c-48a4-9c22-8260c1a53e1a", "comment": "Malware payload", "value": "6d833222bb7e7d511a6ecdf427158f7c01313bc1b9c26652367864037ade8d35f4343713c15dcc3ba52d426ca7a061fa", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688042114, "uuid": "eace4409-479a-4419-bee0-028c8ddd0af3", "value": "T1A522B6765F9A0971D3518AF861BE790304B96B0647AC59E3CFD00C0E7CA46EA2D32AD7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1688042114, "uuid": "c13264e6-b6e7-4550-a785-2094db31eaeb", "value": "eed76f52bdfc4695e3635fd281dbe35b", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688042114, "uuid": "288c865b-bf9e-4cd6-9745-83fd4654eef0", "value": "192:26b2zATvBhZ7+5QnIQYe+qfaSdXIpp12Cu:Nb2z+uiDiSdXc72j", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688042114, "uuid": "6ab9ad71-30f2-4d48-b068-881217810fc1", "value": 10240, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688042114, "uuid": "2a941bac-35a4-41c8-ae45-986ac00e5b62", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688042114, "uuid": "ee3903a0-1704-4584-8677-a358b3afa78c", "value": "SecuriteInfo.com.Variant.Tedy.391406.23594.31231", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "234e37d6-169b-11ee-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1688056606, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688056606, "uuid": "ebd24260-f816-449e-8f55-2a845220b4c3", "comment": "Malware payload (AgentTesla)", "value": "04d4f55b839a1d2f2335220f37de7686", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688056606, "uuid": "7d4bd8b5-b982-4128-bcca-df00f7c63454", "comment": "Malware payload (AgentTesla)", "value": "8fa741885aa3008210667909c5dc93bbd695bfa9f10b808f329e70a87dbbc262", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688056606, "uuid": "11fb0d2d-daab-40d9-9e0d-18b015a0eaad", "comment": "Malware payload (AgentTesla)", "value": "4f463e70cc5d382e8eb9662ca748447811ad3153", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688056606, "uuid": "a7283ba1-d53c-44fb-89c1-2ddf43d9df47", "comment": "Malware payload (AgentTesla)", "value": "72a721b55ee0b43d677649fbd5a8de6a13eada02a8f25389e528187d9f2988002621ac68e3fbfd4d623ea0ff9a55c7db", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688056606, "uuid": "e6cecbc8-15d9-4174-b60e-ff62d1837a98", "value": "T166E4493829BDA327D178D7B58FD58423F7A4952B3026EAE5ACC253D54352F1229C323E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1688056606, "uuid": "5c55ee3b-c550-4e53-8e70-9d239cf04fcb", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688056606, "uuid": "a22c7c7d-8400-42ec-a5be-bc1792e484ab", "value": "12288:W9XncUB8m9VZ2oVHoomvEbJhGYVmxI0/l5UX5yaz15/OO:u8GxQvEvVmxI0/Py5yaz1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688056606, "uuid": "387102f5-c0e0-456a-b6bc-d1ecfd2ede46", "value": 688128, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688056606, "uuid": "2c683fd7-6006-425c-8478-f3b6b5883722", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688056606, "uuid": "c71c8c9c-c247-4910-a503-493181c2a953", "value": "RICHIESTA D'OFFERTA A EDILGRAPPA SRL_PDF.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1fd20e59-164a-11ee-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1688021811, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688021811, "uuid": "44505bd6-d4ca-4652-a4e3-5487668c77f0", "comment": "Malware payload (AgentTesla)", "value": "1e45e3dfcd88e2c96fbbd3d93d57c9c5", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688021811, "uuid": "57f1b186-7955-4990-ab11-79bb0e5b39c5", "comment": "Malware payload (AgentTesla)", "value": "8faf480c1ae966b6f4f2656368ec83dca9ab004811cf330083afc56043735a5b", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688021811, "uuid": "ecaf3b7d-9cc7-4644-a754-c1d378cc02e0", "comment": "Malware payload (AgentTesla)", "value": "8b4f5178a7c9f2958fa584e56da2b3c72ad25452", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688021811, "uuid": "b876314a-3114-4b64-b6bb-09aac5f5b899", "comment": "Malware payload (AgentTesla)", "value": "a1a18c3301e92e37b7e444c0fc50f55d0f4309702757d6161fbd5c12132b1be3014cc00e4c210e2dfbe9aadad248fffb", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688021811, "uuid": "34245d50-8e4b-4d02-a0f7-dec3f8190e73", "value": "T192D4AEAC765079EFC857CD328AA81C64AA2474BB430BE243A45716ECDE0D9DBCF145F2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1688021811, "uuid": "af905bab-3889-44f7-a389-3e03c7405b7b", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688021811, "uuid": "9929006b-26f9-4afd-8ddb-d77e67099cc7", "value": "12288:a2yaeQqCFdvjuFn+yif3THcqENjHC9fbWe/eRMP8apCxzVPKjuAuzdPpf+G5ZTn+:DyEqCTaFaHcq+HgIMPn8xzVyju", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688021811, "uuid": "4ff65991-9175-49cc-9b27-212605efd98b", "value": 626688, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688021811, "uuid": "ed92949b-bef9-4bee-8572-47dc04d362d8", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688021811, "uuid": "f2c249af-9c3b-4234-a6bd-79f6a4744c69", "value": "Payment Slip USD$78,985.23.pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4e28f7d1-16cf-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1688079012, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688079012, "uuid": "b85debbe-85eb-4da6-831e-d9c5809b6c8b", "comment": "Malware payload", "value": "a007e09a21192116e5f1d0470782c026", "object_relation": "md5", "Tag": [] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688079012, "uuid": "2aaae5ac-5283-456d-85ae-345231ddebff", "comment": "Malware payload", "value": "8fc16237e29de4cc94f6d17d8bd316b09f246580d416a98e9e8c317ddafabd56", "object_relation": "sha256", "Tag": [] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688079012, "uuid": "ca5be8dd-6876-4096-b1f8-68f192eee47a", "comment": "Malware payload", "value": "a88f206648b0ecf0df069f516dcabb4e3c911611", "object_relation": "sha1", "Tag": [] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688079012, "uuid": "78a9702b-9a4e-44c5-bc16-74c372770cf6", "comment": "Malware payload", "value": "74bf6e14ddbd65607bea7175c2452a093365af38eb8fce8041b9d415e7ad9c934c9d7758d65a82b7fbec8d1037173f72", "object_relation": "sha3-384", "Tag": [] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688079012, "uuid": "17d22370-7fd0-45b0-8397-18203c027ac3", "value": "T15153B519BF610FB7EC6BCD3709A81B0538CC644A22A87B367934D468F64B25B59F3C64", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688079012, "uuid": "7442d59f-611a-4da1-97c2-da3f1c6be9b9", "value": "768:iAVWeGUx4YGMmmOwCw5BheiTebiQ2ZFVyXiSA7mWzkCwE:iAVWds3O9wxjTIitZFVbmaoE", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688079012, "uuid": "e6024099-4b00-4b38-b006-df21a527f6dc", "value": 61080, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688079012, "uuid": "e97024a9-73fb-4e50-a85b-0259d99c2af2", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688079012, "uuid": "a08bbb67-81d9-4dfd-a772-c21fc78a612b", "value": "mpsl", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d2c8086f-16b8-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Empyrean)", "timestamp": 1688069356, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688069356, "uuid": "a1fee9ad-6dda-415d-afa2-7bfe7551b570", "comment": "Malware payload (Empyrean)", "value": "dd73187d28a15e897b164065b82831f2", "object_relation": "md5", "Tag": [ { "name": "Empyrean", "colour": "#C6F573", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688069356, "uuid": "b9538834-f8d7-404a-a1db-5e08baaeae38", "comment": "Malware payload (Empyrean)", "value": "91b9f93b7f647db0fb9c86cd498035b13282fc1210e10bce00f86fad2a497c6c", "object_relation": "sha256", "Tag": [ { "name": "Empyrean", "colour": "#C6F573", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688069356, "uuid": "08ebbf4d-a5e7-49cd-bd18-ffedd449dd74", "comment": "Malware payload (Empyrean)", "value": "d3cc9ea1419b977c8a66935c0c327f18f6712182", "object_relation": "sha1", "Tag": [ { "name": "Empyrean", "colour": "#C6F573", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688069356, "uuid": "72cdc336-21ba-4e94-9c6f-c21c2f1bc30f", "comment": "Malware payload (Empyrean)", "value": "4830fd6ac06614147f328e70970c9f769e7a505ef4ba485cb97bd1700d32a5a66dc5674677e22f12622fae1cdd005f5e", "object_relation": "sha3-384", "Tag": [ { "name": "Empyrean", "colour": "#C6F573", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688069356, "uuid": "6916e6d2-3e45-455f-81d9-ef0fa461cd30", "value": "T1A31733E4625905A2E8E6543E5C0FCC761167FD8523A4D8DE83F06A388F637A62D3EF50", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1688069356, "uuid": "2dfd1c26-fb12-4056-ab4b-cabdb789cb47", "value": "1e92fd54d65284238a0e3b74b2715062", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688069356, "uuid": "0337990a-aef7-419f-8e8b-07ec058a1e2f", "value": "393216:UqPnLFXlrjQpDOETgsvfG/gkoMvE4gbNJHLkp:1PLFXNjQoEox2P", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688069356, "uuid": "842d53a4-a653-4a4b-859e-78c44956bd64", "value": 19590729, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688069356, "uuid": "fb960ba4-6ed1-46b1-9bbf-75fddb5284e4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688069356, "uuid": "ca224eee-aeda-4466-974d-b6c822fb44c3", "value": "ACER Bluetooth Adapter.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "82525506-167d-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RemcosRAT)", "timestamp": 1688043880, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688043880, "uuid": "bcad952f-5870-499f-96db-837286ebac46", "comment": "Malware payload (RemcosRAT)", "value": "d2f4bcb2b72f7f044c5c463d59b7d532", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688043880, "uuid": "53998c91-71ec-4ae9-bae2-f72ac7e00d5b", "comment": "Malware payload (RemcosRAT)", "value": "92e494319d7ee8a055f2fb64bd5f3ed051877289a0948f1e53b485799613b16b", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688043880, "uuid": "9d3b3766-f652-4d5f-93f3-afba2c2c100c", "comment": "Malware payload (RemcosRAT)", "value": "c2a036d251fad0a608a07459a56874d14fad0aaf", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688043880, "uuid": "0bc4131d-407a-4e0a-a10f-f7f87527534a", "comment": "Malware payload (RemcosRAT)", "value": "f9f7c54a07019308c8b59e033b3931bf11875f6bd10d5ba8ca1fc2ee899314ba89a93ad62527f861ac9fc6eff08afb48", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688043880, "uuid": "68bec463-17a2-4c6c-82d9-ee8172d09639", "value": "T195A4AF02BAC1C072D57651300D2AF775DAF9BD20183A457BB3DA1D9BFD70190B63AAB2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1688043880, "uuid": "250cc8fa-92c2-4667-b270-7528a80ff60a", "value": "04d77d421b8e5297898a3fce39d74267", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688043880, "uuid": "cb41b988-f923-4087-9e03-fc96903aee45", "value": "12288:PRXxReZj3WZfj/2eSseWFaIe2+f8CL47bs/Zf2BDU:Px7cyF2eSsewS8W47eZO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688043880, "uuid": "593b769e-38c7-4517-b1c8-950ce2ee8764", "value": 492544, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688043880, "uuid": "4dbad712-6ea1-4877-87ea-069ce58c28b8", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688043880, "uuid": "fa1977d5-588f-430b-84fa-f04b5de90b19", "value": "decode_c840eacf78fab9118d8746c47c4c033b13be456fc6cd7350c07b5dac352c3ed9", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "dce032b5-1679-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Netcat)", "timestamp": 1688042314, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688042314, "uuid": "fdb73c64-384b-47c5-87b0-1dd2584d4e9b", "comment": "Malware payload (Netcat)", "value": "f6f26dc4793397b2086b9f6307375934", "object_relation": "md5", "Tag": [ { "name": "Kevlar", "colour": "#23DAF2", "exportable": true, "hide_tag": false }, { "name": "Netcat", "colour": "#B03423", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688042314, "uuid": "8b8737e5-2494-45a9-ab7c-0fca8013c0ab", "comment": "Malware payload (Netcat)", "value": "93c9db22ed94156713eb53b502e272e2073a0ca3dd7cebcdff882ba40d674caa", "object_relation": "sha256", "Tag": [ { "name": "Kevlar", "colour": "#23DAF2", "exportable": true, "hide_tag": false }, { "name": "Netcat", "colour": "#B03423", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688042314, "uuid": "d5471d3b-18ea-4344-b67d-1306761f1b6c", "comment": "Malware payload (Netcat)", "value": "aa54a509768d85162d84b3e222716a3c5c866d6f", "object_relation": "sha1", "Tag": [ { "name": "Kevlar", "colour": "#23DAF2", "exportable": true, "hide_tag": false }, { "name": "Netcat", "colour": "#B03423", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688042314, "uuid": "6fe0c15e-a007-41fa-b725-91b617c84cb4", "comment": "Malware payload (Netcat)", "value": "1228f0b44efbaa5a2ae41aa4084464578c729de5b010bb43439ea5da90355f19d88a9b34b6f96a0e407e914f806bcae6", "object_relation": "sha3-384", "Tag": [ { "name": "Kevlar", "colour": "#23DAF2", "exportable": true, "hide_tag": false }, { "name": "Netcat", "colour": "#B03423", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688042314, "uuid": "69f4ef1e-3ac9-418e-9d9e-cf2f1be5df75", "value": "T1AF21E008EC8FC4A94272E29742B1E869D7D53184F5B6DDACBB40D44520307E8AA3969F", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688042314, "uuid": "bbc25ea4-7956-481b-b18d-264a0d770fe4", "value": "24:NqLKAn8LuyvZIfZmRr/wZ8u4RUq54fD+mW/4U8np/M:Nq+cN1UBrOK2oQUGU", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688042314, "uuid": "5e6842f7-80a9-4f40-af19-1a06967b393b", "value": 1287, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688042314, "uuid": "a8f0a92c-1e95-4fa7-9175-ca901c8a3747", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688042314, "uuid": "cf3192a6-bb00-414d-bbdb-77cd090f0503", "value": "Curriculo_Atualizado_13.VBS", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "64c584e2-164d-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1688023215, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688023215, "uuid": "07ce1a41-6d11-4f99-a757-55312277acfd", "comment": "Malware payload (RedLineStealer)", "value": "f5c0a61c1a0aa2539f5875dd225ff848", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688023215, "uuid": "5f8c1072-edbb-4d30-bf6f-9330384f563b", "comment": "Malware payload (RedLineStealer)", "value": "95ed2131417003d8577c9236223d2c28be96657732a61f29361cd447856b0aff", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688023215, "uuid": "53da0c33-5cc9-4165-a579-5dac50c610a8", "comment": "Malware payload (RedLineStealer)", "value": "b185a2419012029f7969b01efbb3dfc9b21fdea4", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688023215, "uuid": "caa10899-1e9d-4302-bb29-4c409a6b7019", "comment": "Malware payload (RedLineStealer)", "value": "3ec116332f0b606b05519e99417ee6bfefaa59ce5a26d5fe9160e57ad30317469d2a9d24bfcde6b2cf82f3e8e54a221c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688023215, "uuid": "15592bab-7099-4c86-8a51-fd3c7a1fc0ce", "value": "T1EBE4BF213FA49980C3AA8479C8FB451C12F8DC022672CFA7AE5636DF5972B12FD519DC", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1688023215, "uuid": "f5587165-ea03-41f6-9f33-090f6c8f166f", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688023215, "uuid": "4c855935-a052-4ae0-8901-bb84cb67bd0b", "value": "12288:5KzEqQLyOh8w590ZMqk54eWRozg/o/yyAreWz2p4V2lOT:MInGOht5u2qAcRodaTeAr", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688023215, "uuid": "6e8142fb-c1da-40ef-94df-a328416c5ac7", "value": 662136, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688023215, "uuid": "6c9a413d-c958-4322-9ccb-cab0a2159f71", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688023215, "uuid": "f5d33aec-ac01-46c8-8c97-ae4be612d394", "value": "f5c0a61c1a0aa2539f5875dd225ff848.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "34ca6ffb-16cd-11ee-b3cf-42010a9c0076", "comment": "Malware payload (TeamBot)", "timestamp": 1688078110, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688078110, "uuid": "42dad429-84b7-4550-9c5b-4291a5cdf68d", "comment": "Malware payload (TeamBot)", "value": "8498a90e5079ab50533e2471231b044e", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "TeamBot", "colour": "#0020E9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688078110, "uuid": "67382d44-90fc-4097-8fb3-c94867c8800a", "comment": "Malware payload (TeamBot)", "value": "97ab7127415539a6b8bdc06b8eb7089a1add34b62d1026f94b8f5c4efe393f19", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "TeamBot", "colour": "#0020E9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688078110, "uuid": "158bf4ec-0664-48b8-9b32-1f72a03c9726", "comment": "Malware payload (TeamBot)", "value": "2beae16d2f563c4d48502b72cb11f4247995790f", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "TeamBot", "colour": "#0020E9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688078110, "uuid": "38b2d0b5-bbda-4aca-825c-20dea6a2c226", "comment": "Malware payload (TeamBot)", "value": "533148fb154b3cc6aaab9e7662b9dad320e9e2958d80d4a87712cb56f1492a75e249cbde7f8a240516b6ac64e72d4af9", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "TeamBot", "colour": "#0020E9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688078110, "uuid": "fe8ee468-2624-4989-be5e-4989ac634f5f", "value": "T1B9445B1362AC7F60E4E54B3E8E3EF2EC761DB6504F59776A12285A2F19B12E3D172700", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1688078110, "uuid": "d4dc3e9a-31d9-4962-9781-5d2bebbea0e9", "value": "7df7cd62d521a0373722870d17467bbf", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688078110, "uuid": "7431f0ec-14da-4ab6-970b-c62017bdc797", "value": "3072:o82arJnmvhgShgPeWJdyOraKE8k6q3CP2VgiLKqu1:tRpShgPeWqOeKhk6qk2Vgi", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688078110, "uuid": "5e6c16a5-8bd5-499c-9f7f-d1639ae4ff40", "value": 277504, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688078110, "uuid": "7f3f429c-f853-4c5b-b1cf-29f54429f0be", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688078110, "uuid": "63f3cac7-d5ca-4733-9646-831b096c648c", "value": "8498a90e5079ab50533e2471231b044e.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0e4d8089-1676-11ee-b3cf-42010a9c0076", "comment": "Malware payload (GCleaner)", "timestamp": 1688040679, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688040679, "uuid": "0b50d460-5ea1-4ab8-9603-cf55e70abae7", "comment": "Malware payload (GCleaner)", "value": "49ee8deeb69f94cd14a9e69fc1490b81", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688040679, "uuid": "43be39ca-e7d6-4b31-8335-e4cca372a5c3", "comment": "Malware payload (GCleaner)", "value": "97b2cf87489857dd47af7dbda3da5edd6e9ddc0c5cecbed9b74105a46cebe7e1", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688040679, "uuid": "f2e891a9-0fcf-4eb7-85bf-ab1a97541890", "comment": "Malware payload (GCleaner)", "value": "40adc0ebaf2137c67392cccb2210c12c2ec24767", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688040679, "uuid": "1d7ac0dc-458c-48c5-9669-2dff8b543d6e", "comment": "Malware payload (GCleaner)", "value": "22c37d8abd63c3b3394242b20be2267afa2429bc085f94bcfce149a115cbe8d86f381b5c625aaa991564f682d7013be8", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688040679, "uuid": "c1ecaef6-f492-4a84-8f99-d45e597bf423", "value": "T195845CC362A03D5CF5254F328E2EC6E8BA0FF9504E197769A2189B1F05F21B1D2FB651", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1688040679, "uuid": "66ac7683-90e6-4405-a5fc-f92f8a15299c", "value": "735a07b48377a1865081819d76cd8354", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688040679, "uuid": "9e82e4c7-b850-436e-9fff-ab13c8c17fa3", "value": "6144:us1xjhqbqZlwXv/JdHwBU+EXvB385URXwZH83WxiAG:uW9qbqZcXJL3XN82RXj", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688040679, "uuid": "fc829fa5-806d-45df-8bf0-b4df2daa0f02", "value": 389120, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688040679, "uuid": "709ee50a-db18-4b68-be1c-65e306ee37db", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688040679, "uuid": "9b2272f9-3b8f-4d22-b2cf-85d57b95e6a1", "value": "49ee8deeb69f94cd14a9e69fc1490b81", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7e4e2c6d-166f-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RustyStealer)", "timestamp": 1688037861, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688037861, "uuid": "4aede9f4-a183-4d28-b083-7dcbdb79013a", "comment": "Malware payload (RustyStealer)", "value": "be08191d7e8244cea1a039d8598e99a8", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RustyStealer", "colour": "#889E80", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688037861, "uuid": "d7063be4-8f71-4738-9d12-1b83824bfc62", "comment": "Malware payload (RustyStealer)", "value": "996e309926b02a16abd278caa3490e3d61345fdf20767a46257d155aa107c349", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RustyStealer", "colour": "#889E80", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688037861, "uuid": "ce7363fb-c05e-40cc-a2dc-467cb554280e", "comment": "Malware payload (RustyStealer)", "value": "ee1a02341268aa6d5053f721f0537a50ff4b00f6", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RustyStealer", "colour": "#889E80", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688037861, "uuid": "645910df-73b1-46d0-914a-fd1ca09f837a", "comment": "Malware payload (RustyStealer)", "value": "eed1aef174338ccc43cfaaa6d2e9eaafbcd1451c8a9c52e8fa65b2656a31e5f27cbefbf9f0d3687eba94bb5c6f03949a", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RustyStealer", "colour": "#889E80", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688037861, "uuid": "9f42c3fe-90cd-474c-937a-a8ee9247a4b5", "value": "T108B51242FBC48FE7E954A7348097A3157376A8099F17D7573788A1307C873DA1EA82E8", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1688037861, "uuid": "b0da4f7b-b6cf-4f1f-aca1-36220b1d4bc4", "value": "f752eaa70063307669b7ee7152a70508", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688037861, "uuid": "33176f6a-180e-4a71-bca0-b6f7f7719fb2", "value": "49152:uWFft7YhvynkjhBGfqIUh2Gbf0UjImwtPA0Gm5ZNjOU0JpjiJZL2tkT5o7C:hFlkAcrYqgzUkLZNjOU0rjgtVoG", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688037861, "uuid": "a03e6b92-112e-42cd-bf7f-ffc9cf2af8ec", "value": 2317824, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688037861, "uuid": "27490ef5-188a-4a15-bff1-71a505fb6b59", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688037861, "uuid": "47c3ba35-5501-4fe7-9d3e-9d67c042ec2d", "value": "wps\u5b89\u88c5@3164.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "090b9eea-16a6-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1688061286, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688061286, "uuid": "0c75d7eb-60e1-4fd9-9173-d8ea792f5a4d", "comment": "Malware payload", "value": "f857a8578bb0bc8bd9046dc95bb1904c", "object_relation": "md5", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688061286, "uuid": "a912cbba-240d-4d26-853c-ba22c6702eeb", "comment": "Malware payload", "value": "9a014178ddd4a0f7ec8cb639dd27f695d8599cb224efded5cd706faec9fb1e11", "object_relation": "sha256", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688061286, "uuid": "d1fbbc22-1404-47c5-b5e9-633b01cfb901", "comment": "Malware payload", "value": "50bbd3825571add8a74ec9efc35516410b7e33d4", "object_relation": "sha1", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688061286, "uuid": "c569d224-c859-4510-83c3-0e831ee74187", "comment": "Malware payload", "value": "217444c386c70d12dbb53ec32e363e1b23349ad79cbc4430d74a0be14f16b130991da8b976e00dcb558a87ea9783b885", "object_relation": "sha3-384", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688061286, "uuid": "6dab19d6-10e1-4a0c-bf3b-c25f895b6a7c", "value": "T1BD463325A816AC8892BC8FD148911E5367962EF50C35FF37A87823F35AC06F697B4731", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688061286, "uuid": "d2c522ca-8f89-42ae-9753-af4ba63ba4ae", "value": "98304:kNN1LxxercOR4pZX7Wow5C/uFi4mYHKnn0Py5/CCo+vzm0JQ8WBiELXoDMbtvAj:oLxa6l7WoMCGM4BHI0y5/CCXvK42BiE4", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688061286, "uuid": "39eb5ac7-8e63-43c5-ac47-e5ac9d121817", "value": 5496885, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688061286, "uuid": "18f0a30d-0edb-40d4-b8be-0cf1d394784c", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688061286, "uuid": "f41ce43f-55f8-4c5b-be43-be20b59e5485", "value": "formularioimprimibleCLE.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8d663aa4-1662-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1688032302, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688032302, "uuid": "02ee2270-bf89-4544-ba9c-92d1e028bd72", "comment": "Malware payload", "value": "07c9e673646706924ea0905bcd35b2ee", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688032302, "uuid": "93d9f6e2-3318-4dad-a6f9-f928094f898d", "comment": "Malware payload", "value": "9a45d0da71a6602ac36e245ce581641ff64a4d7f393c4e62457def304a6a115d", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688032302, "uuid": "5e9875cb-713b-45dd-9109-46f8718f7cd2", "comment": "Malware payload", "value": "bccbc29e740e4e00c9b467f24dee5b76f43519db", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688032302, "uuid": "4c2ba5a2-79a8-4e0f-a9f7-cee6df29e906", "comment": "Malware payload", "value": "2a1dacd30489eaf3402615a9d5ec8e9e986838aab5a2895c861241068e23c22d3547f689b1b21e8158f8463202a2f36c", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688032302, "uuid": "17613418-4da9-4364-9431-f9c1429a3835", "value": "T1AA75014A6BF14F13C3946B3CD5A3481967A1E25A76B7FB0F2E4912862E137718F423D2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1688032302, "uuid": "bff3b19b-5525-4a9e-ace3-e2dedbf155b6", "value": "dae02f32a21e03ce65412f6e56942daa", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688032302, "uuid": "f4405d07-532e-4590-9c40-4fb7dbbdc71b", "value": "24576:0HwI3IdC0QCCPbzDLQJtY6u6sIFzeqZND2OwLAV0lxDJO/ZgU4L2/qNKO:2WtPCQJtOxIF6qD2OwK0XM/ZgDL5N", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688032302, "uuid": "f2da2444-77ec-45d7-802a-e62b9a474c2c", "value": 1626112, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688032302, "uuid": "3d2babcc-58fd-4546-a940-ca92e5899dbd", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688032302, "uuid": "599ae9d7-841c-47f7-8b62-3d6ca11af50b", "value": "data1.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4bdfb6c1-16cf-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1688079008, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688079008, "uuid": "0ecf6333-f48e-4a7a-9bdb-cc8099f5594e", "comment": "Malware payload", "value": "6f6bbe19dbef887995f828e9c991368b", "object_relation": "md5", "Tag": [] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688079008, "uuid": "421bd0bc-9c38-44f6-bb8f-490e64da035c", "comment": "Malware payload", "value": "9bdec01d0697f6e2b42d7f6ff19f6fd93a17e4c3bf46bb527c64261312dbd2b3", "object_relation": "sha256", "Tag": [] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688079008, "uuid": "b875cf9f-c785-4864-a080-8014854138c8", "comment": "Malware payload", "value": "38f303486649dbede9f69194bdf04a36fb709136", "object_relation": "sha1", "Tag": [] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688079008, "uuid": "d0ccf577-0f31-44a0-82e4-976cd1c0c9bd", "comment": "Malware payload", "value": "c6cdf0b488e9362a3d808b507c730a117bc0d0bbbc9eb96b90b78a24494cf7aa2d6de84ec4ae0dbc288530d581e033e8", "object_relation": "sha3-384", "Tag": [] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688079008, "uuid": "9810054b-cb45-4e9b-88bc-7509e0d03f32", "value": "T1811318C4F553D8F0EC5A06703076EB365E35F1FA222DE553D3A5DA32BC82602EA0699C", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688079008, "uuid": "d978b8d2-4e75-4be6-8c6c-7cbbe03a93aa", "value": "768:xMlB2zs8ssGfrRI6aQ2nEenzGq8uDOycN95VlVs:YYzs8ssGfrRI6aVnEeKWOrNrVla", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688079008, "uuid": "6c9f5820-538b-4fd4-9792-ac6b71c5d1f8", "value": 41776, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688079008, "uuid": "aa985673-5ec9-4268-b507-d79dc75b1b5f", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688079008, "uuid": "ba83eacb-f550-4863-a755-2412fe3caae7", "value": "x86", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7b5555af-167d-11ee-b3cf-42010a9c0076", "comment": "Malware payload (AsyncRAT)", "timestamp": 1688043869, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688043869, "uuid": "fa5c4715-43f6-4abb-8979-bed238fafa29", "comment": "Malware payload (AsyncRAT)", "value": "ef80281e6e50e2f2459db4e90c34f746", "object_relation": "md5", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688043869, "uuid": "ff5735bf-1815-43fa-91da-e19d2d61e4b9", "comment": "Malware payload (AsyncRAT)", "value": "9c598aa70e8ac580e1555206f5375e6482137f7ce6e346adc925f7fcf1f18a29", "object_relation": "sha256", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688043869, "uuid": "028a8580-ef25-4c40-ba41-62b77b6a8b8d", "comment": "Malware payload (AsyncRAT)", "value": "b5d7a1e8de4a9f49476b82b7fa1d5c8d05f28af9", "object_relation": "sha1", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688043869, "uuid": "1a998689-b9ce-489e-8ebd-808dbd252bc3", "comment": "Malware payload (AsyncRAT)", "value": "8b6243d2d811e2064e470b730781e44993ec3108a6e96dfbdbb1273f1a599709d29711bbd8822104ec206abadc524995", "object_relation": "sha3-384", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688043869, "uuid": "cfe6fae8-6bd4-4f62-8adb-1df29fac5289", "value": "T16F6309053BE98129F3BE8F7469F625844AF9F4AF2D02D95D1C8810DE0532B829941FFB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1688043869, "uuid": "5f6bb811-1b20-4ec7-87fb-229efb5ed717", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688043869, "uuid": "52d00952-c0a5-4bba-926c-bd7a920a20f6", "value": "1536:32wukvF1ak9gcKu5UYFH1oYFPLbQCoR64kExowrPlTG5x:32dkvF1ak9Ku5UYFHV1LbQ5rljd6x", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688043869, "uuid": "738b67a5-98f3-44e0-bf2c-5fc09f75b256", "value": 67584, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688043869, "uuid": "d6c2894c-0100-4e48-8eb6-96ff27665d35", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688043869, "uuid": "064a60de-fbe5-405c-bf20-6f188089bb0e", "value": "decode_5822a45e3f842d6ba3c92b21f88e942ff13b8cd571826188b7ad85771882f5e3", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a812e6ec-1626-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1688006577, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688006577, "uuid": "2ccf449c-bd0b-4b1b-90db-e2be23797580", "comment": "Malware payload", "value": "21d02c0fffc1aa83c072e3fad2bd318f", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688006577, "uuid": "c175b590-d05b-4a5b-ae1f-4fdc7d3b1441", "comment": "Malware payload", "value": "9eabc737fcd4b9e3ee124a01cc30943e31d92a64e177be4e096d42b85359fe17", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688006577, "uuid": "f9c5573e-f30b-44a2-ad46-076eb05206fe", "comment": "Malware payload", "value": "c81da8c4c7e9278c449852b6a619126184aa7f24", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688006577, "uuid": "cf2394a6-3130-47ff-8351-ce6bef7fbeb6", "comment": "Malware payload", "value": "2d6953e0ad36c52b4407ad35c1e2ce0ba49507fb0e94aca0f1d888e14db4a122ac20fc80930d54feab8c5797423ebe8d", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688006577, "uuid": "ab420d27-ac8f-406d-add4-3b787cf5310c", "value": "T1F7752321BAC08571D5761C3605E197B16B3CBE302F79C9DB43882F2E9F325D09A26F26", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1688006577, "uuid": "6733a7e6-4d8c-4e64-8f7e-2f6b8b6d0d7b", "value": "91e96141ed5dbe3bc541c8aad7ff3c38", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688006577, "uuid": "af39991e-33d6-45d3-8e26-022433a7acf4", "value": "24576:JLllLl7tEtoKwZxtY72E3kHkzCs1cbv+5XXW34HVbpwqGrNUp/CPge03sYr:hllL8LwZHY753PzCNT2nWo1HGxqCIbcs", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688006577, "uuid": "bfb846ee-09fb-44ec-b618-2ce027cffba8", "value": 1583141, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688006577, "uuid": "9b7d5ded-c44b-4d22-8079-c6cbbd59e4df", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688006577, "uuid": "7c63d684-056e-41e4-8dc6-c33bc413dee7", "value": "21d02c0fffc1aa83c072e3fad2bd318f", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4f0f876c-16cf-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1688079013, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688079013, "uuid": "58e87256-35ce-4f59-ad00-3aadb7bc2876", "comment": "Malware payload", "value": "b976e0a4984b6ed45ff405319c1bb8b2", "object_relation": "md5", "Tag": [] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688079013, "uuid": "7b092c09-129d-4ac4-97b4-764369dbac72", "comment": "Malware payload", "value": "9f0bcc84b4b8bb2b0b4dac88c3baa121fd1cdab0296c2641af312740935171de", "object_relation": "sha256", "Tag": [] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688079013, "uuid": "b46f7273-d8c5-4ac0-96f2-545ead0b46e9", "comment": "Malware payload", "value": "06c345de1278864edb596fb585d4091bbde73633", "object_relation": "sha1", "Tag": [] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688079013, "uuid": "3e88bfd2-9b6a-4fa5-939b-6986f4594efb", "comment": "Malware payload", "value": "ba34182e4ffa0398c263160258341128667a1e974e135bcc0fbaa87aeda5ffc4c7cedd6a186e9d33ff55aef01eb51ae2", "object_relation": "sha3-384", "Tag": [] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688079013, "uuid": "960bd529-7105-41e6-b006-beea79e59f04", "value": "T117231841B8818613C6E4137AB66E46CE3B2563E8E2DFB3179D221F503B9682F0C67F55", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688079013, "uuid": "bad29065-1a8f-4b25-8217-8b74676f8c20", "value": "768:hRT38FvJsOvEZU3JyvqKVtn9K6/8axU/PoVW3/N+WzHn533LEw:P38Fv+Ovo089wl/z3XBh", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688079013, "uuid": "4222cd01-b1f0-4163-9bcd-792ede47fa51", "value": 46868, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688079013, "uuid": "d943aea1-8198-462b-9d4f-6c3d7770183f", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688079013, "uuid": "2170b419-29ad-4920-b312-0404ff858f01", "value": "arm", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d8305dc6-1685-11ee-b3cf-42010a9c0076", "comment": "Malware payload (njrat)", "timestamp": 1688047460, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688047460, "uuid": "8869916c-3c5e-48a1-af3c-3ff378a341c3", "comment": "Malware payload (njrat)", "value": "06ea5b2fc11dcb7066e00860770e4212", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688047460, "uuid": "5602b6ce-f010-42a7-835e-2441256b3854", "comment": "Malware payload (njrat)", "value": "9f76065163bfff36705d6b414f349be85b59c4bd666226c35defa13768691ce8", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688047460, "uuid": "52586b06-9ce4-4d2a-8880-573bef2e693d", "comment": "Malware payload (njrat)", "value": "a5cd6556d999764db65b51e2787903a6ab48e52a", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688047460, "uuid": "72d22dda-d7fe-4ea1-8073-9f58943ca930", "comment": "Malware payload (njrat)", "value": "1181d85b2c7053110703d7c70f647acf66ba7f3be69e3cacd2d627a9205000dd0792c72c7a4665721ee4207d2e42897e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688047460, "uuid": "d66c05e5-324f-46ce-850f-beed7a4fece5", "value": "T1F7732A4877F54612E1BF0EB5897292221B35FC036D26F76D09D174AA5FB36C08A09FB2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1688047460, "uuid": "9d469813-f348-4127-9e5b-e5dcce4da057", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688047460, "uuid": "7694ecac-552d-4669-b620-87b34944540b", "value": "1536:1VZe+JzWubDpaS5wpOk3JCK6pFokTg6fOpd/9nEh9TG/bJ7R:VOQwpOk5CK6JO/9ES/bJ7", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688047460, "uuid": "a5b79983-f346-4177-a7d7-c987c49d7fb3", "value": 79872, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688047460, "uuid": "c143080d-93f7-402f-97bb-740e7bff36c2", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688047460, "uuid": "c0361905-e44e-41a3-a8e4-6ffdb89403b4", "value": "x55tztSxBzdc.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6551d82c-1626-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1688006465, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688006465, "uuid": "671dbae4-ae6a-414e-be68-ed938d2e7fb6", "comment": "Malware payload", "value": "c1285b8df2599ebe3c8af1b5076d7b2c", "object_relation": "md5", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "stalkerware", "colour": "#D7AE0D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688006465, "uuid": "05042183-32c3-4fa1-a2ea-d7b1acf12723", "comment": "Malware payload", "value": "a05497647a879afec62bc7e916005f729fbfee48cfd56423481e0600061678b6", "object_relation": "sha256", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "stalkerware", "colour": "#D7AE0D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688006465, "uuid": "f869c3d8-9730-4d22-ace1-e1c398c19d6b", "comment": "Malware payload", "value": "6c2c5117609c01ec2869d256ae9c750723099584", "object_relation": "sha1", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "stalkerware", "colour": "#D7AE0D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688006465, "uuid": "3bb29ddf-f7c8-499a-8e2a-e0b6bf78283d", "comment": "Malware payload", "value": "437a402a5b2064e49bb1c7e40b2a029f0545202d82dbed33bcfe95881ebb5856d9ce1c75186618ee0b396d8b14623bf0", "object_relation": "sha3-384", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "stalkerware", "colour": "#D7AE0D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688006465, "uuid": "3e12756b-cf7b-4093-b6d5-9f6207afbe15", "value": "T1D086D09AF796E92EC033307648566731219A8D269E4297C7254C3F2E34B36E84F5DFC8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688006465, "uuid": "a0b0a4a2-f4a8-4d7a-9049-68e53748db33", "value": "196608:vmahQbqtifoW5aL2viPyMi0rS0hw+L3ESj:k2Ef1akaSAwAj", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688006465, "uuid": "224fc00b-0ffb-447c-9b5e-0b8ba9932b5c", "value": 8073628, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688006465, "uuid": "6625a082-a134-44bb-8761-adba4b3a4788", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688006465, "uuid": "ea2880b2-fe39-4532-9e8e-e69c42578767", "value": "Cerberus_disguised.apk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7a39728a-167d-11ee-b3cf-42010a9c0076", "comment": "Malware payload (DCRat)", "timestamp": 1688043867, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688043867, "uuid": "b901df58-c9f8-4e49-865c-5dcaca79f11d", "comment": "Malware payload (DCRat)", "value": "0017d32a6d90b4ac66c483949382b298", "object_relation": "md5", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688043867, "uuid": "f9d82f49-169c-4b48-95b0-19c8d326d61e", "comment": "Malware payload (DCRat)", "value": "a1a917da02bed91c11d1580710acb803b1c81b97625c5026eb669bb13c201628", "object_relation": "sha256", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688043867, "uuid": "4ae4c478-44e3-4194-a6df-cdcabe90a8c7", "comment": "Malware payload (DCRat)", "value": "4d0571f2fa90d299f53f2e98b09b500e8517be41", "object_relation": "sha1", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688043867, "uuid": "ed2dfeec-b28b-421d-9fe3-f30da555764c", "comment": "Malware payload (DCRat)", "value": "dc9a84b8f8dc7aa50b01219cbec3ea92d299051ec78f0f8da19b6b53397363276259bdcb9f36f65393aadfce63b96592", "object_relation": "sha3-384", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688043867, "uuid": "1e1f95c9-b7b0-4367-ae39-a9c0a1f3d594", "value": "T1C7234C0037E8C13AF6BD4BB4A9F292058675D6176903CA5D6CC824EA2F13BC596136FE", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1688043867, "uuid": "080530a8-a043-42ac-9ca4-110aeb510a11", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688043867, "uuid": "9027fcdc-2e12-4cb3-9601-171da192d698", "value": "768:dOEuILWCKi+DiJpji5yXYbegeejnvEgK/J9lZVc6KN:dOtmJdIbhFnnkJ3ZVclN", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688043867, "uuid": "1dc213b7-8fbc-4851-9895-b9c8831ded99", "value": 48640, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688043867, "uuid": "461e1611-571b-4391-a733-b2fc78c76366", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688043867, "uuid": "ac670942-f9c0-4f7d-9176-817dcebeab5d", "value": "decode_0b4d10612b33e871a7943747ea7063a884b3a9fe25cb1df3eb7a493afb175272", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "dcf98192-16cc-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Mirai)", "timestamp": 1688077963, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688077963, "uuid": "b27482da-89a8-454b-90de-821473498ae3", "comment": "Malware payload (Mirai)", "value": "f11b8f43af013f109b5a97239753070c", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688077963, "uuid": "1d5f8c30-7aa1-432d-98a3-d24131c77472", "comment": "Malware payload (Mirai)", "value": "a3d0034b441614b18ba5ab57e2173847018d1570fffaff3c37153be4a7c74f20", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688077963, "uuid": "1e693dd0-a6bd-474a-a185-510df9775cf6", "comment": "Malware payload (Mirai)", "value": "efb238f105c52b73621fca8bb64ee023a41faab6", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688077963, "uuid": "64f41c1d-4d82-4bd7-b930-1982fdb62e0e", "comment": "Malware payload (Mirai)", "value": "30028ad7dc24f542f06f96def3aaba47a89a3be3d7e71205293ebf1b877a4c31897e77265a4e5fc2f238629c8fa9add4", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688077963, "uuid": "20165fad-cc3d-4868-a6f8-780b1742680c", "value": "T15B82C030519F74E5DBE14430FEAD8EC6971A0BF8D1FC36E316586B78C94550611F92C6", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688077963, "uuid": "fa17f088-3412-428f-be9c-9b583714d987", "value": "384:MjlzRV0P6iOwrkom0DRnVATuSlShu6NvmPWtUn+KMaWPWhymdGUop5h5lc:6/V0P6+kom0tVAoNvm+to1Fs3Uoznlc", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688077963, "uuid": "e3c05ccc-f812-4129-8b8f-568e966cac0c", "value": 18488, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688077963, "uuid": "9fc81ee8-36b9-40a6-b6cd-bcae337eab7f", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688077963, "uuid": "cb30ecf3-065a-4f58-b663-2f4ab6b03bea", "value": "f11b8f43af013f109b5a97239753070c", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d7794431-16cc-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Mirai)", "timestamp": 1688077953, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688077953, "uuid": "7980c4b4-fb6d-4cbd-9302-d891ad31955a", "comment": "Malware payload (Mirai)", "value": "dba1746887f9079e902540b92cdd8fd4", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688077953, "uuid": "739bacc9-13b5-4281-a18d-131339b3aa16", "comment": "Malware payload (Mirai)", "value": "a50e80fee3877dbfafc0783f34a082a2693448638b6ceeb09bbafb7d4ee121e6", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688077953, "uuid": "7801379b-2349-4bd5-9c32-d29643310737", "comment": "Malware payload (Mirai)", "value": "7772d0443758b6c53758cfc8b772357350a4c7ca", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688077953, "uuid": "ba2becb2-119e-4be2-b214-42514f51faf4", "comment": "Malware payload (Mirai)", "value": "e8720bf88b2c31a11c450db6a42040fab74ee32a2ceddbc7e95b81a9bfe375c950c09d75da6a3860489609c16982edda", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688077953, "uuid": "66196e3f-9f4a-4ba1-a62d-befa10f5729d", "value": "T1E9230271890E9DB124303C76EAD9D79376F12AB1C6673023D6280A3C2F796131E57E4A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688077953, "uuid": "2f7f88cd-2430-4784-9852-7bbc91c69573", "value": "768:g/TYCoIxdEk+AxoTZAZHFeq8b3ok9q3UELbUXfi6nVMQHI4vcGpvH:gECFd+A6YHAxGLRQZH", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688077953, "uuid": "a20ae33c-6aea-4c47-a609-918d04b09ae1", "value": 46624, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688077953, "uuid": "5012a0da-743b-4236-bb36-2e33d5adbdb6", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688077953, "uuid": "eb9db105-8fc5-4935-898f-79590b74d42a", "value": "dba1746887f9079e902540b92cdd8fd4", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ecbcb034-16cc-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Mirai)", "timestamp": 1688077989, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688077989, "uuid": "fa8494f1-6389-422a-a760-d6ead358c656", "comment": "Malware payload (Mirai)", "value": "1d1a585bc88adfd7942dd5d1d971cc79", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688077989, "uuid": "472b05fd-164c-4421-89b5-7972b52ba462", "comment": "Malware payload (Mirai)", "value": "a70b5df9145e205ff0c3e7d3a64764d27adcef053a146dc676fe3ffe1bcc293f", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688077989, "uuid": "34510280-c77d-4a8c-b49f-6336a338fee9", "comment": "Malware payload (Mirai)", "value": "51799ee26fbc6d7f59ae25ef7610def2e7d99519", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688077989, "uuid": "fa542328-82d8-4215-ba65-ddb94356f4e8", "comment": "Malware payload (Mirai)", "value": "37c314e259c8587515ff8adbbed2cfb9075503fb365b9b336f25fb89f31561ca5318d9ec57c21a43e65277b0fb5aede0", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688077989, "uuid": "57b07d63-fa57-488b-8787-936d2113247f", "value": "T1D4B2C0CD61543084CA8D7C7C178D4A664F6CA1C0BAED9B15E364CDA8B3BEA4F746D078", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688077989, "uuid": "3312ca8d-531d-42e9-8152-ec8bb70fb58d", "value": "768:oCrQlS07dEv0UXqUhvQE+CXQKMQKCXBpb9ZqEWv7:/QlS07FUXqIYSXQKquXqp", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688077989, "uuid": "23fb0c59-7907-4ce8-ba12-32974a8edfb1", "value": 24912, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688077989, "uuid": "cc8f26b2-b41d-494a-9657-2e0a03c16008", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688077989, "uuid": "33c270cd-aac9-4789-9926-8a1cf9fccbc8", "value": "1d1a585bc88adfd7942dd5d1d971cc79", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c2389122-167e-11ee-b3cf-42010a9c0076", "comment": "Malware payload (DCRat)", "timestamp": 1688044417, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688044417, "uuid": "c7f2f7dc-fad6-4ffc-bbfd-061ad40421f0", "comment": "Malware payload (DCRat)", "value": "2d44a4bec4aed9ae9f1f304fa34f7953", "object_relation": "md5", "Tag": [ { "name": ".NET", "colour": "#FD5312", "exportable": true, "hide_tag": false }, { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MSIL", "colour": "#2D22DA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688044417, "uuid": "4123e7c4-f1d3-4230-adcf-23fb49adf285", "comment": "Malware payload (DCRat)", "value": "a7381b9f80b5e0f8f909a08e05d02953e6dfee996d3be4cb2700c3c4b845e4c5", "object_relation": "sha256", "Tag": [ { "name": ".NET", "colour": "#FD5312", "exportable": true, "hide_tag": false }, { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MSIL", "colour": "#2D22DA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688044417, "uuid": "6924320e-a40b-4735-bd53-d0e93eac44be", "comment": "Malware payload (DCRat)", "value": "007028529fe98088da6421c74a005eb9559e0956", "object_relation": "sha1", "Tag": [ { "name": ".NET", "colour": "#FD5312", "exportable": true, "hide_tag": false }, { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MSIL", "colour": "#2D22DA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688044417, "uuid": "5cb4d632-e461-4b2f-9e45-c7860addbcdb", "comment": "Malware payload (DCRat)", "value": "083fee65705b8f39e6d7bee8510b8fc390b5866c1f8a0542b1fc2504ba587d9933b87cda197c29d42d6a758800818c92", "object_relation": "sha3-384", "Tag": [ { "name": ".NET", "colour": "#FD5312", "exportable": true, "hide_tag": false }, { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MSIL", "colour": "#2D22DA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688044417, "uuid": "af993f42-55b7-4547-8e6d-2a7810686a2f", "value": "T116B501C4F646CD64E51B1174886AD0B32A04ADB9D511610E38E8FFBFFA3375C602DEA6", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1688044417, "uuid": "c2524a59-8758-416c-b111-98cd0af531c9", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688044417, "uuid": "c0ae9b9c-360f-451f-b4c9-0c96b2397b69", "value": "49152:Qv8aX5CkppkXys7FoptBZ9dqmBCcskYpF:Qvf5CZiuFoFZz8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688044417, "uuid": "2ab302e2-06f0-46f7-9da2-ebddf0895d5d", "value": 2415104, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688044417, "uuid": "ce80b791-dcae-4dc7-8eb5-c47a49e5c650", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688044417, "uuid": "4ef90a6c-3e9c-4163-a351-4185cfcab628", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e3640897-1688-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1688048768, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688048768, "uuid": "b77a72e5-b308-416f-8521-fdfc854f4215", "comment": "Malware payload", "value": "84ae3b1643c4d9c252533524a3170903", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688048768, "uuid": "cc11075e-18b3-4927-bfc0-fd6f1d849ef6", "comment": "Malware payload", "value": "a76216049cbe6154855a8bdec8c3a3d267cd367e3bebffffc367218c8aeabaae", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688048768, "uuid": "5a3a6c2f-ec3f-49a3-91e8-b1aa219044e4", "comment": "Malware payload", "value": "7bb78cf0f5a4d88766534d62236832a3f64e3ae0", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688048768, "uuid": "e96cb96b-6d47-46de-9acc-f1a1aadbf6ae", "comment": "Malware payload", "value": "5050fe2c4ec7f4910fdd9df20ea2a0b18e4cf45c505f0e7b49c020b5dc828ac6b0ea271faf66b693b424b3c220ede5b3", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688048768, "uuid": "ea64eff6-6629-4c47-86c9-ab7bacae44aa", "value": "T13F6612C6A7F106A5F72AC03C90E3D48795262CEF1EE495C20E6173699E7364E243AF35", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1688048768, "uuid": "e71403b0-e3c1-45b3-90b8-62eb4a70a08e", "value": "0b5552dccd9d0a834cea55c0c8fc05be", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688048768, "uuid": "c1912eef-d3e0-44b3-8d8f-4633f1ac83cf", "value": "98304:M+zTX4Pf1N2zIh3ET9Y9MxVMOPUh3PdWPEUrJY6AOxbHPS2zh/hQqfvsJ1YPwIu/:MAX4FMIZETKwjPePdrQJ/BNOqAYPL", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688048768, "uuid": "b0ac979d-9f81-4ccb-80b4-557db52653b8", "value": 7055462, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688048768, "uuid": "64d68d5e-4f01-4f1f-9402-ceef52f51708", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688048768, "uuid": "0dc4161e-6297-400b-86c6-303c1f77c84a", "value": "tenki.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "32ddac1c-1673-11ee-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1688039452, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688039452, "uuid": "832bf409-4491-44d0-8fa7-90c1ae8f59f2", "comment": "Malware payload (AgentTesla)", "value": "d04a617442b18068e75cd663a47e7cd6", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "QUOTATION", "colour": "#75C1ED", "exportable": true, "hide_tag": false }, { "name": "z", "colour": "#C882CD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688039452, "uuid": "d4914435-24ba-4681-aef1-d044f52b29ab", "comment": "Malware payload (AgentTesla)", "value": "a7ada72766367d6b9864eaa626904ec074f069c7b1c93c5f48bf8bd8428405b0", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "QUOTATION", "colour": "#75C1ED", "exportable": true, "hide_tag": false }, { "name": "z", "colour": "#C882CD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688039452, "uuid": "f9733825-2021-437d-b6a9-e8a0c35cf976", "comment": "Malware payload (AgentTesla)", "value": "66f86a17e69322798b154ab3a9b10564d4fab101", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "QUOTATION", "colour": "#75C1ED", "exportable": true, "hide_tag": false }, { "name": "z", "colour": "#C882CD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688039452, "uuid": "5afad36a-befb-4dd7-8acc-ce54e187caa2", "comment": "Malware payload (AgentTesla)", "value": "ca564c191971135c05eb8acd9fb7602cc2f602bf579a0de48cebe86295b3280099013a19b124fb08f67dbcff2ffd6ad6", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "QUOTATION", "colour": "#75C1ED", "exportable": true, "hide_tag": false }, { "name": "z", "colour": "#C882CD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688039452, "uuid": "63305bee-1805-4602-88f5-6e33f0f00e74", "value": "T161B423DADBFC7B90E4F148D8B31CA76787C924DD9D01F2E287E1607062A10E6A35F295", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688039452, "uuid": "820bbeed-7eca-4250-a704-dd92217ce724", "value": "12288:/FVkfWrw9MkxsKnEvYhXzPiAHvyPRola7kiyMviWAI:Y6aBxnRtvyIaoic4", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688039452, "uuid": "72947384-4255-4633-aa08-5df0fa86b7e3", "value": 523141, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688039452, "uuid": "8e7fc914-946b-48d1-a241-b90b9132e002", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688039452, "uuid": "5208e4e0-017e-4b10-9c0e-9adc36bd6537", "value": "PRODUCTS LIST.pdf.z", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7fe7a542-167d-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RemcosRAT)", "timestamp": 1688043876, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688043876, "uuid": "01a304af-b282-4adb-9ff2-fba492fb3a43", "comment": "Malware payload (RemcosRAT)", "value": "fef1ced5f2ec41ef50aa6b197ca356b2", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688043876, "uuid": "50735bd2-7052-4538-84ad-237879bc020f", "comment": "Malware payload (RemcosRAT)", "value": "a88132c9eaaae224c518e6bd900b5708850939dcdb65310e06e513a72424db07", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688043876, "uuid": "0b6c4478-68d8-47c8-8152-c2d370657e0c", "comment": "Malware payload (RemcosRAT)", "value": "62efe7ed7a94c1c7c9ea621dcdded5eadfb9ee50", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688043876, "uuid": "10197e65-857f-4a8d-879a-115b833bcb27", "comment": "Malware payload (RemcosRAT)", "value": "319e2263e962a09982a2f15b735542b40f2d609ee8d95bc38308ce322f605a5c30f1a50a6449e153b1c77158cad199a0", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688043876, "uuid": "0325daa2-eab7-41c3-b6d6-fc36d34a620a", "value": "T17BA4BF02BAC1C072D57651300D2AF775DAF9BD20183A457BB3DA1D9BFD70190B63AAB2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1688043876, "uuid": "77920536-e032-4a3e-be22-9985f1f74dd7", "value": "04d77d421b8e5297898a3fce39d74267", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688043876, "uuid": "dce6ff50-8f22-4053-a7df-9719cf22c1fb", "value": "12288:vRXxReZj3WZfj/2eSseWFaIe2+f8CL47bs/Zf2QDU:vx7cyF2eSsewS8W47eZO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688043876, "uuid": "2196cee1-440b-40a2-a292-ebe9e1410517", "value": 492544, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688043876, "uuid": "a99e24ee-11bb-4014-9ae6-a5f9c4557b5b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688043876, "uuid": "81b98886-a4e5-4a8f-83ee-eaeacd518f57", "value": "decode_c5d0ce321e09459e13737cd4acd34d40f94812be83226de1f297346f1d9630de", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3640edf5-1673-11ee-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1688039458, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688039458, "uuid": "97bde60d-3d8d-42f9-831c-3f6a8d89d846", "comment": "Malware payload (AgentTesla)", "value": "b7e44d38cc19d4ef0855dbc73c811887", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "QUOTATION", "colour": "#75C1ED", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688039458, "uuid": "1de45383-47b4-448d-9e58-aff4fa152a2b", "comment": "Malware payload (AgentTesla)", "value": "a8ee0501ce8a092cc0cdbbfd3572db5c3ad505e054ffc24e4af4b6678726f850", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "QUOTATION", "colour": "#75C1ED", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688039458, "uuid": "f439496a-57bb-4ca4-9095-f7623956c14b", "comment": "Malware payload (AgentTesla)", "value": "1a0cfa1e28567de71e08e896b31b1a6c356fe16b", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "QUOTATION", "colour": "#75C1ED", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688039458, "uuid": "69965d2d-8c62-4c6e-947b-6f4b05583845", "comment": "Malware payload (AgentTesla)", "value": "adf0b5bc0a74022aeeb3f7c019012f25f960ec55c3748d6d4c749be78330e7a54c956c329b2ffc2b8aa7cc58017cc271", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "QUOTATION", "colour": "#75C1ED", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688039458, "uuid": "09954bd4-10dc-4b36-84eb-4033bc6611d2", "value": "T1E6E43838297DA327D134C7F18FD18427F764992B3025EAE56DC2A7E64226F1129C723E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1688039458, "uuid": "9fd33342-936c-494c-b147-61fbc245de21", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688039458, "uuid": "19483580-e101-4091-8ee4-447bc2623cdf", "value": "12288:iVp0K8s6owaL9iUdU4b2x3STOM4jsN0sPQQZ/yMUwN4T:iVp0K8s6owahiUdUQ2x3gOMDN0sPQQ9b", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688039458, "uuid": "632a31ad-8cd8-4d02-a146-c8e69af9db75", "value": 678400, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688039458, "uuid": "90aede85-1c6c-4364-bf5f-b59945fab533", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688039458, "uuid": "7a14afbd-3331-4bdb-a6c2-24fe1a97699c", "value": "PRODUCTS LIST.pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "888b95fe-1624-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Loki)", "timestamp": 1688005666, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688005666, "uuid": "34ed79f9-04c6-432d-898f-9158ca91d29d", "comment": "Malware payload (Loki)", "value": "01e0bd2d4565ea1d049c6817b0290bf1", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688005666, "uuid": "16ac8e48-d857-4729-8627-38e7696b3270", "comment": "Malware payload (Loki)", "value": "a969522536954bf8122e7ebe679bc7d881dbb8337906cfd581aec9762f8ffb80", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688005666, "uuid": "4a27e28e-042a-4304-ad6e-b3cb782eea79", "comment": "Malware payload (Loki)", "value": "d2706b4cc55da872950c7f25708463981f3e958b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688005666, "uuid": "9169b3fa-3df0-4148-806a-80657e88c929", "comment": "Malware payload (Loki)", "value": "893a4aa7a5b46f1111b1fa72017174f7ee33a0bee2f5136a82bef8645adb5185ae6aee4f2a764ac849165046eee56d18", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688005666, "uuid": "0e390756-0b14-4423-b091-4d0e18ef7383", "value": "T169B41240A3D221A6CC5548B75D6701794EC1AC1358C49F438B8D332A7A7BE85FE9FABC", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1688005666, "uuid": "e9b4a1f4-e6b4-4eed-9f5f-5db8ff1dbeb4", "value": "e2a592076b17ef8bfb48b7e03965a3fc", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688005666, "uuid": "dbfea3ef-8438-425e-8141-f77cf43e91db", "value": "12288:9FKBG73lOUG2H7zS8zjDaKrvOIgGqXa7Xs:BrlMa7zbzPaK6IgZGc", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688005666, "uuid": "f28f4976-8865-455f-a841-0856fae553a4", "value": 517557, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688005666, "uuid": "29386b0c-e88f-4f8a-a43e-ed6baee80166", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688005666, "uuid": "b5395414-28ae-46d4-ae15-7f99f5724cdf", "value": "SecuriteInfo.com.Gen.Variant.Nemesis.24843.17429.1976", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b9a2ef2d-167e-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1688044403, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688044403, "uuid": "b5f648bf-58b7-4d3b-a9f5-7b9a49768a4d", "comment": "Malware payload (RedLineStealer)", "value": "f3ae6376a298e7941c865de12fe8c3b7", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688044403, "uuid": "8038900c-61a9-4ee1-ac33-ee0bf2095c28", "comment": "Malware payload (RedLineStealer)", "value": "a97bce8ca553eb96ce310d5007c6696e123874461ba08e825c89ed247705c44f", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688044403, "uuid": "21f0a8b0-fd69-4620-b776-35995dc02074", "comment": "Malware payload (RedLineStealer)", "value": "070321158ece06a24d438c6f82d54654c1cafad6", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688044403, "uuid": "8dd5517c-4d82-4347-a891-9c0c58f89587", "comment": "Malware payload (RedLineStealer)", "value": "337b123e1449a570e4c2a0caec837b46c89e0b66f19cb4a97916d7a684da68fb09f05ecc26a2da18b0a94c3e261af077", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688044403, "uuid": "6f1c53dc-b61e-45d5-a076-5d0f091f0e37", "value": "T1B7848DD2B2A07C6CE5254E329E2EC6E43E1FBD508E19776AD2186B1F05F11E1D6FE210", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1688044403, "uuid": "45c94589-893d-4132-af4b-372757e4ea13", "value": "4ef5c5864141626e44cf96ed52dc90ca", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688044403, "uuid": "b8fff20f-3b5f-4167-8385-c582e2082848", "value": "6144:twuL7svpsE04QLRV0+VUkrENdJYwgcbXkrPJrjIsPIPB0V:twIsvGNXWkrENrYwgcbXkrPlnPmB0", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688044403, "uuid": "93cf0ebd-f3ff-4f55-b8bd-41db165ab7f0", "value": 384512, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688044403, "uuid": "24e97b79-d441-4eca-9c19-061e7a0d53a0", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688044403, "uuid": "bce6941b-8b97-4ff7-8573-32697df000b6", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3d25d616-1673-11ee-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1688039469, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688039469, "uuid": "2b995c79-6b4b-4654-bd5b-60b065fdc60f", "comment": "Malware payload (AgentTesla)", "value": "163a4fde3704e81ea58632060d08f6c2", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "SWIFT", "colour": "#5D4DE8", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688039469, "uuid": "e01885c4-806e-4684-815a-3f10159ddf99", "comment": "Malware payload (AgentTesla)", "value": "aa446d70bbd53fc2185985832281191c1c995026b2909ec06b99903c2858ad90", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "SWIFT", "colour": "#5D4DE8", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688039469, "uuid": "c56ee897-ceeb-4088-b316-58875505e935", "comment": "Malware payload (AgentTesla)", "value": "2526406276996aac6334ea7b2a197bfb2375ca21", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "SWIFT", "colour": "#5D4DE8", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688039469, "uuid": "3e33eee4-0858-477c-bd42-082dedfc4372", "comment": "Malware payload (AgentTesla)", "value": "d60b27d48ac4aa4c01ecde6e72de6c9af8cc6401b26095a5096829801f5e9cf19046452dee0a14e46d4ab1aa9d6dafea", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "SWIFT", "colour": "#5D4DE8", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688039469, "uuid": "fe87a96f-df05-4393-a592-200412a5ec21", "value": "T1D944239CA9F957C198660B30D0B58F7946BF3E42C94F8305DAC9C2CB109DFB61E69B60", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688039469, "uuid": "7dbf120f-5e10-401c-8560-784d5ca2a75d", "value": "6144:HpU8PLBnOZ+iCjPxDtePfHCi7wmhYUfejIpoiiK92WvhyDFM:tPLkkiC7zmHTMmhffe9id92WvkDFM", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688039469, "uuid": "b84fedc2-8b73-45e5-a41a-8f18286bc804", "value": 258905, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688039469, "uuid": "1f887189-da15-481c-8898-62846d245892", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688039469, "uuid": "90b46b7e-419a-4832-ad4f-bd986ac93515", "value": "SWIFT COPY USD 211,18.35.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "81c1ada8-166e-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1688037437, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688037437, "uuid": "ac1c33b8-c46e-4c42-95c2-3212fe2edffb", "comment": "Malware payload", "value": "2fdf3e77c3d64c0df0f65137c0c4cd17", "object_relation": "md5", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "docx", "colour": "#0DD1A9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688037437, "uuid": "fe761b17-1e06-445a-885c-4d8e8b986b7b", "comment": "Malware payload", "value": "aa5f6e97c167017425085df2bdedc5d658a5478c20a507541f49d00ffd22f1fe", "object_relation": "sha256", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "docx", "colour": "#0DD1A9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688037437, "uuid": "e3f6e977-c706-4096-8bcd-d45526a19cd2", "comment": "Malware payload", "value": "389429bb74329b6383826e8ec1daca642291db0f", "object_relation": "sha1", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "docx", "colour": "#0DD1A9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688037437, "uuid": "77b16d0f-92cf-4ef4-8e05-d272cb683ddf", "comment": "Malware payload", "value": "d46d6115c475899ccbe729c6e9037c951df6e8b44383082441c18eda0ab4cc3461097ee682403aa2ddf3428b3a3e2250", "object_relation": "sha3-384", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "docx", "colour": "#0DD1A9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688037437, "uuid": "da21431c-f91a-4ba3-a505-4237a9fa8b7a", "value": "T11FC2E0A8C14C7217CCA59838639B85F1F511B4679520F1EE6933BBA887512DF3B7D4C8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688037437, "uuid": "fe8f4fba-dccd-4700-a67d-d02ae4fc797e", "value": "768:36WPpuA1aPiJH9f4wtOyBmF8x7wlM2CIkLlJgHgXX:qMpRaP0BrB685kM2kpWHK", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688037437, "uuid": "df9808d7-feb9-4541-84cd-aacb10b676d0", "value": 27009, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688037437, "uuid": "673b78e2-d5d1-4f8e-b674-ceaaf26ac8d6", "value": "application/vnd.openxmlformats-officedocument.wordprocessingml.document", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688037437, "uuid": "33440e0d-6485-4538-b877-11a9a05c0b7b", "value": "MFlex-PR-Innovation-Award-0223v2 (002).docx", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "48537447-16bc-11ee-b3cf-42010a9c0076", "comment": "Malware payload (CobaltStrike)", "timestamp": 1688070841, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688070841, "uuid": "80e09c0d-8672-4f4a-89f2-d7627f66cc15", "comment": "Malware payload (CobaltStrike)", "value": "ef0aff6852c2be85a76ad988592a4591", "object_relation": "md5", "Tag": [ { "name": "CobaltStrike", "colour": "#8E4D73", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688070841, "uuid": "172609e1-2984-47b7-b5c2-ac4e6b84187d", "comment": "Malware payload (CobaltStrike)", "value": "aaa46c91130cfbd5b439074e19d9afda0b678e9682c3ddb5ce2d05fcbb562855", "object_relation": "sha256", "Tag": [ { "name": "CobaltStrike", "colour": "#8E4D73", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688070841, "uuid": "6e94d8c9-d1c5-455c-a105-b87ed6c9e9be", "comment": "Malware payload (CobaltStrike)", "value": "c853f492756a3dafa6f6119e997bc687dcd5d60e", "object_relation": "sha1", "Tag": [ { "name": "CobaltStrike", "colour": "#8E4D73", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688070841, "uuid": "a25d125e-879c-4065-9ea4-67b6bdac2927", "comment": "Malware payload (CobaltStrike)", "value": "3206f336bb66f3bfed658b1c8bd9836f0ab7522f2be2956d4aa2b6270633d9ebbe221f8ad33c8c81ee305b4690ff6bf2", "object_relation": "sha3-384", "Tag": [ { "name": "CobaltStrike", "colour": "#8E4D73", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688070841, "uuid": "a3787d9b-22e0-40c7-b668-34e812fc8a06", "value": "T1D054CF96954E10A0CD5ECE7F1FD3177545ABF8CDAE328F322B48F645268E8F2189E184", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1688070841, "uuid": "a49bbe83-5771-4f24-9fd3-d1635ef64f6b", "value": "dc25ee78e2ef4d36faa0badf1e7461c9", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688070841, "uuid": "05e5b474-90de-4740-af53-248851ea7cac", "value": "6144:PR7dc8pqTRjrenVGl0sK+sVYr9y3rBjA:PJds1renVGut+j96BjA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688070841, "uuid": "bb3b8c66-d9bd-4ed5-a8de-c9e935324118", "value": 284672, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688070841, "uuid": "e76245b0-8425-4710-9f2c-1e64f2c16861", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688070841, "uuid": "0593e752-2904-4fce-8807-110c7676caa2", "value": "abc.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1f69fc9b-164b-11ee-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1688022240, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688022240, "uuid": "546b3433-10ed-4b9c-8be0-712a90c509f8", "comment": "Malware payload (AgentTesla)", "value": "0610f7996eae09a49cff174af151085c", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688022240, "uuid": "43535321-646c-47dd-ab93-32625e4b1e62", "comment": "Malware payload (AgentTesla)", "value": "aafa7dc071b01367300b6316b598054c325a199b8ce148ac8cf35f2554ba7fdf", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688022240, "uuid": "b8e955e8-73dc-497c-8565-977154f69bb6", "comment": "Malware payload (AgentTesla)", "value": "59bd8327b82037a893fded7efcf3714f5522e8e1", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688022240, "uuid": "7b032daa-bb92-4b13-9a43-b249b75d84d9", "comment": "Malware payload (AgentTesla)", "value": "52e901ac40508e0049b4199d5c075bfb57b380c50c60310ba28dc9ffcbd40c20f05bf020f64cd73e2244b837e0516c72", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688022240, "uuid": "1cb1afaa-e0b6-4ade-ba7b-e4547f4a1d8a", "value": "T1D3E4483C18BD2B27C035D7E98FD48023F2A4943B3922E92659D257D64756FA229C723F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1688022240, "uuid": "f2bad7f6-9b9a-4c57-850c-81070d5743a9", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688022240, "uuid": "e31e5374-3bd6-42d3-aa49-726dacbaff1f", "value": "12288:HmR1lVaOllJ4LZLNgTvXQPyCTVA4XEJ3WSF0PtwcZWPM:cVaOllJNTPEUWSGXWPM", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688022240, "uuid": "d64a0b1f-58ac-4ca4-bd69-9ce10899c7ea", "value": 676352, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688022240, "uuid": "b68cdcdb-147b-4fe1-9d52-41eaca18b801", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688022240, "uuid": "56ba2fee-eee1-41c5-9db9-0da6b5722124", "value": "Solicita\u00e7\u00e3o de cota\u00e7\u00e3o.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "385a7aee-164f-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1688023999, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688023999, "uuid": "4d3deae5-eb93-43ee-b018-79331e9633d6", "comment": "Malware payload", "value": "eb7c97847a79c9c91b74da04238cf36b", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688023999, "uuid": "2e917e89-d8c5-41a5-a12b-298faa41daf3", "comment": "Malware payload", "value": "ab3dc5b1c9db90c3d787f3ef5d08c2ac0a8f16fa6bc6addbf6e4f6f64e11f75a", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688023999, "uuid": "e96dab3d-a04a-4779-84ef-6050871c4456", "comment": "Malware payload", "value": "0129bd0a935383255c2e8845800a2b2e633e1f9b", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688023999, "uuid": "0bcde84d-3b9c-49c7-8a32-81569729fbb2", "comment": "Malware payload", "value": "b2d9b2ceae14177dbc8b7a804fb44825d4bfd44f7dbed7964e54ab09b5cc4930422e50b0fbf868fda40fb93d8b251b0f", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688023999, "uuid": "5debac2d-9bbc-44bf-9369-fae3bb3aaa7d", "value": "T16AD52381BB85CED3E41E1430AC535F861E70E94F2D13A7477389A36F6DB33C6590A26A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1688023999, "uuid": "62d55a3e-9f69-47bc-8dfc-37daf7cd73ea", "value": "4328f7206db519cd4e82283211d98e83", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688023999, "uuid": "2a379127-36a3-4c73-86ce-97470ae13f3d", "value": "49152:/KaHdClPex0t27waS7OCy3h1i9I77E7R2YqzgparyqeC0sr3d7lDRmmTETbc7:/59Clmx3wauYx1iK7wwYqoaryqf3jlmB", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688023999, "uuid": "f360584a-e5e5-4211-a6ce-a53b7abe4be5", "value": 3010560, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688023999, "uuid": "aa2cbe61-710c-490a-9762-fd8dfeb8a990", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688023999, "uuid": "44bb9e7d-0563-41a1-be12-e1127e7c7352", "value": "eb7c97847a79c9c91b74da04238cf36b", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "863dfd5a-164d-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Fabookie)", "timestamp": 1688023271, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688023271, "uuid": "7c1a122d-772d-4999-8594-cfbcac60316f", "comment": "Malware payload (Fabookie)", "value": "76d138db4b3bb1325ded6e52922d8efe", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Fabookie", "colour": "#289638", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688023271, "uuid": "d886b1c4-f0bb-4d3b-81ed-437b67512c85", "comment": "Malware payload (Fabookie)", "value": "ab6de16c8b725a28c0bb84d4d88daa9a287715c6f42fb1f9949eff2d12f7ddb9", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Fabookie", "colour": "#289638", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688023271, "uuid": "b1980b6c-237e-46f7-b402-e397c153f59a", "comment": "Malware payload (Fabookie)", "value": "f41f3238aeba369711a84b3cbcb249bc82a2de7e", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Fabookie", "colour": "#289638", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688023271, "uuid": "8b13543c-7ef0-4273-a2f3-7a5b1ed61f0c", "comment": "Malware payload (Fabookie)", "value": "08da69f14d13fba5fd54b7baaf1937898979fa20f45aa5f75891e64f6cc90337809b1001b9978a27793ae3e5796cfa49", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Fabookie", "colour": "#289638", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688023271, "uuid": "ce16aad6-0dc1-411c-afa5-2e7d474790b6", "value": "T1DC346D62F3E81069E0B7C23A8AB25375EB7278191F2187CF1164566D2F337E18E3571A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1688023271, "uuid": "7f32a7e9-5451-438d-bdfe-198d776797a0", "value": "0b788e8ff3124c2dd648ac7a27e0b5d8", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688023271, "uuid": "033a0c24-b307-4af7-bd15-e21a77fc6ced", "value": "6144:zqkvJK8JRGHtg7WS5yYiEEiEEsfByAwZZS4onQF:ztg8JRwtg7yYXIB7GjF", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688023271, "uuid": "d1bede38-aea5-47a7-89d8-67595c90bf9a", "value": 247808, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688023271, "uuid": "d6306dcf-656b-48f4-a28e-fa74f5377289", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688023271, "uuid": "69e91ac8-3ff5-4abb-b7d5-dea144c4d4a6", "value": "76d138db4b3bb1325ded6e52922d8efe.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b0f0c246-16d0-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1688079607, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688079607, "uuid": "be687fbe-bbf2-4355-89cd-dde3b91b964a", "comment": "Malware payload", "value": "00d4ea70eebaea006a6bd7310d70d06f", "object_relation": "md5", "Tag": [] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688079607, "uuid": "969150fd-c0f3-4c9e-a73b-619fdf8f0a4d", "comment": "Malware payload", "value": "abe32b239d13d9053ac46791fdc6eaaac084bed47fe3bb6515a34f535bc937bf", "object_relation": "sha256", "Tag": [] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688079607, "uuid": "e430d6c8-9180-4506-b14a-8f783e5a0266", "comment": "Malware payload", "value": "b2af5caaee9edef46eda924298ffe4042beee27b", "object_relation": "sha1", "Tag": [] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688079607, "uuid": "1f17c24f-9a31-42a8-90be-107d172d5f16", "comment": "Malware payload", "value": "2a546747a6caba4ca5aced54bba66ad2c268c65aa95873a0ddf691dbbf8bb4ff2ae0e320c26c737a4a248b8b32026677", "object_relation": "sha3-384", "Tag": [] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688079607, "uuid": "b14d45e2-b6bf-4969-93ff-52c3f4af1097", "value": "T199F2F171F67793A595199AFEDE128A0723C9393C81FEB021263187683BD74DB09B80A5", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688079607, "uuid": "d619e696-7991-45a2-ae1c-76d93374fe1c", "value": "768:J/hL3imUau24c2TP1jJAGRkaF/3Q/HWau4Gq4uaGiIBS0n3U5:J/h3i3audcgJAGRdF/g/ju4GqzaGiIBQ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688079607, "uuid": "57eec96b-f80b-4a11-8217-0d935f511089", "value": 37204, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688079607, "uuid": "3595dff5-cc91-4084-9f3f-6ad09f0bc806", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688079607, "uuid": "d8a27ac7-c6ba-4aae-82df-03c7f55eae89", "value": "arm", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "185df4de-164a-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Formbook)", "timestamp": 1688021798, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688021798, "uuid": "a930c3bb-0e57-4b24-85fc-3caae6aac860", "comment": "Malware payload (Formbook)", "value": "f4c40db07338716f55aa7585396b780e", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688021798, "uuid": "8b8ccd5f-4639-4b2d-bdc9-dca6e10a8339", "comment": "Malware payload (Formbook)", "value": "ad221c5dc0a469c3a37c317bdedd1c07cdb22fd62a772c4eaf94ea69a4c1fc28", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688021798, "uuid": "7b029f97-7a2a-43e1-a549-67155821a3a0", "comment": "Malware payload (Formbook)", "value": "371a128bf4cf595c387cad054458c3819c3aab30", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688021798, "uuid": "8fa10130-e950-4310-886a-da8ae6e087bd", "comment": "Malware payload (Formbook)", "value": "7ad08d54f76f94313fa6ba2495cce07e41acddc1bc296086a8d155dbe5d7a73b5b74084aff59d5ec8a9a5897cc15a95d", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688021798, "uuid": "8e6e6415-3994-44c1-915b-47e9653527c2", "value": "T138E48B3D2CBE2A37C074D6A98FE5C463F554943F3921A93268D793A54746EA321C323E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1688021798, "uuid": "827e617b-2901-423d-a96b-3ea5d1542ace", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688021798, "uuid": "1c1a257d-a5cc-4d23-9243-4fc9c7616c24", "value": "12288:ZF8v0/dQzogi6WG+zTf+Cx6Nl3WlcHGMzsc+IMWxHInwOrQswmJgip:ZKvyazziiuiCxUVWlcHGEslI5xHInnwo", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688021798, "uuid": "d17db6c2-3c4d-4efd-8ece-26dc826b2c2f", "value": 717312, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688021798, "uuid": "40819bb9-6395-4a28-90ef-224f4a7a5c38", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688021798, "uuid": "3d29c150-0c5f-4cea-b1e7-bee3a1f8f990", "value": "HKD0000000612050661-T01.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4fe72e9a-16cf-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1688079014, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688079014, "uuid": "6494d439-6e44-4970-ab9a-1d5ccb9720dc", "comment": "Malware payload", "value": "bdd770972f3645762448ee496e97b739", "object_relation": "md5", "Tag": [] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688079014, "uuid": "c198b6cd-b37b-423b-98af-670fe988a8b1", "comment": "Malware payload", "value": "ad6708e2ad0be6c5136f7e1296659f49f433101e083c4120a6f8b0e229f608df", "object_relation": "sha256", "Tag": [] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688079014, "uuid": "1231c586-6425-42d2-881f-5d223bd7d279", "comment": "Malware payload", "value": "9502f8753096366090bc749a44c1233532968459", "object_relation": "sha1", "Tag": [] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688079014, "uuid": "727356f8-8e9c-472d-9bb3-c0b37bf7e8a5", "comment": "Malware payload", "value": "c9ebb9eb904891655868568b7d7b89a25f2a434e96584838b52b9f41da9da2a62ae5227535e87bf8ee4d2595dd646f9f", "object_relation": "sha3-384", "Tag": [] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688079014, "uuid": "b3bc2eb6-0498-4b10-a230-c29c4fcfcef9", "value": "T1BC03D651F8825A27C6E1127AB6BE4A8E332073E9C2CFB617D9214B107BD551F0D63F92", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688079014, "uuid": "d4c5b1b1-713e-4fda-b405-84a56fb51f7c", "value": "768:RqILBdhxPh9NeftcG5dm80LyFBWEu/tOr4MkKvlw9QSo8qMyfE1Jom32/NkwfkkH:k0z+f2G5dmSBWjV8kZbJqK1X2D", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688079014, "uuid": "dc05f54e-ffda-4362-933d-4becf7fac0cf", "value": 38116, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688079014, "uuid": "d10562af-32a9-4d38-857b-dd3eb204e57f", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688079014, "uuid": "90afd89a-b632-43f6-85f5-535bc83d1008", "value": "arm5", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "51104943-16bc-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1688070856, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688070856, "uuid": "eece178c-49bc-4503-8675-6d7d4891a4fc", "comment": "Malware payload", "value": "8ef82dc4b27ad3ec3ea29bc7b9e2d66e", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688070856, "uuid": "145b97b3-b04c-4f2a-aeea-456736f261c6", "comment": "Malware payload", "value": "ad9fcfa1fd3f2dfbf14aab9de3d95608bbb03ec07c52a40f55f9b9380d054fbc", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688070856, "uuid": "4a9c6a8e-02b8-4439-949b-56c735f7139a", "comment": "Malware payload", "value": "efee8a0462719ebd2a75b2c6d9b81542ed5afc17", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688070856, "uuid": "b32fdfc2-7414-41da-9076-d486fcfbdadd", "comment": "Malware payload", "value": "64b17b7eee8b8e1c5c228f8ed5392063c0c4c65a731be7217a0ee10c7fdd756202e4272e1651120d2fb1a0eed3a11da9", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688070856, "uuid": "c5dd7039-70b6-4b38-b91a-f7c67e56f264", "value": "T1C9858C42ABD344B1FDCAA633117E67135739AB194313A5DFA7903C60AC712E31A7E2D2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1688070856, "uuid": "49471fba-78bf-4dc8-9a70-eb3365e091ef", "value": "5b63a169aacbefa68c815e193cd51b41", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688070856, "uuid": "9d404496-669c-403c-8902-b4960fead8c7", "value": "49152:yoShFhbu9g8pq7j6eaa2Ccn0uLzjv+E0rlM+:yoSvhQzMC+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688070856, "uuid": "2db33b1f-32b9-410d-b593-c63ac1f5d86f", "value": 1769800, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688070856, "uuid": "f79d2b09-2fe9-4344-a3f9-08028eaa2339", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688070856, "uuid": "c760ca17-f673-4ab3-a080-8dbf55a05772", "value": "Everything.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "54622d77-1621-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1688004290, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688004290, "uuid": "16331b7a-95c7-4c99-8f80-13e5ff59f7c1", "comment": "Malware payload", "value": "4ccd0efdaa58ddc9726cf05ad8e3ad8c", "object_relation": "md5", "Tag": [ { "name": "cmd", "colour": "#15A458", "exportable": true, "hide_tag": false }, { "name": "malware", "colour": "#90B709", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688004290, "uuid": "730a37f2-04d8-4ec1-8b0b-58cafc869687", "comment": "Malware payload", "value": "b23d6b2887ce867ad07f0c2d036206dc9eac49fa28206bba6e5a102163d46c03", "object_relation": "sha256", "Tag": [ { "name": "cmd", "colour": "#15A458", "exportable": true, "hide_tag": false }, { "name": "malware", "colour": "#90B709", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688004290, "uuid": "ee12d614-e46c-45a6-8868-89f556eabc72", "comment": "Malware payload", "value": "a93d955bee952c9a8e1c9ad0d459b359cd98baad", "object_relation": "sha1", "Tag": [ { "name": "cmd", "colour": "#15A458", "exportable": true, "hide_tag": false }, { "name": "malware", "colour": "#90B709", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688004290, "uuid": "32813845-c090-45b2-a1b1-8971ab665754", "comment": "Malware payload", "value": "475d9032aeaa31598cf3c5cad8546424fdd7d6d01e0508d89cbbf84e25e4432d9aa647b55ba882159ff877b06898be8f", "object_relation": "sha3-384", "Tag": [ { "name": "cmd", "colour": "#15A458", "exportable": true, "hide_tag": false }, { "name": "malware", "colour": "#90B709", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688004290, "uuid": "77ab55e1-638f-46ed-a9a7-8e6769b859cc", "value": "T146115226F4D217A4C3DBF1A2435294F927A7C800CB01EA2E70A02D1568C37933E61292", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688004290, "uuid": "2bd3bb32-3e64-4d5c-a643-2f9f79c4a4a2", "value": "24:UKb0bn9pbNH07G39Jfk2QJH6YMGLqATALp9EL2A:YLNH/39Jc22H6DqqA8L8L2A", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688004290, "uuid": "fab85e70-5f96-4234-9800-3e506d37ce76", "value": 880, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688004290, "uuid": "049ba981-09b0-4c28-8151-0a84ad81e94c", "value": "text/x-msdos-batch", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688004290, "uuid": "bd6d50e5-c5fe-4731-8152-10b860da8e43", "value": "fa1lA9Hw1U(6958799).cmd", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2c1ddfd4-164a-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1688021831, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688021831, "uuid": "a3c60c53-4356-412a-9f5c-aec6b05d4b75", "comment": "Malware payload", "value": "c094595464cf9c90bc9f877efd72e7c9", "object_relation": "md5", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688021831, "uuid": "d951118e-ee50-4ef0-8c23-8cb21b7c0577", "comment": "Malware payload", "value": "b2bc3d9bcffe37b2d087e754795d0f904713a3c4886120cee2ab0581c537fe4d", "object_relation": "sha256", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688021831, "uuid": "7179603b-32ab-4f5a-9bd5-d1f254cccecd", "comment": "Malware payload", "value": "23db154644193e5cd367fc758d464fa17a94d704", "object_relation": "sha1", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688021831, "uuid": "17634c14-5397-4839-9839-9f64b01faff1", "comment": "Malware payload", "value": "0bf619f671d7a2f366519424a66ae5df9cc8c6891aeaf95aca38dbda8e2798b23252fccccc762fd23a7a0e3033aa640d", "object_relation": "sha3-384", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688021831, "uuid": "41a76b40-35f9-45ac-90b4-0b54184e7ad7", "value": "T1D8B423FDB3D714A52382C48BD1BF5869E19A607287DE6EB21CB431FE49F5C91882C583", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688021831, "uuid": "155cb1e8-51a9-4a47-a141-5539e2a2b8f8", "value": "12288:6p84HrCpnHLSnIKM8JOKAfwmkCVK88U9Yy+pusl:14LmEIi5ApZ/+tl", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688021831, "uuid": "9bd22678-0d89-4c7d-9bcc-1a2551cdba6e", "value": 508656, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688021831, "uuid": "1a51872c-5de0-4e45-9007-2bd2a4b44b6b", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688021831, "uuid": "cd416f4a-b85d-4faa-920c-038b3e5ecae9", "value": "Request for Quotation 0032118 doc.7z", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0f3a949d-168a-11ee-b3cf-42010a9c0076", "comment": "Malware payload (DCRat)", "timestamp": 1688049271, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688049271, "uuid": "1f208ed7-bc83-4d03-a29f-350094eced18", "comment": "Malware payload (DCRat)", "value": "029e0634d88ff7f6760ea7f9e384e16f", "object_relation": "md5", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688049271, "uuid": "bd52dfdb-c27d-4b33-8b99-bbff9f79f967", "comment": "Malware payload (DCRat)", "value": "b31c082dea750e9be6e1cf866efaef2c129e836c5db54198089a8745c79a4569", "object_relation": "sha256", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688049271, "uuid": "fee4ec6f-0420-47ba-9163-e9ff5e5fdd18", "comment": "Malware payload (DCRat)", "value": "c4f9560a35323002c2b3ba6b301ee246c0b492ed", "object_relation": "sha1", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688049271, "uuid": "daa43853-803a-4095-9475-a3dc43b14658", "comment": "Malware payload (DCRat)", "value": "b4dc52805d40330958cc33cfde6107fdf40e499413e2da6d5a72d47b7ff894b45ea27524e244b10dd2c3fef377d609d5", "object_relation": "sha3-384", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688049271, "uuid": "8771ad40-b1d7-47cd-a343-63738209c129", "value": "T1DF236D4037D88136E6BD4B74ADF3A1408679C66B6E03CA596CC454EA2F13FC696036FE", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1688049271, "uuid": "f71b405b-8616-40ff-bc5c-911db2ff178a", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688049271, "uuid": "0022954d-de6c-495f-b710-42c39e955367", "value": "768:BCT3ILNCKi+DiPElJNJN/IisV08Yb8gb2+nhAjcvEgK/JrZVc6KN:BCYms9C0zbTC+VnkJrZVclN", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688049271, "uuid": "8b0e933e-d50a-4570-aee8-a90ce2d6bcff", "value": 48640, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688049271, "uuid": "cd972d89-0f54-4499-9105-01e04e19150d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688049271, "uuid": "45ffed1a-8200-4414-b5d7-1321c30445f1", "value": "xdSO8lE3J0cV.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a29d48aa-167e-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1688044364, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688044364, "uuid": "9f503420-def8-48a3-bdb7-4735c65418a7", "comment": "Malware payload", "value": "f3e4d4a85c7512f0da99af2d9a90eacd", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688044364, "uuid": "60c7aaf9-1045-49e2-a8b9-d693b7069a03", "comment": "Malware payload", "value": "b4c2ff718a6f5c872387c54960848ea4798b78ac9ea50928106cf66a4bdffeb1", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688044364, "uuid": "ae2a1d4a-bd0d-4078-8f04-c3b535c707ca", "comment": "Malware payload", "value": "773df36ff48e83e0d380c4419ac82a40c37ef53e", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688044364, "uuid": "75049eb7-91e6-414b-a2df-88c1fcd87e12", "comment": "Malware payload", "value": "2c52a75125d9c593efcd52a3a8bb5b2b3c7e40c3d097f224e7380c22f1247cb3e75429cddf0288aa334c87f360232976", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688044364, "uuid": "ae503ac4-338c-4e0f-b183-12b3999ca54e", "value": "T153752221BAC08470E9B718351AE4A372BB3DBD315F768AC757503A6E8F301E09936767", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1688044364, "uuid": "0af3e646-8c72-4a80-9cba-b88a20ea887a", "value": "fa8d20faea9ef7b4e2b7fbfe93442593", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688044364, "uuid": "e231381a-5e12-4684-a297-2fd8b40c6f52", "value": "24576:qDkUNi1slEkAEuf1jqlbA/72612YME8Mvox0kxBflP5BW2zywKvQZoL1PmfeR6:qDkUjjAEutjqox1z2O2jk2mfv6ImfG6", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688044364, "uuid": "5239a395-e41e-4889-8981-6b8ce3fb3628", "value": 1629312, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688044364, "uuid": "471f832a-27a2-4291-85d8-eb959d0fe29a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688044364, "uuid": "e022cf5b-5f23-44f5-9255-840e85c32edb", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "da12be25-16cc-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Mirai)", "timestamp": 1688077958, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688077958, "uuid": "76e7245e-5cda-415a-af43-ce53ff20ecaf", "comment": "Malware payload (Mirai)", "value": "b144466e88432ac5a490085eb6703cb5", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688077958, "uuid": "fe6be6e0-c327-4803-a060-b421aa48853a", "comment": "Malware payload (Mirai)", "value": "b5169f8269c81bad84477cbb5afe26fe6fcf91450c318b407640c76c9e4114af", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688077958, "uuid": "bde49fbc-22e5-4e91-8f09-3e2cc2ca8f38", "comment": "Malware payload (Mirai)", "value": "0f49cf2674ecdae4bd6f0e3da66b72b763678941", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688077958, "uuid": "aa26bab3-2cec-4224-bc06-01f6ebc7648c", "comment": "Malware payload (Mirai)", "value": "ba5e97d001c086d855017ca811cdddf90a989f3448e86225add9beaf416d4131a93f321c5a2eb06541255c98bc14dbfc", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688077958, "uuid": "8ad81077-2911-401d-a07e-68cd24e22b2b", "value": "T1B8A2E01172A32D56F3ED1C3DC86A836BB9A70BFC90F5327679411620C90D30A3E39A4E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688077958, "uuid": "26ad4191-1bb7-414a-b98f-1e4216169793", "value": "384:UvtIoZxrSniaXs+qx+bwqPX+VOcFd5fHq52lxj3UqhymdGUop5hC:UvQn4j+ZO5fKAlxls3UozM", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688077958, "uuid": "74dfaed3-19b6-4c98-a1c7-f6ab6b3c376d", "value": 22160, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688077958, "uuid": "46fc97a4-7b1d-4b5e-b315-10715d72957f", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688077958, "uuid": "db62e4c2-57af-4891-b2d7-6d8357330a07", "value": "b144466e88432ac5a490085eb6703cb5", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "eb9d50ff-1689-11ee-b3cf-42010a9c0076", "comment": "Malware payload (GCleaner)", "timestamp": 1688049211, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688049211, "uuid": "894cc658-81c8-4517-adfb-89b8cf533efb", "comment": "Malware payload (GCleaner)", "value": "9f9ee2e6c5795998bbf7f4dc0a54b66c", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688049211, "uuid": "4f3f99b6-db4e-4b24-ae42-cba4663e9c62", "comment": "Malware payload (GCleaner)", "value": "b5838c5c36933f403478d3c7294afb9b9bad5f28072a5b7b890020216e9f7de4", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688049211, "uuid": "b1de2b9f-b4ac-4c3d-9095-93e1dcdb104f", "comment": "Malware payload (GCleaner)", "value": "eca532e660daca0442e0d30bc36fc3ed2e507270", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688049211, "uuid": "3ac288ba-4d6b-43a7-b1df-30ec059396a2", "comment": "Malware payload (GCleaner)", "value": "31209181e4e7c469e5531f24d6f3dfef103193b0c504a385e57bc9ff65c3996f7866c189479d17e402b804778274c264", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688049211, "uuid": "3532ed19-28c7-4609-8583-f54ab7431a38", "value": "T1E7748DD3B2A07C6CE5255E318E2AC6E42A1FBD504F19BB9AE218671F09F11E1C1FE351", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1688049211, "uuid": "490c4191-6e51-41bf-8f35-477e835093c6", "value": "4ef5c5864141626e44cf96ed52dc90ca", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688049211, "uuid": "15bece83-3097-493a-8baf-90a9af64bfe3", "value": "6144:gvt/71FTVxpYWeRzDtXJPRh8cuO2oXNy+J4a7:gvR1FxEWeRn7R2Q2odh4", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688049211, "uuid": "d25710c7-4d91-47bf-ac3b-a648a37c8cce", "value": 368128, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688049211, "uuid": "e33a0d9f-bf83-4d0d-b568-51bf0f904d48", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688049211, "uuid": "06372764-ab8f-4eb2-aee3-18ba0bc92486", "value": "9f9ee2e6c5795998bbf7f4dc0a54b66c", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7556294c-166f-11ee-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1688037846, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688037846, "uuid": "2f408522-1668-4e8d-9d86-b88fbd622cd2", "comment": "Malware payload (AgentTesla)", "value": "e00521e507bc8e874d98c2218423180a", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688037846, "uuid": "ef032e41-355d-450e-8149-8206abe6c954", "comment": "Malware payload (AgentTesla)", "value": "b5ed2d16101b333863529e10f2413b70ea33ffdafb65ec74ea849f9d425fdf91", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688037846, "uuid": "154fec2a-25a7-448c-a598-472819c4ffa3", "comment": "Malware payload (AgentTesla)", "value": "29c8d201060f864bd41f4c57c767241e2f57ea9b", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688037846, "uuid": "39452383-5440-4f6c-9fe8-6f02a8f4499c", "comment": "Malware payload (AgentTesla)", "value": "e626e640e5d91cbc6ee9c7862367ec3cd65002b93ef373b58c434fcfacf311cc15019d9d76f873cf00979e9da37e2f53", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688037846, "uuid": "ed2fec0a-abd6-4758-a7f7-1b67daac30c1", "value": "T13EE4183C677D9A26C034C6B9CED184B3F2558F3AB411D522588A7BB56722B921DC333E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1688037846, "uuid": "757fe19f-a8e7-4d25-b645-258fb780fe34", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688037846, "uuid": "ebc10c60-f1e1-45a7-8e6d-56bab4716e02", "value": "12288:bcj6mVPWC/5weFFqWWiKsKVQojUBwK1fAKRsD94cgE0G:IfVOo5yWWi4QGEHRsDuEZ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688037846, "uuid": "04d03700-5248-48a6-8761-b4427ed462e7", "value": 710144, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688037846, "uuid": "b4c1704a-c02e-4756-a066-d2cdd6173c92", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688037846, "uuid": "9e9932fa-95fb-456a-ad30-45a946a9208f", "value": "Bank Details.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2d259919-164b-11ee-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1688022263, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688022263, "uuid": "7bc062da-68e0-48e3-8e9b-19cb5f1d8ca0", "comment": "Malware payload (AgentTesla)", "value": "7d7f13f7d03a59523ba69dce62f1dc56", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688022263, "uuid": "cd83d15a-13fb-4ec2-a9d5-5cf28d0ca8aa", "comment": "Malware payload (AgentTesla)", "value": "b82291de6b50625fbe64293024d4b7d3f1bc874e14d8a6c613b56cf4c5854d30", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688022263, "uuid": "76bef3c8-ba77-4c2c-9ce1-049ddcdf41d6", "comment": "Malware payload (AgentTesla)", "value": "5a7fb1ba0bc13d34eaa7b4698e1d8052e320545e", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688022263, "uuid": "fbf4cbe2-2703-472c-ae09-53ee4bd10b0c", "comment": "Malware payload (AgentTesla)", "value": "594381a6ae0d3fedee4f8cc1227eb51baa1bb644506f3edf657e7712f5e3642121678094b44dd231224d7764a9ec55ea", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688022263, "uuid": "46af3fe3-abcd-4aff-b15f-69db27dc5cac", "value": "T12E421B149EEC026FE4BB13BD597357804B36BB766213DB2A2DCC71A61C5635409363B3", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688022263, "uuid": "1c418799-513b-4466-ad17-9759aa871dfc", "value": "192:/qwFkb7H0rKTW2eOF93JrPCxo6XW5V87W1tfe3AIfJp6myRRW3ZD1ofy0xofy0R+:7UTcOFDDUo6XWSsG3nHhGfxGfxE", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688022263, "uuid": "1a47299a-0984-4188-a7a7-1e09cc98f074", "value": 12288, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688022263, "uuid": "ba1cbb9e-7c9d-470c-bdb8-3ae245d5d590", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688022263, "uuid": "9838f122-2fc6-4970-94b0-fc001a64ea54", "value": "DHL_AWB_NO_#907853880.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fb903261-16a4-11ee-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1688060834, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688060834, "uuid": "72bb3f5b-594e-4a9d-b63d-54edf25873ec", "comment": "Malware payload (AgentTesla)", "value": "fd20b43b7cf8141585e66e6294e903d0", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688060834, "uuid": "9f2ba924-4e79-42d7-949b-607b814934ae", "comment": "Malware payload (AgentTesla)", "value": "b830c7a15a447cf7fc33ea29907be1626e3c5e420e9535580f46269c85948a6d", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688060834, "uuid": "16568556-5ab1-4805-89dc-762f5b8d5ed9", "comment": "Malware payload (AgentTesla)", "value": "1348289f1e057f514d33dc196de3b38d04327f72", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688060834, "uuid": "4fe9ce3b-b10e-4d00-bdd9-fdea5a6f058a", "comment": "Malware payload (AgentTesla)", "value": "9f736cbf2072d325b4a97519e9d5b7fe25fe4deee7df4d1c36beb130ac8db348f0a40afcfed8b72616cfd1213a7c90d2", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688060834, "uuid": "bcb95574-f6fd-4b5d-90cc-5ad777a00875", "value": "T179E43738297DA327D034D7B58FD18027F364992B3125EAE55DC3A7E64626F112AC323E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1688060834, "uuid": "64e5ec5c-c639-4d4e-bbba-41ff5395e0fb", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688060834, "uuid": "41ac4a68-70f5-4476-a28e-d1637b9305eb", "value": "12288:lVp0K8s6ow4utXo4ZAkKUcE8T0sJdHtfgPsO5wRuTDI5EvV8Hic6:lVp0K8s6ow4TkbvxsbHZgPX5wRaIxic", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688060834, "uuid": "c1424763-ce4c-4e18-85ab-f83d489b02b9", "value": 677888, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688060834, "uuid": "0a9f8196-b63b-4247-8bbb-7bb79ce369ac", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688060834, "uuid": "ab7a9158-57d0-431c-ba5b-30cb93c618ce", "value": "ISF document.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7909690d-1686-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Formbook)", "timestamp": 1688047730, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688047730, "uuid": "e8ac6df8-547e-4ca7-9e5e-04bf70184964", "comment": "Malware payload (Formbook)", "value": "52b029dfcfa4424579619a9c6b0f0f21", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688047730, "uuid": "cc2235ea-8dd7-49fe-bc72-9c811908cb63", "comment": "Malware payload (Formbook)", "value": "bb5df98c2c7bc29973d2f2eeb67ce8b7a2f9da4166fabe5dfd70e5117e404991", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688047730, "uuid": "0d498342-520e-40f0-bca5-4dfa2d45fb81", "comment": "Malware payload (Formbook)", "value": "2bf40bf5d0686a30f1d1f2d90d804452a8bc331e", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688047730, "uuid": "d469d751-2d16-4cab-a459-cf24f2ad3d80", "comment": "Malware payload (Formbook)", "value": "c63a3fb60be73fc66c472347c9df5e8b4d83bbf6eac5386cc0ebc6f3e46298432c7d865a7f222470de51dcb32316d25d", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688047730, "uuid": "9683c02f-8468-48f5-a85d-c679d7a38b9a", "value": "T1E1341228B7F1D05BEDB317321E7655277DA7F91A9538A70B2300AB8CF9B01819E0E761", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1688047730, "uuid": "3d3b3f2d-7869-4893-8676-a708a5f64da6", "value": "61259b55b8912888e90f516ca08dc514", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688047730, "uuid": "94281a42-b54a-425c-985a-b3e9cb74219d", "value": "6144:/Ya61iSHTK2jyvR6ouixU5NVn6T9sqWdmAiC:/YniSHTtjy56obxKNVnsmBdmI", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688047730, "uuid": "4db8b6e3-0964-480d-843e-559ab0428f94", "value": 244416, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688047730, "uuid": "9b91153d-37be-4955-bdef-4adbca72e770", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688047730, "uuid": "e470fbc6-10bc-4c9e-b79a-5f28ebf68330", "value": "roror99043.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bc349e5b-167e-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Amadey)", "timestamp": 1688044407, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688044407, "uuid": "6cb5b756-2fa5-4ca0-ba04-834979653c39", "comment": "Malware payload (Amadey)", "value": "2e92f7aa930ed40044b63c133fc68416", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688044407, "uuid": "58a0d85d-c8e9-4af6-a702-962ce8333c80", "comment": "Malware payload (Amadey)", "value": "bbd00039d177e33d3a4346167533dfa08644f03537327d13a8be851be3eb6e9f", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688044407, "uuid": "77297e02-0890-4d71-b36e-e907b9e4e059", "comment": "Malware payload (Amadey)", "value": "0d62a63d7a320547892810bb689444ddb13f907e", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688044407, "uuid": "5e902520-d8eb-46fa-ab9e-6b14403e99a8", "comment": "Malware payload (Amadey)", "value": "af393e5b91cadd4acf9445a8417841ebcd2bd7d5a60d8116cbd4c12de3a4f318a0d5f0508dfdaf27baca32c023d4d9d1", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688044407, "uuid": "51989184-f597-4740-b8a6-fb60a6658db6", "value": "T1B8B4F11339ACC3A6C1EEF1B341BEB9259B7A433137B6328393D8E2D61A507D1951E385", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1688044407, "uuid": "56e0fd63-cdaa-407c-b3e6-7112cc1d254a", "value": "bb1d8bfc6c51ca02a6f390c720552f6c", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688044407, "uuid": "5ff1dd80-93bc-4c96-83f9-3d371f1659c9", "value": "12288:/ZT2pvFbAR6tnIQUbvyadYaPm9DDrPAwDj/LpwLL9J:/ZT0tbQSnYDdJQDDAwDrLpwT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688044407, "uuid": "848937fd-5f43-471f-8725-650e720f1426", "value": 541320, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688044407, "uuid": "175eacaa-3055-40b2-b3ef-d6e90568a055", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688044407, "uuid": "09213d32-d94e-429a-a02a-d1d2c62e8799", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a5159dc8-167e-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1688044368, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688044368, "uuid": "f46b1d36-94d2-4f5b-a6b9-40df6e04d6f7", "comment": "Malware payload", "value": "f1bf04ac46c4a9fd55f902d495461147", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688044368, "uuid": "7982ef04-16d1-40bb-931f-52d1f0297b7a", "comment": "Malware payload", "value": "bc06890c2b7992e31726f069dfbb6f1fda24601a7538244d44783c5a323d965a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688044368, "uuid": "b614c835-5a8b-4440-8dda-015f9975db2b", "comment": "Malware payload", "value": "19ecb3ca12a0d19897af0c87673becd5cff7aeba", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688044368, "uuid": "e3b37295-6d53-4651-9d4e-a94ab075d3e7", "comment": "Malware payload", "value": "1b4186a1ffcbd53b7213335bc48fdebf1cb59d97bdc6bf97c8d6619512a7ed923fbf08307c2fa84c7ae54b3a17f95c61", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688044368, "uuid": "7b5e3795-3936-491c-b92c-01cd0c764b8c", "value": "T1F5C35A1131C1D872E2721A715860EEB68A3DFD300F604DBBA79C593A1F352D2593AE7E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1688044368, "uuid": "1654ffec-273e-424a-afb8-92ccb9884905", "value": "7cc3a712b00c184b18453863a1a633b4", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688044368, "uuid": "735cdeff-446b-48bc-aca0-849520e4fb47", "value": "3072:/O0mln1RvntAOEiKLvBN1g4sZsGR6pst3:G3nrqRvBQRt3", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688044368, "uuid": "96514e4b-b08d-4411-ac75-862314efba18", "value": 121344, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688044368, "uuid": "d68004f4-667f-41c7-a42d-226d07813adf", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688044368, "uuid": "1b8e6561-7f3d-4976-95c6-50e0e8e2169d", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "69becfd8-16bc-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Cobalt Strike)", "timestamp": 1688070897, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688070897, "uuid": "de24fb80-c433-49f6-b9f7-800c8a075f36", "comment": "Malware payload (Cobalt Strike)", "value": "edd3157a6f8a15089a7658fea49262b7", "object_relation": "md5", "Tag": [ { "name": "Cobalt Strike", "colour": "#47EF09", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688070897, "uuid": "9a11454b-74ee-46f8-a818-27ad6fbc6679", "comment": "Malware payload (Cobalt Strike)", "value": "be3602e288cc89c2d376a2e09e20e8347fc20d3f682fffb843adc8b7c8168488", "object_relation": "sha256", "Tag": [ { "name": "Cobalt Strike", "colour": "#47EF09", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688070897, "uuid": "2640a56b-439b-4360-a323-f736242629e7", "comment": "Malware payload (Cobalt Strike)", "value": "720ced6cf863ca9809557a86e1e58d9f9956bd6e", "object_relation": "sha1", "Tag": [ { "name": "Cobalt Strike", "colour": "#47EF09", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688070897, "uuid": "2db9564d-eb9d-4cf3-b140-2e1b6157085c", "comment": "Malware payload (Cobalt Strike)", "value": "685fe3ba63b57d82a40854ceb7daae66d79c9068c5e9a0a490c3e90fc1e35978398fc2f391c23bd42f2dd210274659f4", "object_relation": "sha3-384", "Tag": [ { "name": "Cobalt Strike", "colour": "#47EF09", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688070897, "uuid": "a76c3414-33f6-4b7e-8c39-c8e902e03642", "value": "T17054BF1F716273D5F783E2F7A5C10036909921AA0EF16E7EDC76A71F23012859E8EE49", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1688070897, "uuid": "b801b775-7eff-4356-b957-9010826d50bc", "value": "dc25ee78e2ef4d36faa0badf1e7461c9", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688070897, "uuid": "c8e0e216-5cce-4cb6-b285-132ba558c7ee", "value": "6144:ORjVjPLm6tOWe/OyDj4pCxBHfuYKamVPyd:OqFWUIpCSY9mod", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688070897, "uuid": "7fe97655-9d9a-4305-b08d-350c42115814", "value": 284672, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688070897, "uuid": "efc6fad9-021b-4b00-97fd-0d0dc5ce36c4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688070897, "uuid": "455b4e42-ccfb-4474-b1ff-a69ce1818429", "value": "beacon_certutil.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b680c73d-16d3-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Mirai)", "timestamp": 1688080905, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688080905, "uuid": "ea911062-4f33-4da4-bc97-fd9d33315c7c", "comment": "Malware payload (Mirai)", "value": "1d18987c24c0e4d46b6fb83a1d41d6f8", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688080905, "uuid": "ea610abe-b89b-4a64-ae65-08183045d7bd", "comment": "Malware payload (Mirai)", "value": "be548a26d1b1bcc6e7e07a793a642e04fb0d316be6f6cae06af8e031f9c43b31", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688080905, "uuid": "a13b47f3-9181-48c3-b9aa-65484f0b8607", "comment": "Malware payload (Mirai)", "value": "de3107fa7f02094b82712d8c0700d01518ce5aa5", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688080905, "uuid": "f3aad268-ac61-4011-89b7-2d0141c718b5", "comment": "Malware payload (Mirai)", "value": "399534601945b6a315f7ec1b45b5b55ece892356b4a27e893078caac1fd8010c21d30fcfe6d35abd73c6cfb664300c82", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688080905, "uuid": "281179fd-5f7a-4942-a245-ccba04cd4a08", "value": "T166137D7BE4AE5E54D0460230B4689E341F13F6C493536EF71EAA82A15487AECF905FF8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688080905, "uuid": "5901540a-97d4-479b-ba29-4b534b96fa45", "value": "768:WaRH4ge4hYyFDinQT3yMILrzCidemTC3o9C7N8C/ww:WaRYghh/FmnQyMiqidbTf9e8C/x", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688080905, "uuid": "f78f1346-7ae3-495a-a730-111e8e7aaaea", "value": 41980, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688080905, "uuid": "f91c256c-fd22-47a9-8f7b-9653b16e6fe8", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688080905, "uuid": "61fd6d92-156f-4290-ade8-faef8494f257", "value": "1d18987c24c0e4d46b6fb83a1d41d6f8", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5224627c-16cf-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1688079018, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688079018, "uuid": "9ab6e9e4-c5b0-4968-842d-2cbb42c01371", "comment": "Malware payload", "value": "a9eb67fc591f3cc644925a3200367f48", "object_relation": "md5", "Tag": [] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688079018, "uuid": "4827f687-7085-4bca-899f-1bdfab2f4538", "comment": "Malware payload", "value": "bee1ced511ee04f45aae72e6a4b17ea25a96f292e9fb04e3acb350741a9b0a37", "object_relation": "sha256", "Tag": [] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688079018, "uuid": "2d51c646-28f3-482e-a2f9-baeb3c68aaf5", "comment": "Malware payload", "value": "490ce5d31d7c9fd595b425888d1de51f977d01fc", "object_relation": "sha1", "Tag": [] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688079018, "uuid": "f6c6e235-e81c-4016-9b66-6e5181440792", "comment": "Malware payload", "value": "835652e98506c15948701d403b842f7fed26ffc0a89402eb7cdfd7d0d7e14a02b9c89bdd9f8ac436c1c1c7addeac41cb", "object_relation": "sha3-384", "Tag": [] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688079018, "uuid": "fc0c61d7-bde9-493e-aba9-3c0b17fdc533", "value": "T1C443F855F8818B22C5D4027AF92D118E332367E8E3DFB2139E116F247B8696B0D37E56", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688079018, "uuid": "0808a61a-0936-4995-bcd2-0356d0804700", "value": "1536:RJng2Ke3tTQZoSgLyUpjaLX3ez7IMix3JihBJ:Y1edT+dCMn3JihBJ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688079018, "uuid": "14ddfb66-5cfd-451b-ac22-4594c689aafa", "value": 58676, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688079018, "uuid": "555fe8b2-0402-4f2e-809e-30db808156d4", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688079018, "uuid": "49129325-13ee-4785-9787-bf49b774b60e", "value": "arm6", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "715c59e3-166f-11ee-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1688037839, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688037839, "uuid": "a17bc989-7f36-43e8-8270-aef35a5b9d1b", "comment": "Malware payload (AgentTesla)", "value": "53936c64c2d868d1db74df705cfd45fa", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688037839, "uuid": "e62f02f1-ccfb-44ec-abdf-63afe28087f0", "comment": "Malware payload (AgentTesla)", "value": "c1843b3fc059010d0e369fea128318544aa9f05decb8b4b9db5e77ab91c0f74c", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688037839, "uuid": "eddcd82f-3d07-49c4-9470-cf46a26f42c6", "comment": "Malware payload (AgentTesla)", "value": "90e906fc198071940b113278b07a43cc9b36bfaf", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688037839, "uuid": "fe0a875a-30de-49ec-917f-eca8ca693826", "comment": "Malware payload (AgentTesla)", "value": "bf128d79bcfac1a3eeff285de4103370206cdd637c90c942c30874dbb79ab399233ad7facd3b6ffc49f7851a545f2fc6", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688037839, "uuid": "fffdd826-2d3a-4dd9-9a9c-0ac12c26b24b", "value": "T167B4238F3513B23BBADDC9486892CE7FE0766986F5D58D9048CF0566E13FF978021826", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688037839, "uuid": "c4d1c2ab-adf9-44a7-920c-0660a776effa", "value": "12288:FdGLPXM/5SeJFGsWKAOKVm7sU/KGDa4F8kDTL:Fdf5gsWKim7rfn8kDTL", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688037839, "uuid": "c7f8d07d-f4dc-4eb2-a730-12fc3ddeb73e", "value": 530477, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688037839, "uuid": "563c4015-ebc4-4640-a9ea-cdf244b467ad", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688037839, "uuid": "32ca43c5-fd8e-4bc7-9bd2-01f1c9ba1a42", "value": "Bank Details.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a5cdd882-164c-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1688022895, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688022895, "uuid": "188f9c42-2757-4ce6-af50-9836edbc42e0", "comment": "Malware payload", "value": "90aa9056d883bfe16f148deb933b548d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688022895, "uuid": "9a932234-42c4-405d-8411-e328126eb055", "comment": "Malware payload", "value": "c1d607b02532a9b740e64e0a2ca08ecaf33508235811cbc90c9df10d6b09b0a4", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688022895, "uuid": "45d3f074-5586-4a3e-afcb-1573d42bb05f", "comment": "Malware payload", "value": "acb9dc90798e1edf2ca992e020d0f7c5dd327833", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688022895, "uuid": "695f3cd1-fe35-40a9-a54f-9a1aa0945b44", "comment": "Malware payload", "value": "fd30252246ae85fc3287d5c3d62f431c332da752cd61fe59c15441943d8a8a729aa338f9b54d1ea759895d7a5dd08e9b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688022895, "uuid": "5ec926c2-e42d-4d66-ac8b-7c223428df64", "value": "T121352364FCC528DDDA3ED1F40D71BFA95C696C2544220FC8AFA8B60E827E5245A7C06F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1688022895, "uuid": "787c123a-6459-445b-8e12-0e89c171b65f", "value": "b9083dd82a429a49d949568d3647ca0d", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688022895, "uuid": "2266786d-a88b-4c3f-a09d-eb8077cb8f5f", "value": "24576:PhloDX0XOf4lLZPs0AX0DkOou268noAgCl3KF4LnPoP:PhloJf6FFAX0DkOjz8o1ww4E", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688022895, "uuid": "d548aa80-94c1-449a-adeb-f07068cad16a", "value": 1155072, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688022895, "uuid": "2b0471c1-14e2-42d9-a7be-6a36b0f24049", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688022895, "uuid": "db0b1a63-6084-4c8c-9ee7-2dca8f227fd7", "value": "90aa9056d883bfe16f148deb933b548d.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "733f96e8-1626-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1688006489, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688006489, "uuid": "b86f08d9-c2c6-4ad2-9672-cee9e8b6fbd4", "comment": "Malware payload", "value": "38007ec681ac5c92dbf6ee9004a94c54", "object_relation": "md5", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "stalkerware", "colour": "#D7AE0D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688006489, "uuid": "edcf0b5c-fca1-4075-bbc6-3b0f76e5e397", "comment": "Malware payload", "value": "c29fef7ae07b6209b608bd91a9704594c587d7bb846181d3a8df7a37803f28f9", "object_relation": "sha256", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "stalkerware", "colour": "#D7AE0D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688006489, "uuid": "44eb9603-8164-4c46-b144-c01423062388", "comment": "Malware payload", "value": "4395fb4e1c9d2e5aca059f00ed7a9e6b69366e8d", "object_relation": "sha1", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "stalkerware", "colour": "#D7AE0D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688006489, "uuid": "874f146b-866c-4779-84c1-c92bc8163cee", "comment": "Malware payload", "value": "f138e874bc3ac505ba561172d9fe36169a74cf7404834fbc29d8e6dce8c079f4e65fcbca56912eeeaa5d54d09ea51a5e", "object_relation": "sha3-384", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "stalkerware", "colour": "#D7AE0D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688006489, "uuid": "e15495a0-6cf3-4797-ad93-76090c6f4e91", "value": "T15AE5BF86F768EE2FC87770720DA65231566A4C128A83978775483F1D78776E80F8DBC8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688006489, "uuid": "133ac72b-7fbc-4934-8771-bc4f07ea435a", "value": "49152:FJZOgeKKOSbZ7aYE3w192tI+qIhdE4mi7z7q8X6huMBLCrQVBOO6o:FJcge1nF+YZms93tBLCrQVBOc", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688006489, "uuid": "0696dfc6-1927-463b-a4e8-3032bcb44a98", "value": 3061596, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688006489, "uuid": "de1d6c31-b418-4c79-8a1e-4ff55de9ff51", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688006489, "uuid": "9909efa6-8626-42f7-928e-f8dec3aecfe4", "value": "Cerberus_Wear_disguised.apk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5a3aadba-1673-11ee-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1688039518, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688039518, "uuid": "8b44208c-aac8-43b2-aec7-6278940d096f", "comment": "Malware payload (AgentTesla)", "value": "d86375909617016c7c31a0a9f68a85af", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688039518, "uuid": "2864700a-b74d-4460-b6ad-ffa7a7de5903", "comment": "Malware payload (AgentTesla)", "value": "c34e7d631363ca2e25efa585c43abffbbed3219195715a6f5f39a8b50f287127", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688039518, "uuid": "d9340948-1462-4c95-ae35-bf0ee76bf734", "comment": "Malware payload (AgentTesla)", "value": "694abab287802e6c0d6ded943d324535853335d5", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688039518, "uuid": "02333364-5bf5-4a07-9dd3-03fe25d7507e", "comment": "Malware payload (AgentTesla)", "value": "54fbf751c9a43cd5077fbbbcfcc5cbeedb76c97b7b3c26b27f0823c5ff13719bf40d68340e132bd187777479f4939ddc", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688039518, "uuid": "7cdce9fc-1b7e-40e9-bae2-cf276abb16dd", "value": "T1C75412D232C0C097EDA704B1592AD92717B34EFC54A1825F63C9BF693C761C1CA9E72A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1688039518, "uuid": "56e341b5-2ae4-48f1-81b1-71452ffaceaf", "value": "61259b55b8912888e90f516ca08dc514", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688039518, "uuid": "62aac2d1-6f57-49ba-afe4-bd975f8c153f", "value": "6144:pYa6BqUJ5kppEFINKIPm6ggF97LGj7kn9ogk4X:pYfRuppESSgo7k3X", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688039518, "uuid": "e1252821-6bb5-4048-99ee-8ea64f7624fe", "value": 281287, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688039518, "uuid": "39df323e-7542-4571-b214-86fdd033036c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688039518, "uuid": "59379465-b199-466a-987f-e10bdc6ffd31", "value": "New order 500384851.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0c6475a0-1655-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1688026503, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688026503, "uuid": "dc297071-b9df-4c6e-ab94-5a76a6106b90", "comment": "Malware payload", "value": "cde1e6e52d88f25b977ee2775c20da90", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688026503, "uuid": "5cfba6e2-847d-41e3-a3c2-99ea30823ccf", "comment": "Malware payload", "value": "c60a3dc5ebf562425740e1b942f17ee9aabd2150d8399213e810ae2f79fa776c", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688026503, "uuid": "73deeacb-cda7-4309-970c-b9637ace4afc", "comment": "Malware payload", "value": "0cbe5f589ce1b026703cd6496eab7511bb29a640", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688026503, "uuid": "dcb042ee-bb93-4e74-a69e-9eacaf62a066", "comment": "Malware payload", "value": "71c572191c87ce96fa29b75676da1707eeaf18894317dc8f49a8a4e8df801c8f63e6f54046d420a892cc0193d4cc0f57", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688026503, "uuid": "23d34d80-7181-4c41-9fc6-ec6fa941bfc5", "value": "T1F6B4F1201BDA9BD4EBD98078C0F05A5D9764817B520BCFB7FEC294A94B9324077C46AF", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688026503, "uuid": "85020e71-0288-4fc4-92bc-87c500f8c1aa", "value": "12288:+3nKJadW4ibp1+deZ/vixO8qE1RqS78zAaj7NEC:egaObp1+IZyvqqzoz9B", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688026503, "uuid": "d49f2174-8158-4582-81d8-e2b80183c49e", "value": 496656, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688026503, "uuid": "789af582-d2db-4568-ab12-8b98c92ee820", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688026503, "uuid": "7ba9ede3-75f7-4715-b14d-6b3cd4a76751", "value": "file.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1ef4322c-169b-11ee-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1688056599, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688056599, "uuid": "6958104e-ee29-4c6b-b1e6-669d3029cf79", "comment": "Malware payload (AgentTesla)", "value": "064632b969185ca5518a8799981a105b", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "z", "colour": "#C882CD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688056599, "uuid": "8643026a-d877-46b5-9b62-fd073178b40c", "comment": "Malware payload (AgentTesla)", "value": "c67bb975725eb686c0f0f3e3f18b80259cf1251cecee48db1966e7c9d285c173", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "z", "colour": "#C882CD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688056599, "uuid": "b375f781-16e3-4d0c-bc97-ce49e16cf1c0", "comment": "Malware payload (AgentTesla)", "value": "eec9f4384a319d8560f1ac492aa9c30c53d1524c", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "z", "colour": "#C882CD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688056599, "uuid": "805b9aa8-8897-4a92-9816-18d1c391bcb4", "comment": "Malware payload (AgentTesla)", "value": "dd5f7281a8aee3b40dfda2aacf4c14ae2f04456d914f1623e909b98865f0d0b8561263620708de67c282b3a5d4e210b6", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "z", "colour": "#C882CD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688056599, "uuid": "4eedce83-030e-4408-9a91-b3b9421df752", "value": "T178B423AA226700D0C464727B073F1D4BFB6AA45F13C94F9E19DDA61B18E91CC2F616B3", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688056599, "uuid": "f82f38e1-796b-4448-9726-c75deb284afe", "value": "12288:z9AKEplhs72tix2xT8PE6XXFJveG9sRcIZzcb:z9AKnCt8PEOVo2sGO+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688056599, "uuid": "f26b83cb-3881-443c-9591-879e621c17bb", "value": 533307, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688056599, "uuid": "04e9a966-24a8-4b75-b23c-9f28d776cd84", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688056599, "uuid": "ad092810-d310-41fb-94bf-f29e54e6ab39", "value": "RICHIESTA D'OFFERTA A EDILGRAPPA SRL_PDF.z", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1a07b664-164a-11ee-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1688021801, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688021801, "uuid": "b75830d0-aaf4-4ac9-bf0c-85b1071c2427", "comment": "Malware payload (AgentTesla)", "value": "a5c51ec75884d3a5343cb6e05017db82", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "arj", "colour": "#A79FA5", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688021801, "uuid": "9245c0ae-0747-4c47-a22b-6d3c4628a8e1", "comment": "Malware payload (AgentTesla)", "value": "c772fe855acf18a3e385e71ba8acae670aef370c7495bcb0075518707511f1ee", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "arj", "colour": "#A79FA5", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688021801, "uuid": "cc0bb527-b662-4143-a840-a0d336a29b46", "comment": "Malware payload (AgentTesla)", "value": "b31752a65acc47867756beadbaa01a8d9337831b", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "arj", "colour": "#A79FA5", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688021801, "uuid": "3a2b7209-cc44-4563-8548-83b41c740dd5", "comment": "Malware payload (AgentTesla)", "value": "6eae02c275fde4ef13e48eb0da5f1422ac08c634ac95ca0a1fbe71c489cab01361a5d9244d4be6dff1c6e6de386f7538", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "arj", "colour": "#A79FA5", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688021801, "uuid": "fd7d9ac1-339b-463a-948c-61458e0f9407", "value": "T18FB423F8FEEB57707DCB225210FD19EFB19069989DE753803D68AC4DA5148C2A2B448F", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688021801, "uuid": "9e96212a-8773-4532-bc7d-d90c33e716c2", "value": "12288:1eDKXFWG9iDnkbcA9chLaTZthxUq1ETor7KtI84i:1CKVWG9iDzA9pxUquu7EI87", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688021801, "uuid": "3aaa0743-8ff7-4497-9126-9e2a4e77db80", "value": 496587, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688021801, "uuid": "add3ef53-bdfd-4209-a0fc-85a1d1e53100", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688021801, "uuid": "cfb50af7-93e1-422b-93c8-f0d0f71a2a85", "value": "InvoicePO1541973_1.arj", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7058360d-164a-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1688021946, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688021946, "uuid": "4c6af320-e05d-43e3-ac55-83b4cc0adaa0", "comment": "Malware payload (RedLineStealer)", "value": "78cdf3b9c25732723d3dda33f24b8eb6", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688021946, "uuid": "c7c9a261-52f2-4ef7-9228-54ea79c9b75d", "comment": "Malware payload (RedLineStealer)", "value": "c7bb516ffce734e561f4b1a7ddc9174b8c5b44f41c01e2cdb226374e8ab489b5", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688021946, "uuid": "68a2797a-20cc-4eac-981f-3672f32018b3", "comment": "Malware payload (RedLineStealer)", "value": "9b20b94b45c53b44097996c6e1b2577f5f9e7800", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688021946, "uuid": "aa0cab9e-3957-4885-a1f0-d36f12779c7c", "comment": "Malware payload (RedLineStealer)", "value": "25efb73671664dcff3fe16352f464cad9a8caaa13dc4b398d12ec3c3b07ca7a7957691b4bb72d1c93f30766d6f53a744", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688021946, "uuid": "1bf91b0d-0253-407d-8c23-30e260eb111d", "value": "T12A655B71F1D4DCFAE78302346CA5A0100AF39D946195938D34AFFAACFAB338634D955A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1688021946, "uuid": "f2467716-9936-453c-80d5-310f7bdca254", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688021946, "uuid": "de6e0321-dc2d-4635-be60-dc91e308a7fb", "value": "12288:D1H3wPfh3XXPhQu1/cX6iXdHdq1wCUMfH9YSRUS+Ku:5X+hHB1/cpdHdq/UMfdTPM", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688021946, "uuid": "47886561-a603-4078-94f6-11114c26a413", "value": 1539952, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688021946, "uuid": "8f7dd09e-3cc9-4786-b026-15204d0e0495", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688021946, "uuid": "6629cd5e-5561-479d-8e1d-a5296313cfac", "value": "78cdf3b9c25732723d3dda33f24b8eb6.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "873126d5-166f-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RustyStealer)", "timestamp": 1688037876, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688037876, "uuid": "f4e7e34b-a96a-484d-9183-e2fb769e704f", "comment": "Malware payload (RustyStealer)", "value": "ed1f9d8e6b890839bfcc8f95660874bd", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RustyStealer", "colour": "#889E80", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688037876, "uuid": "4ff39b7a-223c-4ea0-a99e-4fbafe4be35a", "comment": "Malware payload (RustyStealer)", "value": "c7e64151c3fd1fe8f282e6e2f5843c6fa0fe843c1430308220bd094e6fdedf1d", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RustyStealer", "colour": "#889E80", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688037876, "uuid": "960f8f59-a256-4ac6-96f8-663060152f9f", "comment": "Malware payload (RustyStealer)", "value": "056a14b86d159f5502d717efc8b330069baab390", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RustyStealer", "colour": "#889E80", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688037876, "uuid": "41e50f5a-2454-4cc5-a973-2ce8f57f8699", "comment": "Malware payload (RustyStealer)", "value": "a3c2393278f0c0a13eb6304796e99ba3befa953e922c91def7c7f4c75e791b0146d6c908879d2f198475675223f52599", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RustyStealer", "colour": "#889E80", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688037876, "uuid": "e93ffdd5-bad3-4b28-83c3-a477bfcc314c", "value": "T144466C11DCE42AF0EBA79A75409E212937323E29C315CBB30876B3B59DB3295FE07654", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1688037876, "uuid": "d6d59e7d-2ec9-49d4-bbdc-f90c139cfc57", "value": "892887665495cb18ef9b287b736ebf6f", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688037876, "uuid": "9ae097c7-f9f8-48a7-8881-b18e448714c2", "value": "49152:lFy4B0vBFrXl+DQiV88dlAp8kM460QP5oxSKTeWjGOVSWCjuofTXDs+6+oiFc2K0:BUG00VXW8mjqXSulSh8vSgeoqe", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688037876, "uuid": "98c9f787-4ff9-4e2c-acd4-e2a7a6097589", "value": 5786820, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688037876, "uuid": "2a6077bb-86ae-4af7-961c-3c22f374928d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688037876, "uuid": "73621b1a-c33e-492d-a29d-74963781bd82", "value": "\u91cd\u5e86\u4e91\u4e3b\u673a\u6545\u969c\u670d\u52a1\u53cd\u9988\u8868-2023-06-29.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "93af6fcc-166d-11ee-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1688037038, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688037038, "uuid": "8f2b6bf7-1920-4c74-9dd1-59312f137ecb", "comment": "Malware payload (AgentTesla)", "value": "a1dbcf02aee7989effee2506d10c6cd9", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688037038, "uuid": "28ff3afa-4cb9-4c14-b066-9e6b797b8009", "comment": "Malware payload (AgentTesla)", "value": "c822631e89dfa72f54732a1bf4fcdda08039fa4f1ca159ea7d423c2d1a0bb630", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688037038, "uuid": "719b9352-83e9-4071-8b91-d0a36abe3cb3", "comment": "Malware payload (AgentTesla)", "value": "584d04fe1894d6e7aaa4c13d5b5baa894d458da8", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688037038, "uuid": "49741959-c06d-4c19-95db-f409eeaf609a", "comment": "Malware payload (AgentTesla)", "value": "e28b8c94f4287d1c9e842a7598bcfd8b902096d74c4412f2eebb592378e368466e39d2259f6a2637a0b158fd73e2e9d5", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688037038, "uuid": "cc421635-5772-4d20-9c80-ba9a4dfe4531", "value": "T184B423993A1AB591F4FF00B8F9FECE20C17C57C107150AF5B7421E5EC7A608DA44AB55", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688037038, "uuid": "e5ac3987-6106-4ead-8235-b1b1e2f14510", "value": "12288:+JZFwtFn5CcLOUz+AQjNyTT9PRnYzVcq2H8:+9wtvCcHQZyT15Hqu8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688037038, "uuid": "f4c1671f-6833-4135-bcd2-88d0d85572e3", "value": 527415, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688037038, "uuid": "750dae24-7e92-4c70-9d66-dc38f1be6d8d", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688037038, "uuid": "ee35ef1b-d6c4-43a1-a49c-b3f9b07c8745", "value": "ORDER 720085911.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "dd5a3a24-1649-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1688021699, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688021699, "uuid": "5758dc69-6331-4f64-b7d8-5f9c7ee55cad", "comment": "Malware payload", "value": "e848fb3dab7edf33afb1bad9112db71a", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688021699, "uuid": "7a550f53-f590-482c-a368-8f9659bb2417", "comment": "Malware payload", "value": "c8493934f0dd166261ed81364a751fddf7dc9c2f44599628f61a3d31abd2df2a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688021699, "uuid": "89b91b6e-1f02-4595-aa03-0a5bf40fb649", "comment": "Malware payload", "value": "55c1f087154844694d944ce0b1b449b9c48070fe", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688021699, "uuid": "8c0ee23e-8ab6-4477-a13f-86c9cf720abc", "comment": "Malware payload", "value": "ae1d0e7b82033332315260bef8394c6f9fa924f298248290e959fb2631215887082e57a0c63dd50b97d742216b7f1169", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688021699, "uuid": "31c6595b-3cb4-47d1-814b-02c09e1dee6d", "value": "T1CC2512027EC599B2D1730D3316656B21B97DBD205F79CEEBA3D02A5DDE221C0DA313A2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1688021699, "uuid": "4d428171-e252-4078-b5ad-9bb82703e25e", "value": "12e12319f1029ec4f8fcbed7e82df162", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688021699, "uuid": "87210749-48f6-453c-9c0c-df81ca025be8", "value": "24576:2TbBv5rUyXV1XnlaQO7giDuhHGjxxzvPqxZuRrImsVngXj042:IBJ4DgHsxxzaEsGz0x", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688021699, "uuid": "9d8ca3c8-026f-4f10-ada8-241049c8d3b6", "value": 1023759, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688021699, "uuid": "84a94d8d-05d7-4c93-bbdc-d38ff5735f01", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688021699, "uuid": "05291ac8-557c-4bf1-a8ac-090806273660", "value": "file.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "52fb37a9-16cf-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1688079020, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688079020, "uuid": "420abb6f-b425-4f85-93c8-b8e8bc92d079", "comment": "Malware payload", "value": "d6542e04a1f734dd5c7ade9dc0859283", "object_relation": "md5", "Tag": [] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688079020, "uuid": "ffc069b5-9fd1-45ba-9e61-2610f1418db6", "comment": "Malware payload", "value": "c8a5f3eddc9054111d33f4ad6b958a0f921b9f3c409e04ebaa3ef8dfffea4918", "object_relation": "sha256", "Tag": [] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688079020, "uuid": "40568313-1eb4-4796-86d3-c793f404d174", "comment": "Malware payload", "value": "6af379d4977b4ddfb7cf897d5ac1dcc7df4540ff", "object_relation": "sha1", "Tag": [] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688079020, "uuid": "127bf17e-ffdf-4bb0-9065-a7b415d6463c", "comment": "Malware payload", "value": "b18d72b0a3554a44bb8907a484749c94dcc2e5e0807194d5e914bc0a8050bd7bc603006fbb3b320d83a348504a65ff27", "object_relation": "sha3-384", "Tag": [] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688079020, "uuid": "2c61d472-b5ec-4b05-b22b-7a973de71a0a", "value": "T1A323E707F54381FDC09AC274066BB93EAC2275FE1238F2B67BD4A7226CD5E225D19C46", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688079020, "uuid": "30285519-c000-4ee3-8907-b4434119f6d6", "value": "768:vZCLNaOGW6bQHT9XmB3OIB/c1cV9KFf8D+wdYFmuqpjik+5jvI04Wx2fEj1srKhN:oLYOGW6bq5XmB3OIB/c1cvK++JMBFCIT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688079020, "uuid": "7327bd07-dedf-498e-be05-a54c5fe50df6", "value": 46336, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688079020, "uuid": "24c2a7a6-2f5c-4f97-b956-490857309a30", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688079020, "uuid": "76529a45-73f7-40f7-b810-c47d7e3fb112", "value": "x86_64", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5eb4a6fe-1675-11ee-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1688040385, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688040385, "uuid": "9ebff432-3e68-48a3-85b5-4116b541dc7d", "comment": "Malware payload (AgentTesla)", "value": "a53cd85a197fb62a0fb0fc18438f5d42", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688040385, "uuid": "e7b8816d-4306-4042-99b7-ed22d68147a3", "comment": "Malware payload (AgentTesla)", "value": "c906a3041425da5b92aca8c125d3d9295839b5edd1bb17b22fdd80f1f18a1293", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688040385, "uuid": "1632aa8e-a16c-4804-9e8e-1622a0d8b845", "comment": "Malware payload (AgentTesla)", "value": "b3b4d5698d8029e6839ea5b94a00057d98204570", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688040385, "uuid": "94f7109f-3e0a-4768-9a18-dae6322a3e2b", "comment": "Malware payload (AgentTesla)", "value": "c5e59e7f19afebe6a434c503063bf8d8b1bb7e2364fae7e59875c63c0a10f5e85425f94a4d8e789309f54c35b98590d2", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688040385, "uuid": "afa0c68e-618c-48ba-b9bb-d5a383953c7b", "value": "T1FFE43738297DA327D174D7B18FD18427F354D92B3022EAE56DC367E64226B112AC363E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1688040385, "uuid": "81df7741-5c1d-434c-93fe-a0e15653f53a", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688040385, "uuid": "23e3cd8d-2b06-4d4c-bce8-cb233166a4b1", "value": "12288:nVp0K8s6owWFpEYFYPnVB2eXekv6caLhCNPa5B:nVp0K8s6owWFpVUnWzkihC9aL", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688040385, "uuid": "47cfd36e-0c9a-4bfc-8ed2-5058dbfeb254", "value": 677888, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688040385, "uuid": "bb341895-9157-40aa-ba8e-7b2fe5b9b105", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688040385, "uuid": "a1e07725-6c6a-406e-84ae-3b69e940e7a3", "value": "Quotation.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "666bd97c-161a-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1688001313, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688001313, "uuid": "a76df560-8e68-454a-9351-598cf7d8337f", "comment": "Malware payload (RedLineStealer)", "value": "c346c2e0e1739a580296cf18b1057ea3", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688001313, "uuid": "5b102037-c591-49a7-895b-d1c2ea6555d6", "comment": "Malware payload (RedLineStealer)", "value": "ca02944478f78ee5a8bfa486bb50f7914226bb2bb2d83ca1aaf5d9450ae4ce33", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688001313, "uuid": "50f011b8-2b0c-4838-8541-09a3a412cd85", "comment": "Malware payload (RedLineStealer)", "value": "7e919e88f146eb7261b22413ec9cc7297c1385da", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688001313, "uuid": "f0a7007d-f0d8-4daf-92ef-0421fb6d4e84", "comment": "Malware payload (RedLineStealer)", "value": "10bb46ba614110aae60044e342bf1cef70ed962c920bd6ab5810782492b882f7126266410e1f2315aa50cb239b923bda", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688001313, "uuid": "ac9afb1e-e75c-450d-98e7-cbcb110bc78a", "value": "T16764D04A72A520F9E473923488618A57F736781617305A7F07E44B7A5F23790AD3FF22", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1688001313, "uuid": "0ef16330-226a-478f-bb97-161febbc15f8", "value": "962d0af2cca3bad764481c0661c7d481", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688001313, "uuid": "89605892-f831-4e5b-863a-6cc003ed1d09", "value": "6144:6pqulMzUFUArvVorjXPk82ohParRmxW3JG7HXFcjki54rW/MeTZ/O:nulMzUFHvSrj32oVarR+W3JkF4kgB/MD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688001313, "uuid": "cbc5cbe4-a03a-4d0b-ae05-ba97bd102ca9", "value": 331392, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688001313, "uuid": "982d51c0-eaea-487a-9f98-edd320ed3d8a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688001313, "uuid": "0d31dc90-1659-434e-a511-3654f2cfbe27", "value": "c346c2e0e1739a580296cf18b1057ea3.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "40abddd3-1694-11ee-b3cf-42010a9c0076", "comment": "Malware payload (IcedID)", "timestamp": 1688053649, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688053649, "uuid": "549343c7-6a3e-4643-921a-544c2142a2ad", "comment": "Malware payload (IcedID)", "value": "54adcb3b1634f550ef28a40cd2aca173", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "IcedID", "colour": "#819B92", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688053649, "uuid": "8dc70616-ca2e-4540-853e-89f6380c9ef4", "comment": "Malware payload (IcedID)", "value": "cac9f1a4a90d9f292bd7f5b33c7fedc9622e5d2921c8af41bf11ca31d0b9d92c", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "IcedID", "colour": "#819B92", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688053649, "uuid": "0f4c630f-016b-4c57-abc0-2957632d8068", "comment": "Malware payload (IcedID)", "value": "22a56f1458042fa84b7516aaa3fec73b07bff679", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "IcedID", "colour": "#819B92", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688053649, "uuid": "ed14dbf8-e727-4537-b028-abdf9f62038e", "comment": "Malware payload (IcedID)", "value": "6aa39d23f3e7b85698d32658ec35b42ed3e0b13e3931f73cd4926a45b8bee43d17f69d517f54de41428dd03e6aca9adf", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "IcedID", "colour": "#819B92", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688053649, "uuid": "d900c274-93f1-42fd-8409-3aa8f5870496", "value": "T1E6D5C112DCD2EF97D93C4439DACB886569A6E5803B863D07B74E896030237947BD3B2D", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1688053649, "uuid": "886196a9-3ef6-492d-b211-fd9bc3910657", "value": "08ece2b1700596744480c3e95a25d19c", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688053649, "uuid": "c923e382-0e8b-4aca-9982-051625a425ca", "value": "24576:t6CnOOosV/4g5WKBmMHm4RRE0ro4q0DDv3v3ObK+A6A6YVLm97rvZoUjqluNmnQQ:t6o+sVAgLBwx7wnis6A2toUjFDxEWPQ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688053649, "uuid": "ddcc5e8b-663c-4e6f-8e7c-1ba8e59b8d5d", "value": 2941480, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688053649, "uuid": "d1c26ac3-916a-43fb-b536-14bb0757c055", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688053649, "uuid": "a88b7ca7-3766-4ee9-b9af-ee1be66b0372", "value": "Scan_06-28_INV _70.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b3015fd8-16d3-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1688080899, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688080899, "uuid": "697d05f9-bcb5-488b-9840-a948760b3cb0", "comment": "Malware payload", "value": "90c3b6232af48e5b48f6cdee2253d894", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688080899, "uuid": "d7a3f96c-d185-4197-a943-bf05df173963", "comment": "Malware payload", "value": "cae32ab850342db383244c1caac2179e7532fd77e5e2581e0504991e9c6d48b2", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688080899, "uuid": "d54ed368-7c74-4a08-a3e4-6590af704672", "comment": "Malware payload", "value": "bdc46c650a07cc5314e69fcb7c66d50695463686", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688080899, "uuid": "36fdc92f-9c5e-482a-b97e-59ab6383e9c9", "comment": "Malware payload", "value": "c3c7f397219e7550176ef828ee8878fed236865c8f25a4fcae3c0ac6da98caeda8c27af45a9ab2c554c1d6767e9704b4", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688080899, "uuid": "427f24e7-d19f-4ba4-9ff7-058e72b69aa4", "value": "T1812318AAF8018D7DF95BE77E54064A09B93163C152831B2A17B7FEA3BC3315A2D12E41", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688080899, "uuid": "9e464f7d-dff2-477f-beea-21f440b418bb", "value": "768:OkM0CesRddxT8Fisa2FXsAxJBSxuydjxDEMYwbP4q8DjlG9:zM0CNT8Fis1FbSgyPDEMDbPj8DM9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688080899, "uuid": "bcad7bd8-6c09-455a-8356-65914b13d76f", "value": 46680, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688080899, "uuid": "8387da0b-be6e-4bb5-a726-c5cf76944ca8", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688080899, "uuid": "51ca7cc0-3ccf-42c5-8928-008a8249aef4", "value": "90c3b6232af48e5b48f6cdee2253d894", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a71e40dc-166f-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1688037929, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688037929, "uuid": "7e1c67d6-23e7-4fd4-a89a-af4e791ae832", "comment": "Malware payload", "value": "1bcafd1e3425caea5778770e87faf07a", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688037929, "uuid": "f41ae221-cb9e-4f6e-a8e3-fb370c6caf8e", "comment": "Malware payload", "value": "cb4257531a81242176d9921778a8cc95dcf6c592563f97ccc0e7788a3cafc6e9", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688037929, "uuid": "9eace68e-2997-42e1-bff3-0c3ae588da17", "comment": "Malware payload", "value": "787c17407cbb2f23be450e7441f5d6210b826fe0", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688037929, "uuid": "5d2bd8e4-cfbf-4fbb-844a-09a09117df3e", "comment": "Malware payload", "value": "7818067efc0012d12ed0c0150e1f2c9b08590f40031100afd985d17564c64fcd922c520782fc5232ab84ff94e282fb74", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688037929, "uuid": "c31f933a-7ec2-4b3d-ba29-21f01f811d1b", "value": "T135768C43FC9561A8C5E9D230C9719262B6707C881B3437D32BA1F7B92A72BD46F79390", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1688037929, "uuid": "746b131a-81d6-4ee8-9bd7-1b620d9735a0", "value": "f0ea7b7844bbc5bfa9bb32efdcea957c", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688037929, "uuid": "2bc6dc40-8520-43ef-89ff-114353c1abb1", "value": "98304:7J3Nto1XEnj7zNZYf3Edui1fSWwI4HOG8GI:7ZSUDX7ofNI", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688037929, "uuid": "0f2fe9b4-4b85-48a0-bf04-43138e9dea03", "value": 7315968, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688037929, "uuid": "2adb4098-3823-4926-8d72-78203656aa8d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688037929, "uuid": "136c686d-de4a-453c-bec5-bb7b34d9e16c", "value": "cb4257531a81242176d9921778a8cc95dcf6c592563f97ccc0e7788a3cafc6e9.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "40cadab9-1642-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Mirai)", "timestamp": 1688018430, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688018430, "uuid": "5ccb555a-ba30-4245-bf4d-5ded2a202c6d", "comment": "Malware payload (Mirai)", "value": "219c5573c5acaf2d8b4c8d6484b14aef", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688018430, "uuid": "13b814f9-f3a2-48ee-8163-977fb22de4f1", "comment": "Malware payload (Mirai)", "value": "cc4dd8b45f21eb05fc88948235687bceaa59db7cabef0e3e097257d2b3abd472", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688018430, "uuid": "3b2231f6-f715-40f9-b206-0f0158e64053", "comment": "Malware payload (Mirai)", "value": "46e5a201a40ecfefbb9a5f27282ad13ddda3f147", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688018430, "uuid": "9606402f-ebd2-4d18-97bd-c151440cfbd7", "comment": "Malware payload (Mirai)", "value": "796a7c40ad4f21fe3213e6972a25924213ff89aa4332af02c5fdf5549a2d419847aed18d8f5efbaac517ef858279016e", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688018430, "uuid": "fc1cd839-1577-44e1-90d9-65944a0f9264", "value": "T12AA2E021BF1DE98FCC37B278C6E9E5C692D07D64D3DCC9466781C11FABA36846820E46", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688018430, "uuid": "e9194023-42fc-4787-9fbe-55384e75a2ee", "value": "384:Mg9Lpj8s/qPui8uZxoIA57RWQjJiEVi+ZkXaQNAr8vcoBAvP+qNV+KLebRt2Sy8:798o08kxofBE+ZkXaT47C2EpitK8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688018430, "uuid": "cf83e1a4-db9b-412f-9be6-a2df3203c8a1", "value": 21500, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688018430, "uuid": "cbf3f976-fa55-44eb-b96e-f5a0e3c749d8", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688018430, "uuid": "1c1a0c4e-594b-4281-89db-349d663279fc", "value": "219c5573c5acaf2d8b4c8d6484b14aef", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3f9a1fa8-166f-11ee-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1688037755, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688037755, "uuid": "1ffe53dd-7045-432b-80ac-19da7c43b966", "comment": "Malware payload (AgentTesla)", "value": "56d5f636af498809b811dd40614da783", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688037755, "uuid": "9b39cfc3-3987-4bab-b65c-ff4897f47d27", "comment": "Malware payload (AgentTesla)", "value": "cdef751e4e5097b1dbebf7b0a168995f39e09360a8dd45556e7c507e55401807", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688037755, "uuid": "84e0a5e6-9dc9-4bd4-a47e-759507ae8bf2", "comment": "Malware payload (AgentTesla)", "value": "2478f8309876952c3340763d4d12797bcb192ef4", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688037755, "uuid": "92cc5a88-7b96-4d4e-8370-bd852de2b18d", "comment": "Malware payload (AgentTesla)", "value": "65bc2d5d4a6846780c916d5f30c575557a434260f6531cbe888a30530ecb615ac45d545244723e18d060288da4e17490", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688037755, "uuid": "720b2a9e-394c-4c99-8170-85409ef5ef87", "value": "T1A0F4063C39B92E26C035D6B98FE4B023F2649C3B3921DD2559C257B507E6B9625C323E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1688037755, "uuid": "38bb0804-1ab2-4628-9850-6653c3962efc", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688037755, "uuid": "aefc07ab-d8b3-4aa3-88db-259695bb1fab", "value": "12288:lmRoMJHSN4r9JVSy6F8WyEIGgWCgNEzKQ/Xnc/jR2eTC:8H/pJMy9NEuWCgNWKQ/Xnc/jRc", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688037755, "uuid": "7f64d50a-eddb-403f-b5f6-3a505c3b5e4c", "value": 783872, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688037755, "uuid": "4bce7580-580d-4baf-b0e2-fbb8d41bf943", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688037755, "uuid": "747822c5-8ffa-4145-a6ae-062e67e05919", "value": "2eUAFqinCdZebqf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b783fda0-164a-11ee-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1688022065, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688022065, "uuid": "a760a143-797e-4f10-a640-15cc190b8936", "comment": "Malware payload (AgentTesla)", "value": "f05456c642ed8065b6d0adf7cb8f9106", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "CVE-2018-0802", "colour": "#AB286D", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688022065, "uuid": "c567482e-4f30-488d-aab2-741dd15edc92", "comment": "Malware payload (AgentTesla)", "value": "cf19804e81842106739482f5559a78313c8fa2792c33bff9c45d1fcda39b343d", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "CVE-2018-0802", "colour": "#AB286D", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688022065, "uuid": "eaeff175-1577-4c98-a594-d2d7b41e42c7", "comment": "Malware payload (AgentTesla)", "value": "f3f1aeec84c721cb36e114a8094584307054a746", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "CVE-2018-0802", "colour": "#AB286D", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688022065, "uuid": "e4a8a2db-e8e0-4c2f-92c3-25f5ac0c9622", "comment": "Malware payload (AgentTesla)", "value": "fe445d34449d62c71d478d821cee9f3a2f1c09c08b98be7a4cb7fb297fcd4ceb2d75b9580e271af2e1192b141685c3ac", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "CVE-2018-0802", "colour": "#AB286D", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688022065, "uuid": "6341e005-3ad4-451b-87fd-57d4ecc44f27", "value": "T13324F21A71858807FD1063764ED1C697A2DAFC026BF6CA8B7194F31F5B397C0461AB8B", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688022065, "uuid": "7b279864-3b3a-4c1b-b0d2-bd2affb79136", "value": "6144:G6Z+RwPONXoRjDhIcp0fDlavx+W26nAWqvBhBi0pnRrk5jMVWltEg0S:GxvZi4rkKVWlOZS", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688022065, "uuid": "16bae31a-ed1a-48e9-b690-f8f1996cf678", "value": 214016, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688022065, "uuid": "75839ada-c851-4fbd-8e97-1cb1e24e61b0", "value": "application/vnd.ms-excel", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688022065, "uuid": "a01f08e2-f9a9-45d6-bfa1-736353309bad", "value": "PI.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b7e19311-164c-11ee-b3cf-42010a9c0076", "comment": "Malware payload (GCleaner)", "timestamp": 1688022925, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688022925, "uuid": "3bb796c5-9935-40ec-9d16-b093698f98e6", "comment": "Malware payload (GCleaner)", "value": "6ac4154618987a2aaa46e8b908008cfe", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688022925, "uuid": "008090ea-7764-4d22-9e93-d858edf57ec9", "comment": "Malware payload (GCleaner)", "value": "cf898cecab3b58d6105490a79fc5343e30b6113997664b49c4877a7dd51524a6", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688022925, "uuid": "f9ec32cb-c09b-4cff-a0d9-d000cbfc66f9", "comment": "Malware payload (GCleaner)", "value": "7ee26c87b5748f9825f71d4557d4d2093fdceb8c", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688022925, "uuid": "753747db-8356-4a7b-b52a-f8d0409a3d35", "comment": "Malware payload (GCleaner)", "value": "547cd6ccf446c7fd6e16dade40f3d7cdb9bf7f87d722b93f69e08c92a3292ebeaaf09014ad5124294f652bf19d94bab9", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688022925, "uuid": "e7e7f58a-bfc5-4156-a309-4835aa79d665", "value": "T196846DD3A2A07C5CF5255F728E2EC2E4BE1FF9504E0977959218AB1F05F21E2D2FA241", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1688022925, "uuid": "faeaac5a-e737-4e2e-8a79-8d3522d69653", "value": "c61bedf317f19d715278ea485f1b5899", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688022925, "uuid": "fab74d44-ddbe-43a4-90a0-d1986dbbf964", "value": "6144:4Hds5779yO+83tTttBc1ABv50W+tQFHPS6:4HdU79yO+eviuqSJ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688022925, "uuid": "0da7ebbe-d5a3-4d88-af73-756f51a90d37", "value": 398336, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688022925, "uuid": "462c2792-cc0f-4d2b-88a7-2ad1205c148b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688022925, "uuid": "ca044c9c-f710-44cb-a074-2f644e228715", "value": "6ac4154618987a2aaa46e8b908008cfe.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6dd533bc-1679-11ee-b3cf-42010a9c0076", "comment": "Malware payload (StormKitty)", "timestamp": 1688042128, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688042128, "uuid": "01e68071-c24c-4fdb-a6bf-a3510572f979", "comment": "Malware payload (StormKitty)", "value": "4ad372e2eadd9de51da7cd1e42e44a43", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "StormKitty", "colour": "#922AAA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688042128, "uuid": "6c35fc92-3602-42ca-988d-50242830e903", "comment": "Malware payload (StormKitty)", "value": "d0bd9a949008bd7b53aaf93d628840d3f838f2c2e5dcd44646e7cf90e2da17d3", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "StormKitty", "colour": "#922AAA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688042128, "uuid": "f60f0716-ff99-4ac9-893f-bf7fc0cd9e2c", "comment": "Malware payload (StormKitty)", "value": "bbfdfaac84bf51a844a3d48a5995ed5e1e35b4bd", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "StormKitty", "colour": "#922AAA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688042128, "uuid": "976e8eda-7dd5-4f35-a1bc-7c7fd20b4b33", "comment": "Malware payload (StormKitty)", "value": "c541054eeacced1ad28765a7f42fba1626f98bfa3e5045803348b324b48e9fb20011fc540bff02d2b9eb405ac431f9b4", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "StormKitty", "colour": "#922AAA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688042128, "uuid": "c88b8fe0-14f0-4765-ab27-b86b30eefb3a", "value": "T118734A486BE88740E1BE0FFD49B146255331A027AE26E35E1ED561982E33BD4DD08FE7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1688042128, "uuid": "d34db11e-67ea-43e6-8203-4b39a0ee6674", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688042128, "uuid": "097d68bc-359d-4e5b-b125-f531b82917c9", "value": "1536:8iQEmZf9qHBsuyVROoNqx/sLlR9DgqO7VNNtSIZF:8hEmZlqHhkRkeZTrO7VNNtSIZF", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688042128, "uuid": "7df53a0c-4fa4-4b8e-bd2a-1be803b3de9a", "value": 75264, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688042128, "uuid": "b9eba20a-4b15-4f93-8869-70bf877a5bc9", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688042128, "uuid": "4d871a2c-02bc-4a94-89bc-a5788d27549a", "value": "cargoarrivalnoticesea 1.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ce6779cc-1667-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1688034559, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688034559, "uuid": "31e18242-9ad9-484a-8110-45a1e75dbb0a", "comment": "Malware payload", "value": "6f1e8420ba7f5f3c5645b79b39bdbf23", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688034559, "uuid": "c3093896-4db8-4f6c-af6f-708367b1247e", "comment": "Malware payload", "value": "d0d86b4d778e1f8b305e27406aee1af02343bfb9855bebbffd6d44d1badc3366", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688034559, "uuid": "cf396e1b-2b1f-41cf-9cb7-108779d9268c", "comment": "Malware payload", "value": "9404973a4c9d6193f152d368481b23d44f364f52", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688034559, "uuid": "2264c130-b7b1-4133-bf51-233ce5b3cfca", "comment": "Malware payload", "value": "6fe38ccefb02de7ea544321ccda8fb121e9a3d5aaef7c3563bc02bc2559226533abaffcc9a7fddecf3ae615e199dd445", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688034559, "uuid": "58d3f115-e276-4617-bcb9-4ae3f5b983ba", "value": "T1F522B67A5F9A0D71C35149F870FEB91304BA6606479959D3CFE00C0E7CA42E62D31AD7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1688034559, "uuid": "ee822e7a-b90e-488d-96a4-4a015f466c04", "value": "eed76f52bdfc4695e3635fd281dbe35b", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688034559, "uuid": "dd42ce9a-1147-4183-9e9c-b7efa12127b0", "value": "192:26l2zATvBhZ7+5QnIQYe+qfaSd4n12Mu:Nl2z+uiDiSdS2Z", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688034559, "uuid": "5e71a6a3-005f-435d-aa82-4df3e97c8f3b", "value": 10240, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688034559, "uuid": "f45fa9ae-8c35-433a-b283-7bad1e6bff32", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688034559, "uuid": "46290163-ac29-4111-9ccc-a600b005ecc0", "value": "SecuriteInfo.com.Variant.Tedy.391406.28752.9200", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9da49310-1671-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1688038772, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688038772, "uuid": "e5270d39-71af-4f5c-b3fe-5dedbd253311", "comment": "Malware payload", "value": "dffb85c911b0eee445e4209574ab521a", "object_relation": "md5", "Tag": [ { "name": "file-pumped", "colour": "#D06044", "exportable": true, "hide_tag": false }, { "name": "solarmarker", "colour": "#1340D1", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688038772, "uuid": "14f277a1-93a6-4352-a4cf-3f3157c76d55", "comment": "Malware payload", "value": "d1440534562d40ff9708705f638e2dff40e7d82eb11d6c7fdf3ef20dfe4899a7", "object_relation": "sha256", "Tag": [ { "name": "file-pumped", "colour": "#D06044", "exportable": true, "hide_tag": false }, { "name": "solarmarker", "colour": "#1340D1", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688038772, "uuid": "2ce0cc5a-fff0-4e83-baa5-eb7cd609bd5a", "comment": "Malware payload", "value": "8bdc0ccbaa1b7f5275d991631369b8ae34bac3c4", "object_relation": "sha1", "Tag": [ { "name": "file-pumped", "colour": "#D06044", "exportable": true, "hide_tag": false }, { "name": "solarmarker", "colour": "#1340D1", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688038772, "uuid": "2ad091be-39ae-40b9-848f-f1e815b243f6", "comment": "Malware payload", "value": "5b34699e2e6a487c2aed12c32a8f200079689db1fb900c63116d68c0a99a9b6202fb54bdefd8302fd0d3b98e6404e881", "object_relation": "sha3-384", "Tag": [ { "name": "file-pumped", "colour": "#D06044", "exportable": true, "hide_tag": false }, { "name": "solarmarker", "colour": "#1340D1", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688038772, "uuid": "8e387ce0-1eda-4d2e-8f8c-6ec60623509b", "value": "T161F511F9B3F1D5C1420676D998A58DED44F05087EC9A87239BA347FEE201328F9B2974", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688038772, "uuid": "57d0a51d-0205-440e-a3e2-2f7e9fd66136", "value": "49152:qFuni4qjB9Povsexg0Seeekv/KPOTdqFjIfU7sGHtv6:bYPLAnSeedpqFH56", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688038772, "uuid": "a559cf28-1b67-42e8-970b-0652e3323d5c", "value": 3645252, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688038772, "uuid": "5bc58721-9e05-40f0-a6fd-1829fd22384f", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688038772, "uuid": "cc9f4bbc-bb2b-4ff6-b30d-407f078c2e23", "value": "11054056231.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c6bdc693-1672-11ee-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1688039271, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688039271, "uuid": "4cd5fbf7-c5b2-4488-ab7d-361181ee8e4d", "comment": "Malware payload (AgentTesla)", "value": "b7e4817bfc831705fbcae7c2edfcafcc", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "r00", "colour": "#8408D8", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688039271, "uuid": "a043fb6d-1aa0-4340-befe-39f61640d51c", "comment": "Malware payload (AgentTesla)", "value": "d44c2fdc11095eac5b1e8e8c3746d0194d389f1ddc2d501b8361b8ade5948539", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "r00", "colour": "#8408D8", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688039271, "uuid": "ac38af32-c579-40b4-8c65-c7cadcf96dff", "comment": "Malware payload (AgentTesla)", "value": "199a2ee6477fc7013c4e549b83c577f583bafabc", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "r00", "colour": "#8408D8", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688039271, "uuid": "18bbf800-70a2-407c-8171-1243b74c0df2", "comment": "Malware payload (AgentTesla)", "value": "c5e4fac2ec62e6d4dc79dfc3be867198cae7229a8079203310191b7c33c8843253340e1c1a82bbc181042a48767ed24e", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "r00", "colour": "#8408D8", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688039271, "uuid": "33b8c29e-1c7a-4e31-8290-b2a07f1a067e", "value": "T18AB423673B54B66D35A232F200A081A50C948FB956DFAC5B4BC6537ECF9A1C1CB1CBE4", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688039271, "uuid": "735543e2-635e-4596-af85-a8f0964ce550", "value": "12288:GnLf/bRdnnRNy8LgKAiOA+HglPrNgYnftcAIho00Ff0o6+:S/bRdjiKAiB+AxZftwi00R6+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688039271, "uuid": "711eff1c-5b09-4977-a6a7-88798fd65001", "value": 542197, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688039271, "uuid": "a2e17f1f-80e4-4dc2-9981-1b4cf3e06269", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688039271, "uuid": "da76dc39-cefe-4ee3-b3ee-f18671fecc34", "value": "June_New_Order_PDF.r00", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8df838e7-1658-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1688028008, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688028008, "uuid": "f00c51ac-dfb1-48ee-a380-d1f759473a76", "comment": "Malware payload (RedLineStealer)", "value": "c86be0608ca0a4b00158a845db672d6c", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688028008, "uuid": "9d8d1a15-abec-4d54-bdaa-7212cf959a9b", "comment": "Malware payload (RedLineStealer)", "value": "d7876da2f3ee12e4ae320e63b19ea683ac2f2f149add5df44daa876d3988e1c4", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688028008, "uuid": "07a78fc3-fb26-41a0-ac35-8750809bb194", "comment": "Malware payload (RedLineStealer)", "value": "ffe713b1baa73ca65e7c2a9b88b471f715308526", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688028008, "uuid": "351903e5-bbc3-42aa-87e7-6db4c4302623", "comment": "Malware payload (RedLineStealer)", "value": "bec2ccadd9a0ef6849e10e0b94d8e19de0eb637e3de67026b019a3cfb3520af719fc132be5f703aee8d103d93702f3ea", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688028008, "uuid": "1e998e54-fc45-4eb2-8756-faecc5fc3a03", "value": "T1C6945DD3A2A17D5CF5254F728E1EC2E4BE1FB9504E4977AA92189B1F04F11B2C2FB610", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1688028008, "uuid": "30bd37b6-e7e1-4539-b80a-35fcbd7c6534", "value": "c61bedf317f19d715278ea485f1b5899", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688028008, "uuid": "72bd006d-0625-4770-a068-9f3e5c17053e", "value": "6144:5HllgV77zjFlc/GcI8Xd8vnX+OqO74VQGjbWCfIewt0HNRCrMXsLcH:5Hllw7zjFlWGclQOn1VQsbZRwtERBXq", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688028008, "uuid": "e6874e7a-4c5d-430b-918b-588ccb47e85f", "value": 411648, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688028008, "uuid": "d7063389-2dad-459d-b3ce-af0999670789", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688028008, "uuid": "baccde13-4284-4522-ba12-8807a819d840", "value": "c86be0608ca0a4b00158a845db672d6c.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3dfdc759-1693-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Stealc)", "timestamp": 1688053215, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688053215, "uuid": "2c79b27e-a9b6-47bd-8f7d-2e9323a301a4", "comment": "Malware payload (Stealc)", "value": "a1cdc6a11edbf7bdd3c31798d99d20af", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688053215, "uuid": "dd8c7e75-5edd-4fc4-ba04-81f34cefc894", "comment": "Malware payload (Stealc)", "value": "d7e4265853d2a220b4d89c06d529664436bf2d3aab76cd19bb3733771289fbad", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688053215, "uuid": "ab55d4a2-f574-40a4-9700-b105636d6215", "comment": "Malware payload (Stealc)", "value": "6366b4e9ad406f2ae0a72309de23e27a25ef7f15", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688053215, "uuid": "9431085b-4acd-4dd8-b43d-705cd355c98f", "comment": "Malware payload (Stealc)", "value": "a36312a9eb61beab10e57121be973047a375f0558a959a509c659474ca819a95ec70f0ea8ba22f78cb770ab17373b3af", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688053215, "uuid": "ba114d26-fe5d-45e9-8231-f4e834fc8666", "value": "T1BD769D07B69F4FB1D3593F36C4B796206F68F5C17723C68A2A8A537A1CC37AA4844247", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1688053215, "uuid": "06a27178-4ea4-4198-bb38-ac680854f698", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688053215, "uuid": "f6432fa8-73ef-417c-9eda-c4e61e8dafcb", "value": "196608:l8E4c5O9cs9BtjCNz0/bh34LTJNIdr+x:lBt5wcs9nm86NNIdr+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688053215, "uuid": "0bfdc7de-4639-407a-91f8-e6b948f1c864", "value": 7448576, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688053215, "uuid": "c3c587cf-0643-4840-ba06-233f710d24d0", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688053215, "uuid": "9f7affcd-fa4a-429f-9080-0e7d4a1f2c0a", "value": "a1cdc6a11edbf7bdd3c31798d99d20af.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1cb7ccad-164d-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1688023094, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688023094, "uuid": "e955556f-9ebd-481a-b0f9-3fb01147f5bc", "comment": "Malware payload", "value": "9043730c9aa1b858a2477a1e63ad711a", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688023094, "uuid": "9d487044-f29c-4cbb-afe1-7186ad61f296", "comment": "Malware payload", "value": "d8929caffc7dac9e9f51ba2cf732eac7fa0e122b66a5ac1b3c525a024e10feb1", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688023094, "uuid": "3ef598b6-6347-4315-a32f-8b07785e1be7", "comment": "Malware payload", "value": "e2430300ea8bc0223a39c3bd0d040adaddc9d386", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688023094, "uuid": "13450bc1-6c19-4281-9cc2-0b85de80f55b", "comment": "Malware payload", "value": "55a32234dc423613574575943fc57a74c8c7ee31716ff1e8349bf40f6b0295a74b6e8216fe193879207048ec05643c26", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688023094, "uuid": "e07ae158-1667-4df1-b406-0eac30f2f4ff", "value": "T1B353AF34ABC1D533C4523430B17AC7B32EAC9532215959DBD7292E395F303E296BA787", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688023094, "uuid": "450f0459-99a9-4962-89d7-86636ec707f7", "value": "1536:g7mmUQgFnGGOZYOty2XcMspTFfmWnmTgf6:g7VUQyGGiy24YK6", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688023094, "uuid": "ad1ad774-7c4f-48ad-bc30-33f1c4d8a267", "value": 63275, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688023094, "uuid": "6ecbe91e-29f6-4a1e-8bc5-51fb86de2e2f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688023094, "uuid": "f92151e8-b029-430e-9fd4-3eca69e5baaf", "value": "9043730c9aa1b858a2477a1e63ad711a.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6ae19169-1699-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Formbook)", "timestamp": 1688055867, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688055867, "uuid": "cf3bc975-e3fc-4277-8cf8-28e101d40783", "comment": "Malware payload (Formbook)", "value": "27d43df9fb6228ab9ec3482a528f1da6", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "xworm", "colour": "#E0D5D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688055867, "uuid": "72b48f75-eee1-448a-b52a-20a37465ecb0", "comment": "Malware payload (Formbook)", "value": "d9048e7e5185fca63822a536674effaf47f434fd8bcd74018e5da09b5a7c1469", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "xworm", "colour": "#E0D5D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688055867, "uuid": "a8c0213f-fae6-4354-a442-c3f316b11be6", "comment": "Malware payload (Formbook)", "value": "23b938e1caf2507ae797805f27ee66357ee0c53a", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "xworm", "colour": "#E0D5D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688055867, "uuid": "5e96929f-b32a-42ae-8efa-8f68baaa3b15", "comment": "Malware payload (Formbook)", "value": "02a3b9ac26178b982071590170c90af97a7c2248acc946fbd3158dca34c2bfb7f5da2d404dd4ad81b70729052f52da25", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "xworm", "colour": "#E0D5D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688055867, "uuid": "03d310b5-967b-41ca-9685-a07819ca9c4f", "value": "T1C4D3F73FBFA848A1C16E4E700BE5E575C6353E322B43CFB7B452310A5532998EA521DB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1688055867, "uuid": "c071a48a-c00a-4681-85a6-76ae6ddcf0bd", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688055867, "uuid": "04ecb5ca-de54-4084-a975-394e86715a34", "value": "1536:u7K22GZXoCVg0vfiCTzbec/31ENYw649ApO4uMET1qxj751cNz0UCdkV/L7t:u7Kh+4CO0vfiC/beGCNYi9ApOZUH5aJ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688055867, "uuid": "e04bdb61-3964-4ee9-9a2a-1b2b1ffb757a", "value": 136192, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688055867, "uuid": "356c402a-8f29-4d95-b671-e260f5c136ab", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688055867, "uuid": "a487021f-5aaa-4927-bbda-da0bdef74fee", "value": "hello.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "17c514e5-1685-11ee-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1688047138, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688047138, "uuid": "9b8c205d-b39a-4350-a886-d576fcea074c", "comment": "Malware payload (AgentTesla)", "value": "df426fb723fb4e2e89555133cf7ce84a", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688047138, "uuid": "fc05819d-f4b5-4506-a354-f39b2ecc31f3", "comment": "Malware payload (AgentTesla)", "value": "da3b0d0acac3c2309c7ea606212b9c9a301b8f6405ca6a18a442286c6d00ddcf", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688047138, "uuid": "9f632083-4670-4401-a4dc-94af2eb26a70", "comment": "Malware payload (AgentTesla)", "value": "80784c8f550d57586df0ba312c1adfc4a0c9913e", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688047138, "uuid": "081e4c50-22d1-4d79-b0ed-0ab4b395dbe9", "comment": "Malware payload (AgentTesla)", "value": "66e5b1f73c42d3b85f8233dd9fa8677fd4041017c33a364ae75a099cf4fa63f777e273cbce367446da980b94ad307ed7", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688047138, "uuid": "7ca00299-2949-44a0-a38f-5cd06d7f5bb8", "value": "T1AC15C43B68FC56E6D07CC6B78ED7F36EB2749C2A20219D255C92F68506B5A0210F353E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1688047138, "uuid": "d6ef3555-66c2-4e97-bd18-ab4438fe9cd9", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688047138, "uuid": "1e8ba17a-9305-47b8-9894-dd1660aafc9c", "value": "12288:L5dPG2fAKo3DbRpDlG+i6VisHL8YhktzXggC9:JABDE+iCisHgcktzX", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688047138, "uuid": "cc28b24a-a342-40e3-aa1e-6a88e00367ed", "value": 935936, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688047138, "uuid": "25fa4e54-85b2-4c52-bd85-e5290b518085", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688047138, "uuid": "c45df89d-4593-49ed-9167-303921b006df", "value": "Order-Mer-300523-PDF.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8376c021-167d-11ee-b3cf-42010a9c0076", "comment": "Malware payload (AsyncRAT)", "timestamp": 1688043882, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688043882, "uuid": "62549986-007e-4b9c-a2d1-b7ea55b8c196", "comment": "Malware payload (AsyncRAT)", "value": "eed2862c4cb15255e3c793cca873d364", "object_relation": "md5", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688043882, "uuid": "a83e323d-f663-429e-9e90-a12f5b8ab5c1", "comment": "Malware payload (AsyncRAT)", "value": "db9f7c6eb6c788a0d6707102f4bd022b565d3c3cdbb05512e70a6d687fa903c4", "object_relation": "sha256", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688043882, "uuid": "81211b51-bb14-4289-af83-fe6819975424", "comment": "Malware payload (AsyncRAT)", "value": "ef304d2471fdbb4cd74f49e8888b78f33e0e0719", "object_relation": "sha1", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688043882, "uuid": "c67afa33-4159-43e2-bb8e-d009c6a04c98", "comment": "Malware payload (AsyncRAT)", "value": "6139fb683cc85536ee7f76134cf235d60300738a1685d7d82aeca198461e7b2061ef7eaca64c70346f5b21927228bebc", "object_relation": "sha3-384", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688043882, "uuid": "66b7488c-0c2a-4c12-a2cb-ff6abcb7ddb6", "value": "T1076308013BE98126F3BECF7469F6258546F5F5AF2912D55D1C8410CE0A32B829942FFB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1688043882, "uuid": "47e56a1f-81cf-490d-9f94-990997a99eea", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688043882, "uuid": "33d5820c-319f-40a7-b06a-841933dbdb8e", "value": "1536:P2wukvF1ak9gcKu5UYFDSyODCbqY2e59vrPlTGxx:P2dkvF1ak9Ku5UYFG9DCbqY2q9vdCx", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688043882, "uuid": "9cb595f1-45b6-413a-8303-e732d24bae01", "value": 67584, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688043882, "uuid": "06de26ef-b46c-4f4f-99da-6fd88dd3af0f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688043882, "uuid": "803b883d-e455-4fec-9688-3bea8fcbbc3e", "value": "decode_d9d88d32fb5ad04216b7ad3b0c617897c60a316335835101c2b50f2960c7f9e6", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cb3bb4a7-16b8-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1688069343, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688069343, "uuid": "d19acb0e-354c-447a-a2b5-e21260092193", "comment": "Malware payload", "value": "2de147fd3876a5680869766f7559363c", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688069343, "uuid": "0237d1eb-e086-43a5-b516-4eff71dc83ed", "comment": "Malware payload", "value": "dc6094d784fefb7a3f90afe81136d5232b62073f9b04eae215fe490e57b4b774", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688069343, "uuid": "6a21a885-8d42-4163-84f5-40ab837ac1b8", "comment": "Malware payload", "value": "4acd49d72caf8981203d3039b2493d460ee88a13", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688069343, "uuid": "d97414d5-b823-40a7-be4c-fc9ada0d5405", "comment": "Malware payload", "value": "1185b65a2d8df51564badeb7535f5c9e0b45e35dadc97e483ca93bfbdc8a48968311a6a291839881aa7a5d6420b00569", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688069343, "uuid": "3763090d-d5b7-4d8a-a3cb-12349689eacd", "value": "T1EFE633A652AC5CE4D8AAA23F451688184976BD1207F4F19B43B8CA5D0DFB3E17C7EF10", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1688069343, "uuid": "b1627381-e99b-4a79-8c1f-091856188fda", "value": "0b5552dccd9d0a834cea55c0c8fc05be", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688069343, "uuid": "07d20e12-6260-4e1f-a06a-f60dc2cd22e2", "value": "393216:zu7L/sQvdQuslSq9RoWOv+9fgxZizj6Kb:zCL0QvdQuSborvSY3suK", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688069343, "uuid": "10212140-6d30-4ff6-90cc-e7539b6109dd", "value": 14965807, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688069343, "uuid": "82789025-f1e3-4e24-b4cc-222fc3d2be3c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688069343, "uuid": "e8dd2def-b001-49fe-8e0e-1ba0d1ccbdee", "value": "ASUS firmware.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5067179f-16a5-11ee-b3cf-42010a9c0076", "comment": "Malware payload (DarkTortilla)", "timestamp": 1688060976, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688060976, "uuid": "59c427a9-4728-418f-bc65-c23ee174325e", "comment": "Malware payload (DarkTortilla)", "value": "52368288f872b0367cdd93b28a9cbcdb", "object_relation": "md5", "Tag": [ { "name": "DarkTortilla", "colour": "#7A8476", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688060976, "uuid": "68bce984-414d-4e7a-9b8c-d5e9d1180b66", "comment": "Malware payload (DarkTortilla)", "value": "dd48767cfb22ef37bba35b4e630122994f00f156e2bdc63d59bbae9a8c36d6f1", "object_relation": "sha256", "Tag": [ { "name": "DarkTortilla", "colour": "#7A8476", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688060976, "uuid": "5a901606-cccf-402c-8445-48f459c4f48a", "comment": "Malware payload (DarkTortilla)", "value": "d78be57dccd54d9c306036d22811c9591e521b92", "object_relation": "sha1", "Tag": [ { "name": "DarkTortilla", "colour": "#7A8476", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688060976, "uuid": "bef77bfb-4e0b-489c-a580-9cafbad6e16d", "comment": "Malware payload (DarkTortilla)", "value": "6cdf59c1c71d2571b47b3bc9da02b75ebbca072bd0a7ee6fc9785079d0cb884e64df9a3ba67323ac7993f70e06bc3cf0", "object_relation": "sha3-384", "Tag": [ { "name": "DarkTortilla", "colour": "#7A8476", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688060976, "uuid": "bcd11c09-5adf-4987-85b7-d736f06840ba", "value": "T18015BF177B448B83D654377F4282BA1623F0ECCB3251DB0A6EA97CF856A37D11E1E258", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1688060976, "uuid": "93cdc42a-6678-44ef-b92b-526ba763a360", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688060976, "uuid": "c80b34f5-f919-45fe-b567-23bacd826cb7", "value": "12288:dlqtlu96FG24mhC7qVhx5xKYJyVmuf4vcfKKGqC7HLX7oe7gOwpKoN:tBQC7qVz3U4kcHl7W", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688060976, "uuid": "6ddc32b1-e10b-4a7b-9178-cff71b1c0a71", "value": 896000, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688060976, "uuid": "8bf23ea8-ae20-4a6a-b066-ae31ad66b195", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688060976, "uuid": "bcce76fe-449c-4e88-88fe-9682e855179b", "value": "New Inquiry.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "61a1827e-16b3-11ee-b3cf-42010a9c0076", "comment": "Malware payload (njrat)", "timestamp": 1688067018, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688067018, "uuid": "6eb22267-c4db-4712-a4fd-c9c8eb089d12", "comment": "Malware payload (njrat)", "value": "a8cb9509bd47ca0614894cb0cee776b3", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688067018, "uuid": "9dc45c0c-abc7-49a9-9f86-8abb35bb3635", "comment": "Malware payload (njrat)", "value": "dd6ec09e53c8f288ee1e54d408ca6137fb8da492dfa3e4ed68840f500ec0231e", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688067018, "uuid": "6e1cd63f-76db-4681-9368-b469278c42e8", "comment": "Malware payload (njrat)", "value": "8b74ee366ea16095e4bf1068ea22f9cc67f7a345", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688067018, "uuid": "7c1c7a34-dadd-44bf-99cd-4643f6df2cef", "comment": "Malware payload (njrat)", "value": "4e51da8197fa2eabaead2850d5f00e8d7849696a4defd47481e0b3d0f6b5cc7b5bdb7c53b276f9a6ae51b2a48ce9d40c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688067018, "uuid": "f489799c-4180-46e7-ac99-2d199d596beb", "value": "T154033A4D7FE18168D5FD057B05B2D41207BAE00F6E23DA0E8EE564AA37636C18B54EE2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1688067018, "uuid": "9aadef2a-a8f6-416d-ba41-3c3a61c173a1", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688067018, "uuid": "49eae701-d7db-4fff-8f2d-0748126b8e89", "value": "384:F9uxcaCis//WRdL5kyc/p0P3XngacZSrAF+rMRTyN/0L+EcoinblneHQM3epzXpg:CxcUD5nc/p0f1cgrM+rMRa8NuHgt", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688067018, "uuid": "15935bf0-e204-45b7-936e-01e5bce84586", "value": 37888, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688067018, "uuid": "f0bec2ea-cd29-4483-8d5c-25fb018f2814", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688067018, "uuid": "06b8ccf4-9505-4aa1-95b0-bed7362473b5", "value": "a8cb9509bd47ca0614894cb0cee776b3.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "81b23370-164d-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Loki)", "timestamp": 1688023263, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688023263, "uuid": "7ed0805f-e165-4367-8950-8aad39868b7b", "comment": "Malware payload (Loki)", "value": "15aba8ed95fd484ca6e2ab351822ff2e", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688023263, "uuid": "13efa247-964f-4e9f-bc50-ac421112a32a", "comment": "Malware payload (Loki)", "value": "dd98aaea7e701f3f24539f3711010afeb2a3e794931cd9f946c285d056b30158", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688023263, "uuid": "1ca54080-5192-4d05-8b3c-a2438b268738", "comment": "Malware payload (Loki)", "value": "48224a9662516723a5eea33f14b21fa7eb68160d", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688023263, "uuid": "0c16aac2-9b81-489b-8e6e-7016d3252d87", "comment": "Malware payload (Loki)", "value": "953899de7a18a5719138d450154a3c324132dce30b172a0a98333a353715abd8f0486ee09b29499fa2f1fd1f8bc4d0fe", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688023263, "uuid": "db71266e-38a5-4ef7-a250-258afc0f0566", "value": "T195B4124053D12092CD9548BA596781B44DC59C1388C59F438BCDB33AB973AC6FDAFABC", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1688023263, "uuid": "3d509390-4671-452e-ae6e-952a1b5d2e65", "value": "e2a592076b17ef8bfb48b7e03965a3fc", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688023263, "uuid": "3ecbd32e-f8a5-4fc0-be49-ab4513637f51", "value": "12288:9FKBG73lOUG2H7zS8zjD8Ea/lJ/DDia7Xl:BrlMa7zbzP8Ea/v7DR1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688023263, "uuid": "822b7585-c306-4446-ba39-4cc1a4623c84", "value": 507230, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688023263, "uuid": "6d0b947b-eef6-4ec9-b354-5dfe568b79b5", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688023263, "uuid": "657ce51b-3f32-488e-9ec0-9ad10eae4815", "value": "15aba8ed95fd484ca6e2ab351822ff2e.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "33c37e0c-1670-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Formbook)", "timestamp": 1688038165, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688038165, "uuid": "fca7f39d-33fb-45fa-ba5e-1149118cf3c1", "comment": "Malware payload (Formbook)", "value": "91bc4999ed5740509f8eceeed0638400", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "QUOTATION", "colour": "#75C1ED", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688038165, "uuid": "d623dd80-772d-489f-84f0-2785399349c6", "comment": "Malware payload (Formbook)", "value": "ddd9ead73e818770fe8bc81da65f863e2ed6d20a6a32c60817d3edc8c4aa38d4", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "QUOTATION", "colour": "#75C1ED", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688038165, "uuid": "7249f939-4373-42c5-b302-9d2a3cfbb152", "comment": "Malware payload (Formbook)", "value": "f954bd1bd2250d4eb9249f3d9ca5a464b55ee44c", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "QUOTATION", "colour": "#75C1ED", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688038165, "uuid": "9929a00f-3616-42ad-91c6-a27aa947eee2", "comment": "Malware payload (Formbook)", "value": "1b9903b4cf40ef98398d89a2adfdf2cb05fcf842c2b20d29f50310c5c5a505b8648c5adeb0432cd2e89c482130cba3f4", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "QUOTATION", "colour": "#75C1ED", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688038165, "uuid": "f61878ec-7005-413d-a7cd-17eba999a35d", "value": "T14C15183828FC5AE2C078C7F94ED1B063F3A4953E3825DD255C8267D90666B9215F3A2F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1688038165, "uuid": "b03ee324-d236-49c0-b1cb-c2d200547e4c", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688038165, "uuid": "4206de39-226a-4392-b832-70f1e2b93c4e", "value": "12288:0N8Ne5oHOEQeeZwHyLop6bZFJdj3Kk24ppQRNvSmr5:0CzMwHp6lkk7ppmJj", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688038165, "uuid": "7159a1a4-e20f-4746-b930-72830ac8e2da", "value": 920576, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688038165, "uuid": "8ecc64eb-e299-449f-b95d-351c2e0b30f2", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688038165, "uuid": "bf03f326-5061-4277-9f79-8924cef7ae11", "value": "Quotation.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "15222c51-164a-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1688021793, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688021793, "uuid": "f08e88fa-2f98-4d3f-af1f-45cd07a3bd8a", "comment": "Malware payload", "value": "3d41dc1211e95e3ebd06b2181765f48e", "object_relation": "md5", "Tag": [ { "name": "pdf", "colour": "#255549", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688021793, "uuid": "659f0d99-ef92-4e0b-b22e-0ff3e30b6917", "comment": "Malware payload", "value": "e1465dddef5069ae5ebb4889660441e04bb189f658fe6199c1210f92474368cf", "object_relation": "sha256", "Tag": [ { "name": "pdf", "colour": "#255549", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688021793, "uuid": "9a1ce532-c132-4848-a31e-ff28e7c6aef3", "comment": "Malware payload", "value": "252d215f1e3583b79a6ba3da5d90686810782f97", "object_relation": "sha1", "Tag": [ { "name": "pdf", "colour": "#255549", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688021793, "uuid": "3036e6a1-a77e-4186-8794-756bca273c11", "comment": "Malware payload", "value": "82e179ec1494678a6908518761b6edbe2d070ef48b37fe513d112334dfcaafcbfa306fa47fd4d199ce37d3dce185d405", "object_relation": "sha3-384", "Tag": [ { "name": "pdf", "colour": "#255549", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688021793, "uuid": "2048396f-c234-4676-b04f-6ec5be876dfa", "value": "T15BF05910ED671C9DE856CB0B61923C2D144CF65687CC3AD2226E9F10A190E7CE383866", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688021793, "uuid": "f554fcbe-541f-4fbe-8771-acb7a6379fc3", "value": "12:dB9lNMzL2p1WjL56hCQolQSL+tW5+6c2yJ93jtfgb:z9EL8eLshCZ0tW5+6c2yJ9jFS", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688021793, "uuid": "17624818-9900-4f02-b45b-f18cbc22474f", "value": 510, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688021793, "uuid": "873b64e2-4c98-4b5a-9845-2559e83a776d", "value": "application/pdf", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688021793, "uuid": "df543d13-a6c8-4f6a-b09e-f6622b5df3f0", "value": "AWB, Commercial Invoice, Bill of Lading & Parkinglist.pdf", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8b6538a4-164d-11ee-b3cf-42010a9c0076", "comment": "Malware payload (AsyncRAT)", "timestamp": 1688023280, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688023280, "uuid": "560d91c8-5b87-4fba-9b24-7c442d67198c", "comment": "Malware payload (AsyncRAT)", "value": "0022883ee9a2d7fb7536db747cd0a34b", "object_relation": "md5", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688023280, "uuid": "23283432-b279-4da4-aca7-ef2f8add63ff", "comment": "Malware payload (AsyncRAT)", "value": "e1f290576bda7646656fab4ed2fefaab8300362b0678c15ccaa0a9e5d027dae1", "object_relation": "sha256", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688023280, "uuid": "92c0d401-3e0e-4689-b1b0-2de113309ea0", "comment": "Malware payload (AsyncRAT)", "value": "9631d0600cebe7dd9b31a28932cdda3392a98703", "object_relation": "sha1", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688023280, "uuid": "92b1a612-c4fc-450b-8b3c-e5c8f6d61348", "comment": "Malware payload (AsyncRAT)", "value": "defa2f9bced9a0c45de21d0d3418c7e0a052242476576112ba4080db1642144291551d372a384b0da762977758c65454", "object_relation": "sha3-384", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688023280, "uuid": "123d5948-09af-465a-890c-952d104f8d0a", "value": "T18204392437E81919E3FFCBB8F4B001258B72F8236913E76F29A459E91D62345E550BB3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1688023280, "uuid": "ae54633d-b82a-4d57-8e3c-00f6bf5f5adc", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688023280, "uuid": "d5f5ef5e-8343-4f56-8e16-aa83b63bab10", "value": "3072:G+STW8djpN6izj8mZw+GSv5hqIPu/i9bcJ2czccuOCUE6+WpD:b8XN6W8mm+vvnXPSi9b40Op", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688023280, "uuid": "939ce085-eda3-462e-ae68-553efdbd0253", "value": 174080, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688023280, "uuid": "754cefd6-d674-4a8d-b495-5463392bbd6d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688023280, "uuid": "004da66b-bb07-4bf9-9a98-f7ad65f28e03", "value": "0022883ee9a2d7fb7536db747cd0a34b.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b2f56005-167e-11ee-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1688044391, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688044391, "uuid": "31fc1881-9e80-4e14-9edb-dc11c26853bd", "comment": "Malware payload (AgentTesla)", "value": "b94c5017de2f5cca39c71a10f3b0175b", "object_relation": "md5", "Tag": [ { "name": ".NET", "colour": "#FD5312", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MSIL", "colour": "#2D22DA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688044391, "uuid": "4d481c7c-793e-412d-8a93-89b8a94d7bcd", "comment": "Malware payload (AgentTesla)", "value": "e29da5419ccde47362b68768236bc146bfdb198905405e7b05ef3dbefa5d28cf", "object_relation": "sha256", "Tag": [ { "name": ".NET", "colour": "#FD5312", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MSIL", "colour": "#2D22DA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688044391, "uuid": "5aa04432-1542-4aed-8887-69d6dc80cc08", "comment": "Malware payload (AgentTesla)", "value": "00ccefee4a110b6939cc311b292ef2e9eae11e55", "object_relation": "sha1", "Tag": [ { "name": ".NET", "colour": "#FD5312", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MSIL", "colour": "#2D22DA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688044391, "uuid": "0262ac15-6ea2-495d-a7f8-39cdfe8962e5", "comment": "Malware payload (AgentTesla)", "value": "c410318429fd20b8d67942cfb046ce8ebc56f53509d7f50b13f65ca1451d6e6880f397889b472c4f83107bbc8f1cb289", "object_relation": "sha3-384", "Tag": [ { "name": ".NET", "colour": "#FD5312", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MSIL", "colour": "#2D22DA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688044391, "uuid": "1cbf959d-6e3e-48d7-90f5-37beaaa66d7a", "value": "T125F34A6982C98DD5C32DC078DBB13908CAB393C35617E75D1DA1E8F63F56387322A866", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1688044391, "uuid": "f9941991-3449-495c-9cf3-630490524a4d", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688044391, "uuid": "067be065-68df-40f8-a6b6-92fc7c3db32a", "value": "3072:jsudpSQgW/+21CIoiEbRB8HxhO6eBkZ6WtG5:jsNK/dCIonBfg6m", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688044391, "uuid": "3c7b7466-f21e-454c-97e2-5b3ed1cde946", "value": 169472, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688044391, "uuid": "d5c54d7c-1cbb-4aac-b085-7356fa297153", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688044391, "uuid": "913d98a8-aa4b-457a-a3db-3db3dcc9ce53", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8edd5c17-1674-11ee-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1688040036, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688040036, "uuid": "cad5cfb3-a71f-4162-a46d-010be6323126", "comment": "Malware payload (AgentTesla)", "value": "72ce2fcc9bc7f58c76f8b3481c3a6ad0", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false }, { "name": "z", "colour": "#C882CD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688040036, "uuid": "4e3717a1-c0f2-4985-a692-fd9a6cce60a6", "comment": "Malware payload (AgentTesla)", "value": "e3662e11681b8c8e5becaf34b3a74fd5980c208a062b686dc418e36824993c3c", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false }, { "name": "z", "colour": "#C882CD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688040036, "uuid": "55511428-ed0d-4816-8486-ac2527adb5dc", "comment": "Malware payload (AgentTesla)", "value": "91c498966c1bf0813096816525ef90d36ebbd55f", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false }, { "name": "z", "colour": "#C882CD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688040036, "uuid": "6235470e-2888-4cb6-8fb0-4a92bead8f42", "comment": "Malware payload (AgentTesla)", "value": "820d1ab776eb33cc41cabb26492fff7b49cf3f63ba9ad7276eb837d9bd14720daf6227e7f476db2fa9caab6db0827be5", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false }, { "name": "z", "colour": "#C882CD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688040036, "uuid": "988723d4-f1a9-45ed-8668-0140e0ab19c7", "value": "T1EFB423DADBFC7B90E4F148D8B31C676787C924DD9D01B2E287E1607062A10E6A35F295", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688040036, "uuid": "1a14c148-944a-4adf-825c-b02f0620b36a", "value": "12288:bFVkfWrw9MkxsKnEvYhXzPiAHvyPRola7kiyMviWAF:M6aBxnRtvyIaoic1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688040036, "uuid": "e747a4e7-ad3a-4656-8a83-c05724e3ada0", "value": 523143, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688040036, "uuid": "613c649f-2140-4594-adea-0e3e575cb928", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688040036, "uuid": "97dcd7b8-3808-4ff7-8530-e753bef4c893", "value": "Quote WQ102474.pdf.z", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a471d18e-1641-11ee-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1688018168, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688018168, "uuid": "f1e1e721-7622-4a96-99f9-e968bb6321c9", "comment": "Malware payload (AgentTesla)", "value": "cc4229c7b87e29e2b0560ef951a205bc", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688018168, "uuid": "321e27e8-f8b6-4d28-b45c-a5f3642aa552", "comment": "Malware payload (AgentTesla)", "value": "e57c444a50a0cb9ac14152220923763532f8a280c37ff45ee55ef28844740434", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688018168, "uuid": "1e1ab8c8-7340-4d2d-84ea-796341f0005a", "comment": "Malware payload (AgentTesla)", "value": "56bef212cc93bc74e5b3a2aaf61d4b384bf39737", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688018168, "uuid": "7962e21f-2c39-48d6-a599-72e163cd7e7f", "comment": "Malware payload (AgentTesla)", "value": "4a0d4baad1d13afdb32612fd1f3ffb578191d3cf1b8d851268b3cb2819f440cebe0c6460eb2eba7b6b4ce04b21d72ac0", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688018168, "uuid": "6087c420-2117-4011-bd5d-63effb657c56", "value": "T1AB156B3C677D9A22C030D7B9CED584B3F2654F3AB411D922588A7BB52762B521DC332E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1688018168, "uuid": "ecdc0c75-3d17-4c4e-9fa3-bc68bed869a2", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688018168, "uuid": "976f405b-6632-4d14-9c5f-cebdb8751101", "value": "24576:Tp/49mhYs43CVGo0yuiZm4yZ5DSMOFgzN4s:NM13Ws4yjDrOFgzm", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688018168, "uuid": "e30fba46-8e6c-4077-966a-6539b601fc20", "value": 948224, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688018168, "uuid": "31d9bb23-7c05-4a72-9e1e-5a8754808c5e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688018168, "uuid": "83d90a41-1134-49b1-a673-9fb6803925a3", "value": "cc4229c7b87e29e2b0560ef951a205bc", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7e916208-166e-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1688037432, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688037432, "uuid": "14dcfb25-ae3c-4838-af3b-f2e28e3704b0", "comment": "Malware payload", "value": "4f00ac4966812cce1dd46ddeeda40b86", "object_relation": "md5", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "docx", "colour": "#0DD1A9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688037432, "uuid": "c39102d8-45a3-4fc1-89f5-582c655a3124", "comment": "Malware payload", "value": "e5ca45c2fe5b747022b563299e637b41cb7a4ec943eaa99400d4b2ba1ed46659", "object_relation": "sha256", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "docx", "colour": "#0DD1A9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688037432, "uuid": "2c5db989-4130-40c9-9e2a-685ede994684", "comment": "Malware payload", "value": "667298385c1f487325889c4cd2e8be7a685e2b8e", "object_relation": "sha1", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "docx", "colour": "#0DD1A9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688037432, "uuid": "d4fddb74-8958-4dc2-89ef-01d639387799", "comment": "Malware payload", "value": "9600f846defc3048c3f35cc91f1ebc6993cd875461984189b720f6b76d6fc0457ae4acb65c68210bd41947a0236b86be", "object_relation": "sha3-384", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "docx", "colour": "#0DD1A9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688037432, "uuid": "48b8894a-14ea-4c52-b164-b4c05aab5922", "value": "T160E2F138D62FB012C9DF43BC841E14E6B79A22C1FA2483995554B7ED8B9484BCB06FC8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688037432, "uuid": "6baa199b-aeeb-48ea-8a40-04c0cfb6e21c", "value": "768:ANYBiXfbQeCqSa8PVws3ZZ5bKxskvxllNJ5wgscZEIzhYxD:IRXj/SJ73RKSuB/CFINE", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688037432, "uuid": "2d02798e-2cc3-4519-ac2c-b0fd3a40bed4", "value": 31291, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688037432, "uuid": "99a95b30-310d-4e7c-859f-e4ed9cde595d", "value": "application/vnd.openxmlformats-officedocument.wordprocessingml.document", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688037432, "uuid": "353449a9-436d-4b66-969b-861b6bbba8a8", "value": "MortgageFlex Servicing Fact Sheet 2023.docx", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4d2fe0a9-1642-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Mirai)", "timestamp": 1688018451, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688018451, "uuid": "816442d9-9e49-4082-a278-9d503ea417a3", "comment": "Malware payload (Mirai)", "value": "38b449637d2bdb31c801cc7b43edc6aa", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688018451, "uuid": "37313d3b-8ee4-4a74-a82b-87178016ddc2", "comment": "Malware payload (Mirai)", "value": "e5f112e9e90c48e1285a7c6aa2d654cb6703e6b8d58ee0172b6524f2872d3b0a", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688018451, "uuid": "129948ce-aa46-4429-a3e6-0b7d6e83b546", "comment": "Malware payload (Mirai)", "value": "381c2e2df07f39285e4d1f06467acee2697f6177", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688018451, "uuid": "85e1ac90-2e7b-49e5-837a-92181b32fa3b", "comment": "Malware payload (Mirai)", "value": "f83273fb9d185c11cc9c3823568fb3508ede9cd2e40aaddd0223fcc4c24b2aa7958a0b5cf90956868085d9a201eac619", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688018451, "uuid": "36cd7775-2443-4c93-ba67-46dc3a2ec201", "value": "T1CDA2D025D3456EF4DFEF9DA453C2C3C276E547CA278AC8E240EEAF016606046B789D19", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688018451, "uuid": "21e7ae67-4102-4ff1-aaf2-1136a7a747e7", "value": "384:M/JywWc84Tp2YshxqlDeAkSqjGJLeCE5zRW6C5gM4uVcqgw05VxJR:MRxsSVsMD6xiJJE5zRWN54uVcqgw09f", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688018451, "uuid": "12007763-ecb2-4bb0-a107-b5ac581b9dac", "value": 21884, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688018451, "uuid": "4a6310c3-0ce2-4c78-8c92-51561c78bfbd", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688018451, "uuid": "7c829dc3-bae9-4127-b0d6-4856860fb550", "value": "38b449637d2bdb31c801cc7b43edc6aa", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4be25286-1635-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1688012865, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688012865, "uuid": "b5a2dab2-bb04-401c-af4c-f3671b1a0fdf", "comment": "Malware payload", "value": "f089b7788141af791c364c08420dcac0", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688012865, "uuid": "7596651f-bea1-44a0-94a7-1c2c85726bd6", "comment": "Malware payload", "value": "e639038e50664673b86d2fe78abc771caba7b62b1069a7f2b200c26dd306bd43", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688012865, "uuid": "9ca15f19-86af-4554-8648-b2c8d348a6af", "comment": "Malware payload", "value": "bc1870688fe4c8b7d980e94fa7ef8d08fbfc4bbf", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688012865, "uuid": "92bc8bd0-39b5-4d96-9315-75e7ae99b114", "comment": "Malware payload", "value": "1b324becceb1eb9aea566b927666bb1044f4c05a7c64d15c75e7b30877a5a0e78084ba1eb1453fb9b6c3f1748de3eb92", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688012865, "uuid": "9b519412-9825-4137-b798-6711241079b3", "value": "T17032D8765B9A0872D39149F864FD7D0349F91A055BE588D38FC10C0ABC653E72D36A87", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1688012865, "uuid": "316a9781-d898-46f8-a808-f62cdc96de5e", "value": "6a2782b4240d903051f23421bea80a1b", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688012865, "uuid": "939aa238-1492-40ff-9d0d-f053124ca990", "value": "192:y5v4z5TxDVI+aRtFDP+qfaSdCtLxoFtLhCt3fc5B1Q1+Jo:yN4zmXPDiSdCtyFt9i", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688012865, "uuid": "21745c34-7cd5-4409-8ef6-68ce6bcb4078", "value": 11264, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688012865, "uuid": "0684808a-f7c7-464b-9a5c-d76e19ac7d23", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688012865, "uuid": "5ef371b7-8db3-4be9-9224-c9f79dbe41c6", "value": "SecuriteInfo.com.Variant.Tedy.391406.8654.22662", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "af19af38-16d0-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Mirai)", "timestamp": 1688079604, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688079604, "uuid": "0a9e832c-5818-470d-9fd3-bc6271604cdb", "comment": "Malware payload (Mirai)", "value": "e153c885227dbb695c36992c8529d2c3", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688079604, "uuid": "387a7b65-20f2-422b-81f0-6d6cff01cc21", "comment": "Malware payload (Mirai)", "value": "e66910253180a9f12a9a17c003e728321864f9a53bc5f48b68ac7536399638a1", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688079604, "uuid": "e8c48022-d8b9-4c77-8859-121d8809b83f", "comment": "Malware payload (Mirai)", "value": "080b24e82e97f89529a64ef75b058b0ba9e3e895", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688079604, "uuid": "645973c8-20ef-44a0-bf9f-ed59f5a199a2", "comment": "Malware payload (Mirai)", "value": "0e383ae6713665f9a99e1dfb6182677184cfcd4697706475ffb59b78dfe59bc6bbd51aff19386790cefb04a974e0b4a8", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688079604, "uuid": "2c3ad7ca-98e7-45e5-bcb2-79f57ada35cb", "value": "T1A8D2E091DB748F2BC8ABB232281A76128121B73D70E5C9A56CE4391745BB93053EC3A3", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688079604, "uuid": "0e154df0-fdd0-477d-8f01-257ecad911d8", "value": "768:ELZW56tNDAFiY4FGG1Nn8MPDEzg6cHoC5IsfnbcuyD7U0/2D:FMtmij8wyVcj5hnouy8jD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688079604, "uuid": "1a9643bc-6314-44ee-8cbe-2a678c7830b6", "value": 29740, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688079604, "uuid": "dd1b3f88-32ef-4ac9-8e5d-d91c398bce71", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688079604, "uuid": "62ecaf81-5668-4cd8-8035-9d050c8002d4", "value": "x86", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "228829e6-164a-11ee-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1688021815, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688021815, "uuid": "4f287c0a-8f85-43f6-9b0e-c578df07cd3c", "comment": "Malware payload (AgentTesla)", "value": "29a832fad6ee15c559d5e15b6fd8ed3a", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "z", "colour": "#C882CD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688021815, "uuid": "25e3ffea-4a87-4b1a-9aa7-887f8283484f", "comment": "Malware payload (AgentTesla)", "value": "e753c0b499e1b267567bd959f0747a2bfbcdaef919a1c5da8d3ae32a53218c4f", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "z", "colour": "#C882CD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688021815, "uuid": "3e1448c8-ea2d-466f-8073-3b96f871e78f", "comment": "Malware payload (AgentTesla)", "value": "5debfcd2b537c8fb3821569fcb664d2e4414e2e6", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "z", "colour": "#C882CD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688021815, "uuid": "40fcab0c-3f1c-49a2-8ffd-898c2ddc43eb", "comment": "Malware payload (AgentTesla)", "value": "3b16e1d564e123caacf761c29e84bda8751d5f9a2cc87e66ac5e546be099d3cdfd1604f36d69779e7aa8c4465fdf05d8", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "z", "colour": "#C882CD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688021815, "uuid": "40b7fc72-ddea-4a57-adbf-fedb6abc501c", "value": "T1A4B423F73203AE8CDDDE3727CD06F16AECA6919E0C1DE8DCA6A9B1D97A443450190753", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688021815, "uuid": "4c095c09-70ea-4dd9-aa23-d5603f448948", "value": "12288:YiyC2R+Y+9ipYSjlGQOYBu9hh4/D1emPSRs3Gh:YiMR+1YY7hoxhP6t", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688021815, "uuid": "3d51b08c-4f12-4bf9-83cb-9b7a7ddacceb", "value": 523859, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688021815, "uuid": "d6b54686-01e4-4728-bebf-4ebc53337d2a", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688021815, "uuid": "174b6585-a702-4d4d-972e-ca70e4563276", "value": "PO#52343463.pdf.z", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "99e80f70-16a9-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1688062818, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688062818, "uuid": "6e9bb550-68bf-4aab-b163-98001eb6733d", "comment": "Malware payload (RedLineStealer)", "value": "a0db4ffbab5bb23c7e812ab47ce31564", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688062818, "uuid": "afe3f93d-f21c-4b02-904c-494987d0784a", "comment": "Malware payload (RedLineStealer)", "value": "e7ac15ad81fce4c16bf04426ef23dc5cc308eeec2721e6982cac44eabb72c388", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688062818, "uuid": "8a45f92e-9570-48f5-b892-4a3e03c05d0b", "comment": "Malware payload (RedLineStealer)", "value": "85631ec1ecc2581f21f47b6c632c943d5c67f6a6", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688062818, "uuid": "1eea9cb6-4543-41af-84d3-24752bd29237", "comment": "Malware payload (RedLineStealer)", "value": "267e19d7cf8f52e96a8acf6738338fbd13aa15a58f861be06bbe41f2f8e095649ecc712c0b56fcaf4df195b088a06936", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688062818, "uuid": "5b416923-3aef-4010-96a7-56919517ce4f", "value": "T10DF451BD294C76A79475D9AF4DE2054BF23B731277138DA82AD212C1C62261E37EDC0E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1688062818, "uuid": "aeb9374d-368e-4778-9361-f93bbbf6020e", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688062818, "uuid": "9f844720-eccb-45e2-95ef-b50172e27d2a", "value": "12288:jAGJw/JhlEJwTtSXg8IyzRs6hFeqGw01+u5l4:jwzJGTzRsuklZl4", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688062818, "uuid": "61502579-53d4-47e7-9b91-c36b24804814", "value": 759808, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688062818, "uuid": "2d30f4a4-2b0a-4779-9f0b-b0fd126d51c8", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688062818, "uuid": "d919e089-7e37-4739-b397-3577966af11b", "value": "a0db4ffbab5bb23c7e812ab47ce31564.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a1b11153-167e-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Smoke Loader)", "timestamp": 1688044362, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688044362, "uuid": "2e50d247-081f-4e05-87f6-bacf1386e288", "comment": "Malware payload (Smoke Loader)", "value": "86b471b9496dab0c4c7a890b2f80e0c7", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688044362, "uuid": "31bef6e8-6779-403e-9dc6-b5998d7445a0", "comment": "Malware payload (Smoke Loader)", "value": "e7d7c5a24455d0de7fdf25c4ccf0cfbba819057fbcdcdfb478a08da84abffa49", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688044362, "uuid": "2e5e32a5-12fb-45e9-9cb6-cb34a3caaf1e", "comment": "Malware payload (Smoke Loader)", "value": "71601f81dc0e87eeaf2cd9640607e62ecc5653da", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688044362, "uuid": "9116bdf0-774e-4306-b82e-3070f2323c8c", "comment": "Malware payload (Smoke Loader)", "value": "c7a82d8e02b1ecdd6c77cc9b54bd9e1d5f614f0584323dac14592b69029a43f60bfea599e98cba2d061361cf383cec94", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688044362, "uuid": "34a01151-6d3e-424c-842f-13b1c913feca", "value": "T193543BD2B2A07C6CE5254E729E2EC6E42B1FBD604F59B75ED2186B2F05B11E1C1FE210", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1688044362, "uuid": "4a92b233-8cbd-4a4d-9239-8b155cef1363", "value": "4ef5c5864141626e44cf96ed52dc90ca", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688044362, "uuid": "9b11786a-333f-47de-874b-206b9da6f01c", "value": "3072:Hi3UpCtlfpq7HmTfcYV761zX+uW5CTsnFuLArYD3U9OV4:CEmW7HmT0eqDnmmsFu3m", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688044362, "uuid": "54fb97f9-6bc7-4ac7-b504-12d6f584fdd8", "value": 285184, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688044362, "uuid": "44ad8f26-f302-4f17-a5e4-8994d6fbbd74", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688044362, "uuid": "29f7e06a-c6be-434c-a984-608d89cc4f7f", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bba5416e-166d-11ee-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1688037105, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688037105, "uuid": "90cef81b-1fde-4399-8a9c-a08f8fcb6f5c", "comment": "Malware payload (AgentTesla)", "value": "0b4fc0ed55f82c8925b1eda44089eced", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688037105, "uuid": "6920da2f-2202-49bc-9726-43e8f4cb83ec", "comment": "Malware payload (AgentTesla)", "value": "e86cffb02c661b2c4b434cd2cab75b4d7c3f0ab3f656138e13a0040b64024941", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688037105, "uuid": "12c3d7e7-1f2e-49ec-b8f2-01b51901cd73", "comment": "Malware payload (AgentTesla)", "value": "1c3cbde8f847b821b9a5f0bcaa6b9ca81c7b3cf9", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688037105, "uuid": "3f0f7b6c-b305-4979-add1-bf89fdf379f9", "comment": "Malware payload (AgentTesla)", "value": "06e28e69ff92eeb5e2b118382949679cde94fcb6c4e2e95221271bd45f0aa6140b5cd73d10353b8f43c586861fedc22c", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688037105, "uuid": "43388d32-337d-4ffd-ba48-7825a9335f12", "value": "T1C035079C321175DFC86BCE768A982C64EA6074AB570FE203A01715ED9A1DB97DF102F3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1688037105, "uuid": "55bb399e-b473-44fb-952a-f264d6509e0e", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688037105, "uuid": "5b8735cc-10df-48db-ac55-36b6c27429c5", "value": "12288:N/5rKxL0piu0jSitz9Cxure/Y2TPid2lQkdiyx5rF8gJCN7EXOAvKTo3kYwNWTWl:JhKepWjJh8xurmVPlNdiQrFwNILwB", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688037105, "uuid": "a126376f-6c9f-4c9f-bbf7-e770d350a3a4", "value": 1062400, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688037105, "uuid": "fdf72a1a-051e-42b4-b47d-471b4a2f6cde", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688037105, "uuid": "610b9937-8625-4b04-a873-0d87320c823d", "value": "PURCHASE ORDER.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7c6621e9-167d-11ee-b3cf-42010a9c0076", "comment": "Malware payload (DCRat)", "timestamp": 1688043870, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688043870, "uuid": "52f04cda-3956-42ff-ace9-00afc49ee681", "comment": "Malware payload (DCRat)", "value": "f42855ce84504c19eca9de5257501f2a", "object_relation": "md5", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688043870, "uuid": "cfc4e334-5fb5-439f-8e4c-7740c5d85ac4", "comment": "Malware payload (DCRat)", "value": "e989511efca30f5d0a994e476f88eacd7a7c0c5867e518f252c4c6825c940720", "object_relation": "sha256", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688043870, "uuid": "07ba6435-7963-45fc-8440-5fdbc90735bb", "comment": "Malware payload (DCRat)", "value": "d703ecd9dbd7e1a59d9980b04cbc6bf987150c77", "object_relation": "sha1", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688043870, "uuid": "f838ba10-6103-49d6-86c0-46e082ab4d4c", "comment": "Malware payload (DCRat)", "value": "f208fb8bcd0d86fbf08a2fda0c83453ad4b3e4c3043f95be7d238e70e44abda4f65821c4c34d7c6dbacf00393dd19f04", "object_relation": "sha3-384", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688043870, "uuid": "157d4d67-0faa-4ed3-8c74-c75f29dc38d7", "value": "T180235C0037A8C13AE2BD4BB4A9F3A2058275D6676D03C6997CC854EA1F13BC597436FE", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1688043870, "uuid": "a82068b0-4ac3-43bc-a045-845d185659db", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688043870, "uuid": "ed0bfb80-0aac-4475-b22c-d68d91e46e22", "value": "768:FOEuILWCKi+DiOwhA5iizYbWgeQARbLXgEkvEgK/JPZVc6KN:FOtmOwhUcbJJWbLXSnkJPZVclN", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688043870, "uuid": "643bf0e9-7f81-458d-9307-ead4cb8b989d", "value": 48640, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688043870, "uuid": "b8312ac5-a99c-40f1-83fe-d40d787eae99", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688043870, "uuid": "5ba7fae7-296e-48ba-a309-7bf35ebdf91a", "value": "decode_6bf017b3035a24cca6b1e1e7fca5f43c8b0de2959745b01aea60808235347df7", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "65f7fe79-1679-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1688042115, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688042115, "uuid": "1d114dd2-40d7-4c0f-a8f2-b6bb5825c6a1", "comment": "Malware payload", "value": "4476d99fc8f4c91bbafdfc1bcbb4bff5", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688042115, "uuid": "f2f354bf-913e-4606-b5e4-051ee3e08f6a", "comment": "Malware payload", "value": "ea483b01f53c950bbb8531487f0516d278388b96ef480ae786a009159acf29a5", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688042115, "uuid": "aba93753-2dfe-4228-b321-7ae4f7e8c86a", "comment": "Malware payload", "value": "eb18c363fcf706fc8bdcfc26187d9d1ab3cab087", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688042115, "uuid": "5284f9a5-5fc8-48c0-b817-8de812d8c970", "comment": "Malware payload", "value": "0ed206803bf3ed871ae4e486cd9df2ad7037aadb1fcb5ef3feaf15fa5572183699687dd12127af16ca5be87823694728", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688042115, "uuid": "d261897f-208c-4a08-93a6-b45fa11a612a", "value": "T15642F9049FEC0277E8AB03BDA97357404739F6B77613EF2A29DC619A2C4124559223F7", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688042115, "uuid": "ba3c0ceb-e20f-4220-9206-b60d4e80c0bf", "value": "192:QqwFkb7H0rKTW2eOdgR82YR7bf6X15V87W1tfC8XLfJh6myRRW35DOeXlseXl41O:oUTcOdgRT26X1Ssq8HHBq+y+r", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688042115, "uuid": "4a350876-dac6-4f3f-a12e-85243fce6130", "value": 12288, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688042115, "uuid": "3dff7bbd-67dc-46b0-91cc-2f7b695ba25a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688042115, "uuid": "0f228e2a-12f4-4677-bc3a-c171482cb2a1", "value": "SecuriteInfo.com.Win64.PWSX-gen.17669.24642", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3181bab6-1646-11ee-b3cf-42010a9c0076", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1688020122, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688020122, "uuid": "5b6fb920-b1a0-4d3b-aa42-fc87e8debdec", "comment": "Malware payload (SnakeKeylogger)", "value": "4848efeac4f26061def5954349c99836", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688020122, "uuid": "71db7b46-3da2-4257-85ae-9792b7b6dd06", "comment": "Malware payload (SnakeKeylogger)", "value": "eac3a0b63e1c1a6220f59f5b2d013036814e031f1731c6169ef632ee76666698", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688020122, "uuid": "23ace179-b47f-4cdd-b4da-01ec36cfce31", "comment": "Malware payload (SnakeKeylogger)", "value": "aaa76fc627fc804cb3bf18157b30b33908e8cfbd", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688020122, "uuid": "b2df8944-5bef-45d8-8a0c-f403f990114c", "comment": "Malware payload (SnakeKeylogger)", "value": "557119d34ae21b12f8b2e9a67e9957fe83ad666d51d35050b1f9f4847f7c6fee219d540a1b96f7d94fd69a81f20b4474", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688020122, "uuid": "36115d8b-5f89-4bcb-b8ed-e4acab8fa71d", "value": "T15CD4263819BDE727D134C7B58FD18027F364992B3021EAE56DC3A7E54626B112AC363E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1688020122, "uuid": "b9809695-364e-4626-832f-c451cc1c6690", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688020122, "uuid": "3e18ba0a-9cc0-485a-9d70-85afd479ec90", "value": "12288:dVp0K8s6owT7mpMD7rm3afcEld7K/U2FaJou9m287faqUjE:dVp0K8s6owT7JD7i3Kh7MUPtm2Af7UjE", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688020122, "uuid": "c2ef0e9a-cd63-4be6-9554-dd48b8165f23", "value": 643072, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688020122, "uuid": "07ba3882-da46-4e5d-a82a-6d106d5325ca", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688020122, "uuid": "88c4f4bb-2a7e-4648-89e2-8b986a6b7670", "value": "SecuriteInfo.com.Win32.PWSX-gen.13608.12774", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "489d4300-1642-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Mirai)", "timestamp": 1688018443, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688018443, "uuid": "2c5083a9-54b3-44e5-a83a-cf58635f2e2c", "comment": "Malware payload (Mirai)", "value": "dd9999ac55550ed3273196f600e178f2", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688018443, "uuid": "8de7ebae-ab89-4f1f-ac95-9c3510be304d", "comment": "Malware payload (Mirai)", "value": "ee9fc20fbc2b253342a37ea451cc2cd648fed878d28a68cddfcd48b29edec7f9", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688018443, "uuid": "ae39fe60-68b5-4a6f-857b-e37667e45f84", "comment": "Malware payload (Mirai)", "value": "d0a3eaf85cacd7876132e7565b2390a9eab3d60c", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688018443, "uuid": "7222156b-cbb6-406e-af24-eb7286155459", "comment": "Malware payload (Mirai)", "value": "7ca3430b3938ec6150657e7a42e8c78a3842f412ce353a5415651458503fc1a08ff5f4423aaf1257abfa5a783fe249e4", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688018443, "uuid": "654dbece-c262-40bb-a992-d91163a70012", "value": "T107B39CDBF24701A0C8624AF007CB4BED3E2723815F27C5E72C6A657969791CF8906F96", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688018443, "uuid": "78444d81-2e18-4be0-b2f6-07d788e8e386", "value": "1536:Fu27gBY9FSSpj3z5Qxw6YaWWgg1S/LWy:c9sSyzz36YaWWgg1Sq", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688018443, "uuid": "6a6c89e0-6081-4d59-95b2-68f54d8a3a81", "value": 107800, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688018443, "uuid": "d404b286-4bd2-4e46-9d76-5f730d764a96", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688018443, "uuid": "712b4bbc-5037-4ab9-9422-3adcf043518c", "value": "dd9999ac55550ed3273196f600e178f2", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "df9bf258-16cc-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Mirai)", "timestamp": 1688077967, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688077967, "uuid": "29bd3905-e47b-4f1a-875b-f6cc47f21b4d", "comment": "Malware payload (Mirai)", "value": "d4e9b14953d8547e8610519dba25cdcf", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688077967, "uuid": "8bb75d8c-2a7a-4dc3-a8bf-50e732d7fb72", "comment": "Malware payload (Mirai)", "value": "eee4040c7d24c909f5b6add289d3d177fe6acf3d6edf9ec349adbd76c9244b00", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688077967, "uuid": "e7a2e2b4-6ad8-41bd-b007-3039b71770f9", "comment": "Malware payload (Mirai)", "value": "6b81dda42e76b70f8184fa9f97e3cdf58776cb79", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688077967, "uuid": "f644d5d6-9c4e-4a6f-a8c9-d712cdc2894f", "comment": "Malware payload (Mirai)", "value": "d52671bc6346cc9cf9050428f62cd3134e028a79ae76c0af37dbc20c47ceac39aabb793c74e84509a750065d3abbae41", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688077967, "uuid": "9085ef1d-620c-4def-b8b5-d62157e0d153", "value": "T12DC2D0E0B726FD31C4206C7DE52B4D8A3A51067C90FF393664558C398FC169A67E88E9", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688077967, "uuid": "11ce0215-0eaf-497b-bbfb-51e41b0b18ac", "value": "768:JMKyhegCCMqfizjoNpd2vJdX6vwrj+9q3UELuK:OKy4qfqoeJdXWgjjL/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688077967, "uuid": "69ffd462-de47-473e-8b22-b897c65416bc", "value": 27300, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688077967, "uuid": "ce0f9ce6-6c08-43f1-a4ab-d8ea1e0ce082", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688077967, "uuid": "3fcfe41d-7086-4d46-95e4-98f4cb8cceaf", "value": "d4e9b14953d8547e8610519dba25cdcf", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "95fd4e65-166f-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1688037900, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688037900, "uuid": "756e3d9f-ecc7-430f-8208-b83e181797a5", "comment": "Malware payload", "value": "192bf749738f27d488818cea35a70b62", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688037900, "uuid": "dd551be2-4824-4a8f-9490-9a1fc06aa30c", "comment": "Malware payload", "value": "f0803ce9e139543f55ba51a01dfa5974e06f900aee39e84645abbc5b163219df", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688037900, "uuid": "ebaaafde-fc93-4c0a-bb5a-04ddcb223d3b", "comment": "Malware payload", "value": "ccfb810e70288cbcdcfc6fb7e2daca4147f5a5a6", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688037900, "uuid": "25c460f8-1bec-4b8d-9020-217b77590941", "comment": "Malware payload", "value": "68b85d0294f7f6d4595b325bf6bfceeef6e3b44f1678b2fd3470e7eb045ca5bca75939a0a9fd0e250598d22d7ef9ab5f", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688037900, "uuid": "8c578ebb-b854-4d08-b7d7-271ac72fc58a", "value": "T14524AE3331E1C4BBC6A741304ED29FBAF3BEF9204F329A4763945B0D5E31A919627259", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1688037900, "uuid": "9a9b175c-557f-4fcf-8a68-95235f34e8ce", "value": "b65bb655226ef85b64b9b68e5667b089", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688037900, "uuid": "b5877cef-04ed-4341-9ec7-839a64ac2a61", "value": "3072:MD4lyywPwqeTY4XoUL0KK3H04v6VjCAUUoGfqCtdqoZS9:MsIwqezXTL0JCJCBTdo", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688037900, "uuid": "b904f971-c872-453e-b34d-ea84e4ecbdcd", "value": 221184, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688037900, "uuid": "c69516db-5a94-418a-82f3-3302f81ac011", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688037900, "uuid": "e9c6bcd6-4be5-475a-9998-64dc068be4bf", "value": "Rienag.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d10a4ff8-1673-11ee-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1688039717, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688039717, "uuid": "9f81686c-ea66-458f-bdac-712715b746e8", "comment": "Malware payload (AgentTesla)", "value": "b607b2473faa3921a2e7e9e764199825", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688039717, "uuid": "0770bdba-7f3b-4f04-8eec-8541b44fb155", "comment": "Malware payload (AgentTesla)", "value": "f1aa3187eae313163a71e2781c360358484feba1315970d2d73a9edbb4864d63", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688039717, "uuid": "34d9f317-f170-4c89-8b40-74bbdc3b7d2d", "comment": "Malware payload (AgentTesla)", "value": "3c682f1ee029ea97af9c0d4de12a7ae65ec43f0d", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688039717, "uuid": "ae424076-cdff-4b09-b7b6-ab7ff546f9af", "comment": "Malware payload (AgentTesla)", "value": "5b28ff02906b23c09c139a6a46233ed30a22ff2cd753a5d75df84d26192c76bd325840108768f65f175c5da3c393b0b0", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688039717, "uuid": "63c75e4b-6213-4b8b-a37a-dbdab3c0de43", "value": "T127B423D4E52641BAFE24CC866A1259EC3CC32DDE4E9F464CF92C82F79091C4D3785B99", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688039717, "uuid": "9a183347-ae1e-448f-9639-5441682ea9a6", "value": "12288:NPaG7QFdSu5p/JeIVytD/gbyOgjJhZbWZ:NPJ7Q2uVotsrgjJaZ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688039717, "uuid": "6ed5f825-accf-40fe-927f-3ffb78c4e9f7", "value": 524448, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688039717, "uuid": "50d41897-fa6a-4a64-a404-09cd6343d1c6", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688039717, "uuid": "f8ecbfac-6213-4ee5-a4e5-6dd9ead8808b", "value": "SOA#266203.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "20ead8e8-1665-11ee-b3cf-42010a9c0076", "comment": "Malware payload (RedLineStealer)", "timestamp": 1688033409, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688033409, "uuid": "cf02b733-39f2-4e18-a66a-01680c26f859", "comment": "Malware payload (RedLineStealer)", "value": "041cc88cbceb864768d4d0ede0c0f88a", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688033409, "uuid": "b0125f5d-e989-48c3-a655-d9726a44d469", "comment": "Malware payload (RedLineStealer)", "value": "f21c09195ba116e3f43f163fc8132c957d6aba102df96f7822ac9558dd6d279e", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688033409, "uuid": "8d21d563-16a1-4faf-a3ec-ed11f35e9dd9", "comment": "Malware payload (RedLineStealer)", "value": "814193713ef7b93b57e7141d86c7aa38a8999c76", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688033409, "uuid": "add90139-db0f-4d61-91b6-a1bf167688d0", "comment": "Malware payload (RedLineStealer)", "value": "6f74b2bbcfe1076eba47f39e0099e4d1bfa4d18bef10357b6bd2087979f031bf259403dc604f1002bf9de3c2260df209", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688033409, "uuid": "1dcada79-3abd-4154-b58a-8771b54e1635", "value": "T10A946DC3A2A07D5CF5254E729E1EC2E4BA0FF9504F4977AA92189B1F05F11A2C2FF650", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1688033409, "uuid": "6de544a5-19ff-4642-86a6-43d05b9c1844", "value": "dc6e265d7c90a021ccdd169409ae96c6", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688033409, "uuid": "85eff414-0417-4639-8dff-dd3127f6951f", "value": "6144:uDRIz77bNZ2LTDYhDNKUa8r5iZ5EPXx3Y+yUDYeG:uDRy7bNZoYhhKaiZ5YXx31Y", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688033409, "uuid": "52c1c745-2f12-4264-9985-a736fbadc838", "value": 412160, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688033409, "uuid": "6c9f0b0e-99c8-41fd-a830-997a31298f9e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688033409, "uuid": "f75af489-5b26-489d-921d-3ad425dbc951", "value": "041cc88cbceb864768d4d0ede0c0f88a.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bdfe9197-1698-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1688055577, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688055577, "uuid": "ee48a97c-160b-4abd-87b7-2457fd60cd24", "comment": "Malware payload", "value": "dcf6e276a7c50666b846b2d614f74d73", "object_relation": "md5", "Tag": [ { "name": "Jupyter", "colour": "#301341", "exportable": true, "hide_tag": false }, { "name": "Polazert", "colour": "#2F56A4", "exportable": true, "hide_tag": false }, { "name": "solarmarker", "colour": "#1340D1", "exportable": true, "hide_tag": false }, { "name": "YellowCockatoo", "colour": "#C3007C", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688055577, "uuid": "e59ffc28-9b20-4e86-bc4f-ebf2db832806", "comment": "Malware payload", "value": "f295ab4eef3e1e8e84deb66d6ec858529491c75677c2623f0fa9f617be0cdcbe", "object_relation": "sha256", "Tag": [ { "name": "Jupyter", "colour": "#301341", "exportable": true, "hide_tag": false }, { "name": "Polazert", "colour": "#2F56A4", "exportable": true, "hide_tag": false }, { "name": "solarmarker", "colour": "#1340D1", "exportable": true, "hide_tag": false }, { "name": "YellowCockatoo", "colour": "#C3007C", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688055577, "uuid": "48342407-be17-4191-9cc1-ecdc938ccf6f", "comment": "Malware payload", "value": "67887b785196b842b304cb4a82171f90fed569a5", "object_relation": "sha1", "Tag": [ { "name": "Jupyter", "colour": "#301341", "exportable": true, "hide_tag": false }, { "name": "Polazert", "colour": "#2F56A4", "exportable": true, "hide_tag": false }, { "name": "solarmarker", "colour": "#1340D1", "exportable": true, "hide_tag": false }, { "name": "YellowCockatoo", "colour": "#C3007C", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688055577, "uuid": "34e7087c-7a9e-4eee-88c6-c716b8586843", "comment": "Malware payload", "value": "2f5e5790242e10ff2df652cd672c03ed0bb785ab96c9d0f4777e7086633e7e5dc993aa7c9c67379fa0553434b9c3059e", "object_relation": "sha3-384", "Tag": [ { "name": "Jupyter", "colour": "#301341", "exportable": true, "hide_tag": false }, { "name": "Polazert", "colour": "#2F56A4", "exportable": true, "hide_tag": false }, { "name": "solarmarker", "colour": "#1340D1", "exportable": true, "hide_tag": false }, { "name": "YellowCockatoo", "colour": "#C3007C", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688055577, "uuid": "44abb286-5dbe-4e47-b7d0-7b959e2b9fc2", "value": "T18206124995149251723B1DC889E8183ACD8D615BEFDE0E20DBA3C796E7D767CBB32830", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688055577, "uuid": "9e9f893c-7869-4ab1-ac1e-19f87cf2b5f0", "value": "24576:zBa5YQzRwYqHm5uUl9FuewxOL7woyMwuEx22Ndt77ion6kQ8l18L4wZGhwI+XH:zBa5TzRwOueQGEyExTdtKs7lePZcOH", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688055577, "uuid": "7aa645af-a188-46d5-8d78-1b8015bbc98b", "value": 3685192, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688055577, "uuid": "00c77f1d-378b-45e8-bc32-052b3bec6dc3", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688055577, "uuid": "2f0909c5-7fef-42ce-a8e2-f1b26779f74f", "value": "Complete-List-Of-Miracles-In-The-Bible-Pdf.exe.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "28abc299-164b-11ee-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1688022255, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688022255, "uuid": "b6b92533-bb1a-4669-b70a-2b1bce201fc0", "comment": "Malware payload (AgentTesla)", "value": "fdc09ed9bd5f8e7cc6f6cef8c4e39e2c", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FedEx", "colour": "#D1A78F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688022255, "uuid": "9d9f1215-94e5-4403-984f-ec4f957f8c10", "comment": "Malware payload (AgentTesla)", "value": "f2e9ca36e2624fdec3f4e3e10444cb3fffe91420416f2baed57c4ef08e65a58f", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FedEx", "colour": "#D1A78F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688022255, "uuid": "dffa853f-f912-4517-a17d-abb8730fdee1", "comment": "Malware payload (AgentTesla)", "value": "bcef714ae881ac32998b9107d43d0459fbcbe0f1", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FedEx", "colour": "#D1A78F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688022255, "uuid": "b3d97bfe-c9a3-4d74-a6b0-12d4715be9ae", "comment": "Malware payload (AgentTesla)", "value": "aab1a434430924a370f7de741589bc6fde503b773cae2dbcaa6d8a7d74f0d49bee7bf1a7f8c8db13990c661a8594349f", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FedEx", "colour": "#D1A78F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688022255, "uuid": "4e4522b9-b403-4c5e-aef2-215e65631bb4", "value": "T1E0354A3C287D5A6BC078CBF44ED5A023E3A4953F3825EA295CD367D916A2B5214C372F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1688022255, "uuid": "2931788c-582b-4d99-84ff-346e1224de23", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688022255, "uuid": "bd6fa5c3-9cbe-4eef-be6c-1bf216f295c1", "value": "12288:7aAcSRBtUANENI45YbWjE/419KDOhM9YW8ul9NBOzVS3O1r5:uAcS+ANW35SCQ41YDx9oW8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688022255, "uuid": "97fd5458-6f88-4e96-8fc9-5a19eeccdb57", "value": 1083904, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688022255, "uuid": "51ab5407-5e33-477b-8f92-08f9dda1e7d3", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688022255, "uuid": "e4cb38e0-9bc9-4eeb-9cd4-4b23d6c243ba", "value": "FedEx Express SZVA3421.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "db7859ea-166d-11ee-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1688037158, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688037158, "uuid": "d89e1872-a511-404c-a700-ac8d44a8ce34", "comment": "Malware payload (AgentTesla)", "value": "b86223bebcd0e5a77d0e98adcd4fe43e", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688037158, "uuid": "ec369fd0-28bd-4a2a-a45e-c6d8db7ca11d", "comment": "Malware payload (AgentTesla)", "value": "f330743445d0f6bc90791822e9ea94a6a78dcc5428e115b24c74e0fb82556036", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688037158, "uuid": "dd2fcf2f-9958-4284-8af4-6f2d0d5844ab", "comment": "Malware payload (AgentTesla)", "value": "e1d7e492c9f55ab9e0171745989d73e71d8ddaf4", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688037158, "uuid": "1b2eea1e-b24a-4cca-8674-8e9e9ed9c6ae", "comment": "Malware payload (AgentTesla)", "value": "04d7fdd05ae4d6b6aa1b8bffd5dfabfe8b9bcc5d6c13eb61601327e598706005ab7540e840d1d51fa69761b8905ce75c", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688037158, "uuid": "505b2d6a-df41-4dd3-9588-4e8f654c5ae2", "value": "T1E8F433AA50072B7133A04B73409376F831BEBC73FCA25CF9BE65907534BA28D4254A5E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688037158, "uuid": "b5167f3c-96a1-441a-9846-b6dcdb66f432", "value": "12288:AmWWBKzCmcl79KLstw711/ure/c6FPMd2dQAPk8c1wfNF8gps9Zn/PeLCCbso7Hi:AmWWBAbTLstw711/urmv9dzPkJwfNF12", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688037158, "uuid": "cfb87d45-92ee-4804-8bf1-54eb13123bad", "value": 734379, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688037158, "uuid": "240a0aa0-0dc0-4c9b-8534-9fdfae2b4d5d", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688037158, "uuid": "1b65d065-7bdc-4275-bd1f-abba3b6981da", "value": "ATTACHED SOA.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d0c8e74d-1699-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Cobalt Strike)", "timestamp": 1688056038, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688056038, "uuid": "c4e15a40-017b-4902-aac6-8944c43be3a8", "comment": "Malware payload (Cobalt Strike)", "value": "e8041ba87bb945f73436b23e449091f4", "object_relation": "md5", "Tag": [ { "name": "Cobalt Strike", "colour": "#47EF09", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688056038, "uuid": "dc75b173-1b9c-4be4-9a85-c0d658dcff9f", "comment": "Malware payload (Cobalt Strike)", "value": "f5b401be01f2bc168083319bf1d491bc43b06d4022e0c72ed30b80ee5889be9e", "object_relation": "sha256", "Tag": [ { "name": "Cobalt Strike", "colour": "#47EF09", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688056038, "uuid": "c1e8a397-e262-4196-a83d-ddc3aed5218f", "comment": "Malware payload (Cobalt Strike)", "value": "e45ea12903491ea6a2e57fd6c3e14078a74c8ad0", "object_relation": "sha1", "Tag": [ { "name": "Cobalt Strike", "colour": "#47EF09", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688056038, "uuid": "909e0e00-3413-4e06-b650-4a5a3bd25fee", "comment": "Malware payload (Cobalt Strike)", "value": "c992b0d64cd9732db3a513b7b2e8000538afcce5d869d361b8ccc7e80091f06e744a3ddcf3703bd980a96679b4adfc4f", "object_relation": "sha3-384", "Tag": [ { "name": "Cobalt Strike", "colour": "#47EF09", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688056038, "uuid": "0e43ed79-cb42-4e80-b1f7-80ede095d009", "value": "T1F7664B47F85151E8C1EDE230C6269262BA707C890B3067D77B61F7B82F76BD46AB9310", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1688056038, "uuid": "d49aedbd-2bf8-4f83-bfcd-69e9292ec356", "value": "f0ea7b7844bbc5bfa9bb32efdcea957c", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688056038, "uuid": "cef590d4-956f-4ec7-b4be-e22dc76ceb40", "value": "49152:ORH2Q432S+rb/TAvO90d7HjmAFd4A64nsfJnBN6hCCyztE+Ox38rLzyjnxeKT3aC:B32BiMCO5y7TERALOpME", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688056038, "uuid": "79f4b581-204e-4d7d-8ed6-b90fff9abf98", "value": 6755328, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688056038, "uuid": "47ed7dbb-1c40-4e32-ad55-f18d7aaf7273", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688056038, "uuid": "e0751017-3bb6-484b-a289-c814545f642b", "value": "f5b401be01f2bc168083319bf1d491bc43b06d4022e0c72ed30b80ee5889be9e.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "abc68f26-166f-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1688037937, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688037937, "uuid": "67ca2990-1f98-446b-82b6-c8d0b7337bb8", "comment": "Malware payload", "value": "0a68d24d27146ab5b1b19847e27312eb", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688037937, "uuid": "a0667ee0-2ae1-4218-91ab-207c61fe9796", "comment": "Malware payload", "value": "f5dd1e46dd09f40079e9ac033c7946ea5d7a0fbdaf5adb3a333fb10fb2c5a241", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688037937, "uuid": "bfe80985-56e7-4587-9c8e-c790071e1f50", "comment": "Malware payload", "value": "0dfdec7f13a5b8a80d498729cfab1237a5bb3545", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688037937, "uuid": "d170d2ef-1fbd-4b9d-8bd5-e10f4852c0be", "comment": "Malware payload", "value": "23e9093c904629e0d1aef62c111f72794c18c26a78f95f68fd471a662f85338f4cc5fdec515a1ea55ee9fcd55afe622a", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688037937, "uuid": "e3d82d4e-8ea2-4fae-b627-3c99e9f4485f", "value": "T13513D92CA7E465ABE436FF3544F12E6312363D132424AE0F5DB077CA6D342D1F1AAA64", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1688037937, "uuid": "c0f31bc3-e131-4076-978e-b70b7fd460a2", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688037937, "uuid": "af8bd629-b061-4f29-b8d3-ec2496ae05fd", "value": "768:1tjOt/gf3sMaclhdGvSVXloOYGPJndE0UqdBj:XjQE+OYG80zj", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688037937, "uuid": "78657bab-1e83-4632-b34c-bcc372f932a9", "value": 41984, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688037937, "uuid": "fa94e35f-c845-4adf-a495-19d97b08777f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688037937, "uuid": "de75ccd7-4c82-40ce-bf7c-290573f4db1b", "value": "LKY026.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b0133abe-16d0-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Mirai)", "timestamp": 1688079605, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688079605, "uuid": "f9fedc50-711e-4685-8266-ec06ded30a10", "comment": "Malware payload (Mirai)", "value": "08573b989ae678887568613b10a77edb", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688079605, "uuid": "7a336782-656e-4606-b28d-7c27ff4d58fe", "comment": "Malware payload (Mirai)", "value": "f625226646ae15786f85852127ea5724f38a1947ee3d1a7a7a16b9c5c6e348bf", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688079605, "uuid": "0aef2d68-fd91-4d2d-afbb-9623899c00cf", "comment": "Malware payload (Mirai)", "value": "1b16e9b9d67a100c62f4fb04e2c9dccbf9ddca2b", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688079605, "uuid": "916bbad8-25d3-4529-b87a-777070c38ca8", "comment": "Malware payload (Mirai)", "value": "cb5136424aa9db260bd957822c956450966c0c496a0c97bed16230f233fbff387eddbcddd7d161baec84afd65d5fd257", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688079605, "uuid": "74065941-1698-4716-a1d7-d30a28043257", "value": "T1FE530154596DC601C5B068755B2A995C3AAF2FA081BC37EF3202C315EA98E32CF8C5E3", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688079605, "uuid": "887aaf7f-76f9-4311-853b-9d69e2690238", "value": "1536:BeIqfnocUDwSSrDez+0qFRiYhAjkWnPX0CyGR:BeIen5UD3owqFd2RnPkCyGR", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688079605, "uuid": "5aa7f7f1-88d0-404a-9ca1-3fda7109f762", "value": 63304, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688079605, "uuid": "e65497fe-f202-4040-a0c9-37a79ed114be", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688079605, "uuid": "6213b6fc-e17c-417e-9b12-1841221ee791", "value": "arm7", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "50bda1c1-16cf-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Mirai)", "timestamp": 1688079016, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688079016, "uuid": "a708760d-b4ee-4cff-80fb-88b3f9bd6b50", "comment": "Malware payload (Mirai)", "value": "0f0ae67c82ada070a77af43f85eee7d5", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688079016, "uuid": "a4bc4005-2a4b-47b0-93b0-1dc2e75c6847", "comment": "Malware payload (Mirai)", "value": "f6315b5061b882cf15b9f7fd7d4465d24f13ec1f80eddd9790c9a382fff38391", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688079016, "uuid": "2e8b2519-0307-42f7-a35b-92a9878824f9", "comment": "Malware payload (Mirai)", "value": "d9c9589612640e33a6e701c7f8d353df687342eb", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688079016, "uuid": "fc72d33b-ce58-404f-8e6f-c654b2d3acd0", "comment": "Malware payload (Mirai)", "value": "fd55db9dbdd84ea11a15f75b20c57cbd623e8c43541998117dbf4f7bd37ab7a88d52e6ce77a9766d3f46d052ece3651b", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688079016, "uuid": "2496c168-f369-41ca-8baf-048631d1aa38", "value": "T1B3C32B46E6818B13C4D61775B6EF42453323A79593DB73069928AFF43F827AF0E23906", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688079016, "uuid": "daed6b20-29a6-4c52-b7b7-29b68e295b14", "value": "3072:5QK3qOAQqKUUoev+YPaOS6ces+EuNM/9oE:5QK3DjUUoevbCOMz+E4M/9oE", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688079016, "uuid": "8b6da680-8f5a-400a-be83-db0cd3c11363", "value": 120446, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688079016, "uuid": "1c5c7467-888f-4b74-b612-daf1abc39c05", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688079016, "uuid": "41ef45ba-a126-46b2-a3fb-141c9730cac0", "value": "arm7", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e43fda57-16a1-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Amadey)", "timestamp": 1688059506, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688059506, "uuid": "c0d4a109-1097-4a9d-847c-e34d0674bb1e", "comment": "Malware payload (Amadey)", "value": "a02af1ea56d984feed9c8abe01413499", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688059506, "uuid": "1e19a49e-e15e-4c1f-a376-67eae5fc3b6a", "comment": "Malware payload (Amadey)", "value": "f6a76ca204d1011414fe839cf6969aa2d9ecfd6655e75aa1e5e008a712057ee5", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688059506, "uuid": "e3495639-3911-4f94-b281-01a7ba98b950", "comment": "Malware payload (Amadey)", "value": "bd542f9ed6eb6a790fae121de56629093f88e85f", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688059506, "uuid": "2658435a-9485-4f75-a7bd-fada006c9751", "comment": "Malware payload (Amadey)", "value": "0fff4009d7f3496a36274b72c08630c44a54cbe392eb2752a6bb29104eac93742032d7939790ff4d9db7312abf58eaba", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688059506, "uuid": "d908ca04-6efd-449a-af17-342fe79511a4", "value": "T150D41202A7DD8063DCB5177009F707830E3ABCE19CB0876B6A559C8D4D73684A9763BB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1688059506, "uuid": "9203f619-9a3c-4b7d-b1c7-70f33a7fc396", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688059506, "uuid": "40481722-510b-418c-bdd7-e97472143254", "value": "12288:yiuy90fCt7/SJSFEfWc/eUYQ9iARpbtUjV6Rfwb9tb88J6S/M:my2CtuUuec/XiARdA6EvJ/M", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688059506, "uuid": "2dd9e4f8-8afd-4579-a1c6-ab01fa4d6ed9", "value": 609792, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688059506, "uuid": "b85ca0ae-b1af-4b68-9af0-12cd8210a54e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688059506, "uuid": "9de75bf6-a99c-46f4-bb5b-0ee29c3ed6be", "value": "a02af1ea56d984feed9c8abe01413499.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1c95de70-164a-11ee-b3cf-42010a9c0076", "comment": "Malware payload (AgentTesla)", "timestamp": 1688021805, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688021805, "uuid": "caa76566-2d66-4959-b623-762dfbcd33ca", "comment": "Malware payload (AgentTesla)", "value": "02ce2f75b354862cece5f6d5d9ab3966", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688021805, "uuid": "d4f495eb-d1e0-4a5c-ace7-d65d0a8d1596", "comment": "Malware payload (AgentTesla)", "value": "f76aebb1cb272e660a3613ce28c461e20941f3a2d78fbd4a6cf049bf249a48fe", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688021805, "uuid": "b0523ecc-df0b-4d1a-9e19-a4ce9b25c255", "comment": "Malware payload (AgentTesla)", "value": "a97bd2a1932c89b84ae644b93465f3d7faa3fe41", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688021805, "uuid": "9cc90286-2457-4952-ba76-d7034749b644", "comment": "Malware payload (AgentTesla)", "value": "fff26ed4ffaa3b9f721d7fdbea9ba911ba700f6217bd5c00f2a97959be231c325b05a5f61ccc35a63b486f3333d562e4", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688021805, "uuid": "e463979b-e7bf-4a6f-8da9-aa44c3a30aa0", "value": "T17AC4693C1CBE2A37C035EAA98FE58463F550D43F3921993268D787958746EA325C723E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1688021805, "uuid": "b7fbbfd9-b56f-4186-bd6b-3766570b45da", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688021805, "uuid": "0c62e993-43a9-4fcd-9205-2809382c6bec", "value": "12288:Hey8rcMib0Q8HOqzqH+eiGykGP7mcaY2A3X4ogWcA6Pxpw:+y8oH0Q8UiGykGP7mcahIooyl", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688021805, "uuid": "8bf8244c-1004-4ff9-9d17-2e0c73f70780", "value": 587776, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688021805, "uuid": "758fdf1c-e4f5-48a8-bfda-aab9dc6acbec", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688021805, "uuid": "edfce0b9-fdbb-4b82-b76d-7b886be92700", "value": "InvoicePO1541973.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c59ba3f0-167e-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Stop)", "timestamp": 1688044423, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688044423, "uuid": "7b663457-3b86-4bf9-b409-b4fc8761fcf5", "comment": "Malware payload (Stop)", "value": "4a3ac71dc3ff94f768e4e35682d2810c", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688044423, "uuid": "588ce1e9-e303-414d-9360-dbdd94df6541", "comment": "Malware payload (Stop)", "value": "f8b7e458ff5108430df60cc5b9fa4dc44d083a1331b4a4ee2f7f1703e6a6c5bc", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688044423, "uuid": "84351872-04fe-4d29-84d2-3a91d0ebab8c", "comment": "Malware payload (Stop)", "value": "587b6e16c46f7420c59d77c5f1cc0c8932df5038", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688044423, "uuid": "42647877-6efb-404c-aac5-da8e731c945b", "comment": "Malware payload (Stop)", "value": "3ba091245472178f81e76a4b895590a4885cd18ef56ab33a420e49513d0359e7d67e34bb0281543bc18a4d93efde9c31", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stop", "colour": "#A68AE8", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688044423, "uuid": "b0efb96b-cf9b-4b86-96ca-2352a84dbeb6", "value": "T15D05E1D3B2A07C6DE5254E329E2EC6E43E1FBD504E18675BE2186B1F08B11E2D5FE211", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1688044423, "uuid": "fe847ac4-841d-4c2a-9bc9-015b1137ddef", "value": "4ef5c5864141626e44cf96ed52dc90ca", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688044423, "uuid": "0d5c8efc-5e05-474c-93f7-188a9a979158", "value": "12288:VhK/iDDLZMWgPc/MN2V3gPjFtK9Ek8aZ39ZaTpHIItqYmS/f58WZY5:VhKaDL2LyMI3gPjFj7aHcTxIIM5DY", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688044423, "uuid": "3eb5c255-89e9-4f02-8f95-6ff7688c4787", "value": 805888, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688044423, "uuid": "53536da5-96d9-440e-9072-1eb01c9baae6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688044423, "uuid": "8a4e3a66-4b2d-46cd-ba16-a1ce979d535e", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "81c450e7-16cc-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Fabookie)", "timestamp": 1688077810, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688077810, "uuid": "01d5c231-954b-44b5-96a7-2ba1b40e5aac", "comment": "Malware payload (Fabookie)", "value": "622e7c9379b9c65e8ac368606586fbec", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Fabookie", "colour": "#289638", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688077810, "uuid": "34de0e1f-78f9-49a0-82f2-cc82f90c0137", "comment": "Malware payload (Fabookie)", "value": "f900e717aa84a7397801b61ce24cc31ddce62cf70e0080279f3bcd7072d8b4dc", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Fabookie", "colour": "#289638", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688077810, "uuid": "1aed2254-89e2-4342-87d7-da9e2f31350b", "comment": "Malware payload (Fabookie)", "value": "ba797a477f12cecae06f670a4a86dd9fa06af603", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Fabookie", "colour": "#289638", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688077810, "uuid": "14c8b386-4963-44e0-a42a-8e2dc7f26942", "comment": "Malware payload (Fabookie)", "value": "ea928798cbb793f1f06cddb43ea08ea576cabdcd3d3c686cb681076f5cd666b43fe843f6ffa304a88094c5a7f1587583", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Fabookie", "colour": "#289638", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688077810, "uuid": "3bfedec3-691c-463e-a053-f6a89d7aa2f6", "value": "T1C3544C13629C7F61D5E54A3E9E3EF1EC761DBA108F1977AA12389A2F05B12E3C172710", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1688077810, "uuid": "d2e562fb-ed32-4671-a99a-bd479b152acd", "value": "0a5db6363a2820d393575c77f8ba89bb", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688077810, "uuid": "ddf0a314-72dd-49b4-81d2-bc1d53310ae8", "value": "3072:Q7GT1GL5czv9EStOhMoy/KLV7YsL7Q3fyKS4i70aXZryLu1:/TQBStOhMoCQYD9SR1wL", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688077810, "uuid": "3661eca9-e099-490c-9362-71873a20cc9f", "value": 280576, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688077810, "uuid": "bc768f65-79f8-462f-995d-6b92046fbd88", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688077810, "uuid": "84f14f73-4451-44ba-b82f-4eaee286eddd", "value": "622e7c9379b9c65e8ac368606586fbec.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7e997790-167d-11ee-b3cf-42010a9c0076", "comment": "Malware payload (DCRat)", "timestamp": 1688043874, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688043874, "uuid": "b90bb0bf-cf7b-4ce1-b82d-973fcd16875b", "comment": "Malware payload (DCRat)", "value": "3f5ad3bcea88409a33bc716204221af1", "object_relation": "md5", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688043874, "uuid": "38cf6f40-ac09-4819-8231-709d955e0735", "comment": "Malware payload (DCRat)", "value": "fb14dc247733fad88f79fa0dbdaaae0315f616386b3395b9900e2d087233bf84", "object_relation": "sha256", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688043874, "uuid": "51212f35-936d-4b25-9892-ea9183e86b76", "comment": "Malware payload (DCRat)", "value": "b7b40d9d18009f6483dc1d4d6e96b308494df516", "object_relation": "sha1", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688043874, "uuid": "a006de7b-9ae0-4089-b21b-f594419e9fbb", "comment": "Malware payload (DCRat)", "value": "d680bc3d8cede417c7e04a12bb136cd8226ff758444482e3728cfbf9092007dd0e6c6deaee982fa312e8de72e336b0d0", "object_relation": "sha3-384", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688043874, "uuid": "533fb28b-c0b4-435e-b022-767d1b3d7a01", "value": "T1DA235C403798C136E6FD4BB4ACF292448775D66B2E03DB596CC811AA2B13FC596036FE", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1688043874, "uuid": "46904970-7960-4d2d-9648-095f6e227802", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688043874, "uuid": "5582eacf-e694-4f96-93d1-96ac405531d9", "value": "768:BOEuILWCKi+DiPYPfDOBLe0wbijyqYbZgercWGowvEgK/JrZVc6KN:BOtmAPfILdyZb2sNwnkJrZVclN", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688043874, "uuid": "1d357a5e-0dfd-40ba-9cf1-08635b310f86", "value": 48640, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688043874, "uuid": "3014a012-c0bf-41eb-945f-ee912869d0e6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688043874, "uuid": "1bd04b46-c613-480a-a22c-1c49c29ea614", "value": "decode_ad06b7c686e29ef34a949266e341954bfe3a06be71023a3892fa2ae6d34fa7cd", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0f31621e-1673-11ee-b3cf-42010a9c0076", "comment": "Malware payload (Formbook)", "timestamp": 1688039392, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688039392, "uuid": "d43bc8b2-f6e7-4416-a6a7-adfccd55a91e", "comment": "Malware payload (Formbook)", "value": "1ad043cd1961bd25e3d66d0436669885", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688039392, "uuid": "212b9b95-2816-4698-aa88-fad62e785062", "comment": "Malware payload (Formbook)", "value": "fbbad7f1ea80336f2d11ec3df5d547fedcca56d3def4eb369f605122b02f3f34", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688039392, "uuid": "44ba450b-8637-486e-a2c7-7d867394152a", "comment": "Malware payload (Formbook)", "value": "9e103abddcf16b33339fd78967956eda91dc486d", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688039392, "uuid": "dfc0b6fa-098d-447f-afa3-120021bdd816", "comment": "Malware payload (Formbook)", "value": "3e224026de365b9e7d4d2dfc08fc1420b847e7c95f749ba13cdbc327c6a4e5bedd4859f0e1d193aac5a5b3c808577bdb", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688039392, "uuid": "cc79e29e-148b-40a9-a5b3-fb9c548d0fc8", "value": "T1C142F9189EAC0527F8B707B85A6253C00B3EBF77B253EB2F6ECD7159285225419523B3", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688039392, "uuid": "843e2751-7e32-4b8a-a0ec-428f0d0fdfc0", "value": "192:9ZqwFkb7H0rKTW2eOdAZTza3kepns6XB5V87W1tfZGD4fJdq6myRRW35DjNS1a:3UTcOdYTd6XBSsRGDPHBHN/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688039392, "uuid": "21cc5e31-fe7e-4d09-be74-4460f614985c", "value": 12800, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688039392, "uuid": "ad9791c3-71cc-42e7-9a7c-77add2baead5", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688039392, "uuid": "817fbae6-52e9-4095-bd28-fd1ef023fc91", "value": "DOC08910120230628102641.EXE", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9a31c4f0-166f-11ee-b3cf-42010a9c0076", "comment": "Malware payload", "timestamp": 1688037907, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1688037907, "uuid": "e8eb98cb-1876-4216-89b1-238e5293397a", "comment": "Malware payload", "value": "481ba04be64ee8662045cdd7c94425ba", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1688037907, "uuid": "47294e00-c15b-492b-a8c4-ce61cb5e06dd", "comment": "Malware payload", "value": "fbbcb9a91f2ae0abd9ee33140d30b1bf0607e5e29b4f7a156d297a2486965801", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1688037907, "uuid": "3c97f81f-eacc-4da0-b492-9b06e3a4fe1d", "comment": "Malware payload", "value": "98c20e7588b684b9e876a5db4a5807cf29cfa46a", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1688037907, "uuid": "b732ad53-e520-4cdd-9c1b-06f793ab9fea", "comment": "Malware payload", "value": "3f7b87e7834ff31b7fb3617beabbd6f1fc4995ba5fedb8e2c7f5805332e519bc20f1a750e0264f6af297ede24fd365be", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1688037907, "uuid": "afad5006-ec23-47d0-86ec-d60eea92d89c", "value": "T150249E2331E0C4BBD2A741308ED19FBEF7BAFA104F729A0763D44B1D5E319919627269", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1688037907, "uuid": "e63710cc-77b5-44a6-9fbe-9e8cdf0716e0", "value": "1a74f7d91507bed2e4e01024984b1017", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1688037907, "uuid": "d4238617-57ca-413f-9107-676f7884ea17", "value": "3072:jYTilnFqCfzcV8uUfUiFXhUHZ6JYeuKyY0tpqSwu/:M4FqCIV8pfUBBe5B5Sw", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1688037907, "uuid": "dde5b842-7583-4fc4-8bdd-acead68f1896", "value": 225280, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1688037907, "uuid": "e2722ea3-fb5a-417b-b155-877103f6bdec", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1688037907, "uuid": "f1633e6f-8c3d-49bc-a61a-d719c548e7c5", "value": "rjmntrgbfr.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" } ] } }